Bösartiger Code in Datei C:\Windows\Temp\WAX3AC2.tmp gefunden Infektion:Gen:Trojan.Heur.FU.UuZ@aCpc0Se

hzmo · 26.06.2016, 09:05

Hallo

Wie im Titel geschrieben bekomme ich von 10 PC Starts ca. in 8 Fällen diese Meldung von meinem Anti Virusprogramm "F-Secure 2016" in einem Fesnter gemeldet.

Die Meldung lautet:
Bösartiger Code in Datei C:\Windows\Temp\WAX3AC2.tmp gefunden
Infektion:Gen:Trojan.Heur.FU.UuZ@aCpc0Se

Das Virusprogramm meldet auch, dass der Eindringling gelöscht worden sei.

An meinem PC habe ich bis jetzt keine Veränderungen festgestellt, d.h. nach der Meldung läuft der PC wie immer.

Bin mir aber da natürlich nicht ganz sicher.

cosinus · 26.06.2016, 14:05

Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!

Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

hzmo · 27.06.2016, 06:48

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 26-06-2016 02
durchgeführt von Heinz (2016-06-27 07:37:37)
Gestartet von C:\Users\Heinz\Downloads
Windows 8.1 Pro (Update) (X64) (2013-11-19 09:24:02)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3496421778-4022263089-3498141264-500 - Administrator - Disabled)
Dennis (S-1-5-21-3496421778-4022263089-3498141264-1008 - Limited - Enabled) => C:\Users\Dennis
Gast (S-1-5-21-3496421778-4022263089-3498141264-501 - Limited - Disabled)
Heinz (S-1-5-21-3496421778-4022263089-3498141264-1002 - Administrator - Enabled) => C:\Users\Heinz
HomeGroupUser$ (S-1-5-21-3496421778-4022263089-3498141264-1006 - Limited - Enabled)
_ashbackup_ (S-1-5-21-3496421778-4022263089-3498141264-1010 - Administrator - Enabled) => C:\Users\_ashbackup_

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Antivirus (Enabled - Up to date) {0F70A6C4-76E4-6A3B-2695-519F428B1C20}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Antivirus (Enabled - Up to date) {B4114720-50DE-65B5-1C25-6AED390C569D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 26-06-2016 02
durchgeführt von Heinz (2016-06-27 07:37:37)
Gestartet von C:\Users\Heinz\Downloads
Windows 8.1 Pro (Update) (X64) (2013-11-19 09:24:02)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3496421778-4022263089-3498141264-500 - Administrator - Disabled)
Dennis (S-1-5-21-3496421778-4022263089-3498141264-1008 - Limited - Enabled) => C:\Users\Dennis
Gast (S-1-5-21-3496421778-4022263089-3498141264-501 - Limited - Disabled)
Heinz (S-1-5-21-3496421778-4022263089-3498141264-1002 - Administrator - Enabled) => C:\Users\Heinz
HomeGroupUser$ (S-1-5-21-3496421778-4022263089-3498141264-1006 - Limited - Enabled)
_ashbackup_ (S-1-5-21-3496421778-4022263089-3498141264-1010 - Administrator - Enabled) => C:\Users\_ashbackup_

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Antivirus (Enabled - Up to date) {0F70A6C4-76E4-6A3B-2695-519F428B1C20}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Antivirus (Enabled - Up to date) {B4114720-50DE-65B5-1C25-6AED390C569D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Amazon Cloud Drive (HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Amazon Cloud Drive) (Version: 3.4.0.36 - Amazon.com, Inc.)
Amazon Music (HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Amazon Amazon Music) (Version: 4.2.0.1281 - Amazon Services LLC)
Anno 2205 (HKLM-x32\...\Uplay Install 1253) (Version:  - Ubisoft)
Any Video Converter Professional 5.8.4 (HKLM-x32\...\Any Video Converter Professional_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (32-Bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Ashampoo Backup 2016 (HKLM\...\{FDAE1FAD-57F8-6DCD-940E-885B7FB1CE43}_is1) (Version: 10.01 - Ashampoo GmbH & Co. KG)
Ashampoo Burning Studio 2015 (HKLM-x32\...\{91B33C97-21E3-DF34-9630-2EE80DDE1648}_is1) (Version: 1.15.3 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Commander 14 (HKLM-x32\...\{C92AB6F1-616B-A905-B3D2-3B7C238851DC}_is1) (Version: 14.0.5 - Ashampoo GmbH & Co. KG)
Ashampoo UnInstaller 6 (HKLM-x32\...\{4209F371-7DE5-9DF2-5DEF-91667EBBBBC5}_is1) (Version: 6.00.14 - Ashampoo GmbH & Co. KG)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 2.0.4.0000 - Asmedia Technology)
AudioCon (HKLM-x32\...\AudioCon) (Version: 1.0 - Basement Softworks)
Bing Bar (HKLM-x32\...\{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}) (Version: 7.1.361.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.76.0.2015 - Georgy Berdyshev)
cnlabSpeedTest (HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\{fxApplication}}_is1) (Version: 1.3.0 - cnlab AG)
Computer Security 14.139.100.0 (release) (x32 Version: 14.139.100.0 - F-Secure Corporation) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DriveClone 10 (HKLM-x32\...\{A1290B93-AB90-408C-A456-9AF508E7E345}) (Version: 10.0.0 - FarStone Technology Inc.)
EasyTax 2014 BL 1.1 (HKLM-x32\...\3597-1189-7869-6330) (Version: 1.1 - HWI Solutions AG)
EasyTax 2015 BL 1.0 (HKLM-x32\...\6608-8277-7051-6704) (Version: 1.0 - HWI Solutions AG)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Far Cry (OEM) (HKLM-x32\...\InstallShield_{F400BA3B-B134-4701-8536-68A99CD44F5A}) (Version: 1.00.0000 - Ihr Firmenname)
Far Cry (OEM) (x32 Version: 1.00.0000 - Ihr Firmenname) Hidden
Far Cry 3 Blood Dragon (HKLM-x32\...\{A071F478-73E0-4143-AE55-4DD6BABD74F5}) (Version: 1.00 - Ubisoft)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
F-Secure (HKLM-x32\...\F-Secure ServiceEnabler 666) (Version: 2.39.273.0 - F-Secure Corporation)
F-Secure (x32 Version: 2.39.273.0 - F-Secure Corporation) Hidden
F-Secure CCF Reputation (x32 Version: 2.0.1337.0 - F-Secure) Hidden
F-Secure CCF Scanning 1.66.103.568 (release) (x32 Version: 1.66.103.568 - F-Secure Corporation) Hidden
F-Secure Network CCF 1.03.139 (x32 Version: 1.03.139 - F-Secure Corporation) Hidden
F-Secure SafeSearch 1.05.143.0 (release) (x32 Version: 1.05.143.0 - F-Secure Corporation) Hidden
Galeria de Fotografias (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 2.6.5.77 - SurfRight B.V.)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 6700 - Grundlegende Software für das Gerät (HKLM\...\{9086D601-50B7-491D-A143-28193DADE36B}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6700 Hilfe (HKLM-x32\...\{50DA41E2-0701-43E2-A8BB-FAA0CB64B28B}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6700 Hilfe (HKLM-x32\...\{E1AE0CB7-1333-4728-8520-CB3F88A252B4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.2.8.25 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{8F1A441E-AD6D-4732-BD6A-F38D5F1D1E47}) (Version: 12.4.18.7 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{ADFDB647-35C0-4254-9EE6-2D9C3B7104BD}) (Version: 5.2.1.69 - Apple Inc.)
ifolor Designer (HKLM-x32\...\ifolor-Designer) (Version:  - Ifolor AG)
Intel(R) Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1168 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.10.1550 - Intel Corporation)
Intel(R) Network Connections 19.0.27.0 (HKLM\...\PROSetDX) (Version: 19.0.27.0 - Intel)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.0.1066 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Logitech Gaming Software 8.46 (HKLM\...\Logitech Gaming Software) (Version: 8.46.27 - Logitech Inc.)
Logitech SetPoint 6.52 (HKLM\...\sp6) (Version: 6.52.74 - Logitech)
MAGIX Content und Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Foto Designer 7 (HKLM-x32\...\MAGIX_{2DCD52EE-1AE1-4128-9819-A79F7D09B6B3}) (Version: 7.0.1.1 - MAGIX AG)
MAGIX Goya burnR (MSI) (HKLM-x32\...\MX.{EC410BDA-E943-453F-ABF5-DDEDA1D12D3B}) (Version: 4.3.2.0 - MAGIX Software GmbH)
MAGIX Goya burnR (MSI) (Version: 4.3.2.0 - MAGIX Software GmbH) Hidden
MAGIX MP3 deluxe MX Download-Version (HKLM-x32\...\MX.{CFC811BB-5AC4-4F00-A88B-6DED596C2B36}) (Version: 18.0.3.115 - MAGIX Software GmbH)
MAGIX MP3 deluxe MX Download-Version (Version: 18.0.3.115 - MAGIX Software GmbH) Hidden
MAGIX Music Maker 2015 Movie Score Edition Update (Version: 21.0.4.50 - MAGIX Software GmbH) Hidden
MAGIX Music Maker Movie Score Edition (HKLM-x32\...\MX.{692A8B82-1189-4DBF-B4C4-A285F4970E20}) (Version: 21.0.3.47 - MAGIX Software GmbH)
MAGIX Music Maker Movie Score Edition (Version: 21.0.3.47 - MAGIX Software GmbH) Hidden
MAGIX Music Maker Movie Score Edition Soundpools (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Screenshare (HKLM-x32\...\{4696FD4A-A0DF-4F84-BC9D-12D73E1D95D3}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Slideshow Maker 2 (HKLM-x32\...\MAGIX_{48897B17-3DD2-4BAA-A81D-4E4EA8E9FD51}) (Version: 2.0.1.9 - MAGIX AG)
MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{B6B4D918-A667-48D2-9AB6-FAF34FB25223}) (Version: 7.0.2.6 - MAGIX Software GmbH)
MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{FBE6F998-E9A0-4A15-974B-6592DCEEE7AC}) (Version: 7.0.2.6 - MAGIX Software GmbH)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2014 Premium (HKLM-x32\...\MX.{FBCA50BE-C022-45DA-9261-10230EC1012E}) (Version: 13.0.0.30 - MAGIX AG)
MAGIX Video deluxe 2014 Premium (NewBlueFX ColorFast) (HKLM-x32\...\MX.{D9D24F5F-1E36-48BE-9419-CF97B34AB063}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 2014 Premium (proDAD Heroglyph 4.0) (HKLM-x32\...\MX.{CFD52E6D-2AF5-495C-87E3-4D243FE202E7}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 2014 Premium (Version: 13.0.0.30 - MAGIX AG) Hidden
MAGIX Video deluxe 2015 Premium (HKLM\...\MX.{EAC79752-A0A4-45DB-9F99-9F6445920F77}) (Version: 14.0.0.140 - MAGIX Software GmbH)
MAGIX Video deluxe 2015 Premium (Version: 14.0.0.140 - MAGIX Software GmbH) Hidden
MAGIX Video easy TERRATEC Edition (HKLM-x32\...\MAGIX_{2FA06473-23F0-4372-8DD5-1EAE42503D93}) (Version: 3.0.1.50 - MAGIX AG)
MAGIX Video easy TERRATEC Edition (Version: 3.0.1.50 - MAGIX AG) Hidden
MAGIX Video Pro X7 (Designelemente) (HKLM\...\MX.{10FF2952-0E0E-48B3-A536-BB112AF2CB51}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video Pro X7 (Designelemente) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video Pro X7 (Filmvorlagen) (HKLM\...\MX.{515110FD-B44B-460B-AC42-63EBF05B6082}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video Pro X7 (Filmvorlagen) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video Pro X7 (Fotoshow Maker-Stile) (HKLM\...\MX.{AD8221A0-591D-4CBE-AA2A-FE0B705D148B}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video Pro X7 (Fotoshow Maker-Stile) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video Pro X7 (HKLM\...\MX.{317B58FE-6117-4601-913A-9BA64BCA6535}) (Version: 14.0.0.96 - MAGIX Software GmbH)
MAGIX Video Pro X7 (Individuelle Menüvorlagen) (HKLM\...\MX.{B174182A-7D02-4D1D-9AAE-F210FAF0692D}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video Pro X7 (Individuelle Menüvorlagen) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video Pro X7 (Menüvorlagen) (HKLM\...\MX.{585CA335-503C-4237-A4B2-F25F58A83D98}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video Pro X7 (Menüvorlagen) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video Pro X7 (proDAD Mercalli V4) (HKLM\...\MX.{5941BA8B-E170-4F1F-B42F-90F49E1C07F7}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video Pro X7 (proDAD Mercalli V4) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video Pro X7 (Soundtrack Maker-Stile) (HKLM\...\MX.{7B739F29-AB56-4898-92F7-F62816308A19}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video Pro X7 (Soundtrack Maker-Stile) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video Pro X7 (Titeleffekte) (HKLM\...\MX.{7384156B-EA84-4910-B4E1-611A83CF1B6E}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video Pro X7 (Titeleffekte) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video Pro X7 (Überblendeffekte) (HKLM\...\MX.{FACEE989-3F19-486A-AD92-D905EF0B790A}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video Pro X7 (Überblendeffekte) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video Pro X7 (Version: 14.0.0.96 - MAGIX Software GmbH) Hidden
MAGIX Video Pro X7 (Video deluxe - Designelemente) (HKLM\...\MX.{0F8A6506-BF6B-4876-9A75-B42628EC8A21}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video Pro X7 (Video deluxe - Designelemente) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video Pro X7 (Video deluxe - Fotoshow Maker-Stile) (HKLM\...\MX.{77E73225-F4FA-45EB-8A6E-63C956600BE2}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video Pro X7 (Video deluxe - Fotoshow Maker-Stile) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video Pro X7 (Video deluxe - Individuelle Menüvorlagen) (HKLM\...\MX.{76F5F102-A3E4-4A75-B692-5C98397B213E}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video Pro X7 (Video deluxe - Individuelle Menüvorlagen) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video Pro X7 (Video deluxe - Menüvorlagen) (HKLM\...\MX.{F8204A38-51E3-4C1C-A3F1-859D31ADC303}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video Pro X7 (Video deluxe - Menüvorlagen) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video Pro X7 (Video deluxe - Titeleffekte) (HKLM\...\MX.{C3D96884-356D-4CEE-B2EB-79D91DBC7BB5}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video Pro X7 (Video deluxe - Titeleffekte) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX VPX7 Update (Version: 14.0.0.143 - MAGIX Software GmbH) Hidden
MAGIX VPX7 Update (Version: 14.0.0.144 - MAGIX Software GmbH) Hidden
MAGIX VPX7 Update (Version: 14.0.0.145 - MAGIX Software GmbH) Hidden
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{8EC9E7BB-2443-49B1-8476-490EBF932C2E}) (Version: 4.25.512.0 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4505.1006 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\OneDriveSetup.exe) (Version: 17.3.6390.0509 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{E4A1FDA3-689D-44DA-9B39-86BD2270F522}) (Version: 11.2.5058.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{99AC7F47-A4E0-4706-9C65-8948775C2652}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Motion Graphics Toolkit for Studio (HKLM-x32\...\InstallShield_{178D71F4-DFB1-40EC-9D95-326FD8A3E7A0}) (Version: 1.00.0000 - Red Giant)
Motion Graphics Toolkit for Studio (x32 Version: 1.00.0000 - Red Giant) Hidden
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 47.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 de)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
Mozilla Thunderbird 45.1.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.1.1 (x86 de)) (Version: 45.1.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NewBlue Titler EX for MAGIX (HKLM-x32\...\NewBlue Titler EX for MAGIX) (Version: 1.0 - NewBlue)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.5 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 361.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 361.75 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.9.1.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.9.1.22 - NVIDIA Corporation)
NVIDIA Grafiktreiber 361.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.75 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA Miracast Virtueller Ton 361.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 361.75 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4505.1006 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4505.1006 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4505.1006 - Microsoft Corporation) Hidden
Online Safety 2.139.3446.2391 (x32 Version: 2.139.3446.2391 - F-Secure Corporation) Hidden
Opera Stable 25.0.1614.68 (HKLM-x32\...\Opera 25.0.1614.68) (Version: 25.0.1614.68 - Opera Software ASA)
Origin (HKLM-x32\...\Origin) (Version: 9.5.20.5318 - Electronic Arts, Inc.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.248 - Google, Inc.)
proDAD Mercalli NLE 4.0 (64bit) (HKLM\...\proDAD-MercalliPlugins-4.0) (Version: 4.0.446.1 - proDAD GmbH)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
RAPID Mode (Version: 1.0.1.81 - Samsung Electronics Co., Ltd.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6699 - Realtek Semiconductor Corp.)
RoboForm 7-9-18-5 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-18-5 - Siber Systems)
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.7 - Samsung)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
SHIELD Streaming (Version: 4.1.0260 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.9.1.22 - NVIDIA Corporation) Hidden
SoulseekQt (HKLM-x32\...\SoulseekQt) (Version:  - )
South Park™: The Stick of Truth™ (HKLM-x32\...\Steam App 213670) (Version:  - Obsidian Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Studie zur Verbesserung von HP Officejet 6700 Produkten (HKLM\...\{4EE2A4CB-47B0-4412-808C-D556E3940598}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
SuperEasy Video Converter 3 v.3.0.4355 (HKLM-x32\...\{039BC111-1514-CA51-10AA-5A3FFD6FC015}_is1) (Version: 3.0.4355 - SuperEasy Software GmbH & Co. KG)
System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
Tastaturschreiben (HKLM-x32\...\Tastaturschreiben) (Version:  - )
TERRATEC GRABBY (64 Bit) (HKLM-x32\...\{17CC47BB-ADA7-4EB3-B3D0-FFE461E0CEBE}) (Version: 5.201.1823.0 - TERRATEC)
TERRATEC GRABBY (HKLM-x32\...\{BD1F3804-4AB5-42A7-AF41-EACDB3498E21}) (Version: 5.201.1823.0 - )
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TreeSize Free V3.4.5 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.4.5 - JAM Software)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.353 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.353 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.353 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.4000.245 - TuneUp Software) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 2.1 - Ubisoft)
VideoCompressor (HKLM-x32\...\VideoCompressor_is1) (Version: 1.1 - Abelssoft)
Vita Soundtrack Percussion (Version: 2.4.0.78 - MAGIX Software GmbH) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows-Treiberpaket - TERRATEC  (USB28xxBGA) Media  (05/16/2013 5.2011.823.0) (HKLM\...\2752F9F448205AF04D07DBF6BD4573D7F4AC1CC6) (Version: 05/16/2013 5.2011.823.0 - TERRATEC )

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-3496421778-4022263089-3498141264-1002_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Heinz\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-3496421778-4022263089-3498141264-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Heinz\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {040985C7-8EB9-44E3-9FC3-8201DCC45C00} - System32\Tasks\HPCustParticipation HP Officejet 6700 => C:\Program Files\HP\HP Officejet 6700\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {14D8BEF3-3A78-40F5-A0C5-BF08440437B8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {176D0E19-18C8-44BF-AD70-21B15311EAD0} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {185E08BA-D66D-4044-B7BF-C7AFB07B45E0} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2015-06-25] (TuneUp Software)
Task: {19906C00-7BB0-4697-85F0-A5241156DDE0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {1B858D32-47AF-4346-9A48-FC707A8CAD02} - System32\Tasks\HP AR Program Upload - 71d09557f49845c4819c1f1125bced9aa9e9282175a340ca9707e67305f5d30e => C:\Program Files\HP\HP Officejet 6700\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {2B884A2F-14B7-45E2-BC89-BA5840D3BFE1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-05-04] (Hewlett-Packard)
Task: {2FF8340B-257F-4E57-A7A6-6A9754DC86A6} - System32\Tasks\Microsoft Office 15 Sync Maintenance for HZMOPC-Heinz hzmopc => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2013-05-30] (Microsoft Corporation)
Task: {3237D990-8D9E-45AC-AE68-FBB24571FE7C} - System32\Tasks\HPCeeScheduleForHeinz => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {3980ECEB-51CB-4337-93DA-07CA9A739F8D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {461E85AD-5314-4F98-AFDB-2617E0CA0110} - System32\Tasks\Microsoft\Office\Office First Run Task => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-04-19] (Microsoft Corporation)
Task: {555A9D48-E102-44E3-A4DA-D0E2A99420BC} - System32\Tasks\StPrsSW => C:\Users\Heinz\AppData\Roaming\StPrsSW\stprss.exe [2015-02-02] ()
Task: {5B242F86-2A0B-4F87-8166-29A3BFDAC914} - System32\Tasks\HP AR Program Upload - 39a8f325ba564aa490f517569e8e2227c54af47f02b24205963f347921dcee77 => C:\Program Files\HP\HP Officejet 6700\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {62BD0FFC-57AD-4881-9230-0D03346E94E2} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2016-04-22] (Apple Inc.)
Task: {69BE4B4A-C7D8-4120-9C0E-CDEF1E2688A4} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMNJPMMJPMLJJJNMNMCNJJJJMJGMCNLMGMKMJMCNHMMMGMLJCNJMJMLJNMJMLJJJOJNJKJMMLMJNJICMIMCNGMCNOMHMFMOMOMCNPMCNGMJMPMPMFMJMCNMMCNGMJMPMPMCNNMJNPICMOMFMEKMICNJJCKFMOMPMKMOMJNHICMMJBJKJLIMJJNBJCMHLKJGJBJFIPNCLAJMIKJNIJNKJCMJNNICMJNDJCM (Der Dateneintrag hat 59 mehr Zeichen).
Task: {84CEF426-1F77-48C1-B319-BDB78082B9B4} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-02-10] (Oracle Corporation)
Task: {8A6AEB72-3826-458C-8EFD-F1372C0FC34D} - System32\Tasks\HP AR Program Upload - 29ebc60cbff34f7dae210c0b8ee10017bbfcfeb19eb04dad925d15bd34f4e261 => C:\Program Files\HP\HP Officejet 6700\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {9114F1E6-E63B-4D88-8900-94B5068570D1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {996AB060-FB71-4ED2-B0D2-80B61DFB5DF5} - System32\Tasks\HP AR Program Upload - ff17f8f96ae04645b5eec2676c8d0cdd6aca98bc86aa4d3f8ff481017bb2c28f => C:\Program Files\HP\HP Officejet 6700\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {A95E9785-E2A7-4793-9FCB-90056171DFCE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
Task: {B94ECC76-A2D4-455D-9F2A-783BD8A7BEB6} - System32\Tasks\HP AR Program Upload - 32a98d52cb614c84b7b3e7140479d6e21c13a210e7a9410fa08236c9d2af1014 => C:\Program Files\HP\HP Officejet 6700\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {B966D7DA-7294-44BA-8866-C95F4B1ABE6D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-06-15] (HP Inc.)
Task: {B992F1F6-2B03-4213-A69E-BDC773B410FF} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3496421778-4022263089-3498141264-1002 => C:\Users\Heinz\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-05-20] (Microsoft Corporation)
Task: {BCBDCFBB-5A0F-4F38-8FAD-2C4D83FC2E5A} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-17] (Adobe Systems Incorporated)
Task: {BCF6FDCF-5226-4860-95FE-4B937FE65C5A} - System32\Tasks\HP AR Program Upload - ebba9a28e43440c189a411c4f132ff0ce3a8e1c0468845c98518daf9c19c45c0 => C:\Program Files\HP\HP Officejet 6700\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {C1CEF3CD-1370-433D-AB10-50915D5A9A82} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-06-15] (HP Inc.)
Task: {C605E60E-A347-4C9C-BC4B-96157D680D4F} - System32\Tasks\Delta Updater => Wscript.exe //B "C:\Users\Heinz\AppData\Local\delta\delta\1.4.5.10\..\updt.js"
Task: {C77DBD2E-EA93-4D17-895F-3E42E0B0DDBB} - System32\Tasks\Opera scheduled Autoupdate 1412931964 => C:\Program Files (x86)\Opera\launcher.exe [2014-10-29] (Opera Software)
Task: {D8AEEC6D-7C86-4DCE-A7EF-0389B4D78AD5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {DD7C50F7-FF05-4868-88E7-ED3EB0388616} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-06-15] (Microsoft Corporation)
Task: {EB2F459A-2652-466F-8A7A-603472EF0F78} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {EEA5BC7C-7B22-414E-881A-3AFEBAA5691B} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2016-04-18] (Siber Systems)
Task: {F686723D-69C8-4312-B58E-52342FC8302D} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2013-05-30] (Hewlett-Packard)
Task: {FB9D831C-C0FC-4C93-9F46-43E3B6362922} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForHeinz.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

Shortcut: C:\Users\Public\Desktop\CleverReach.com.lnk -> hxxp://swc.ashampoo.com/ikot/r.php?id=65 (Keine Datei)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2013-11-19 10:48 - 2016-01-23 03:04 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-01-28 18:14 - 2016-01-12 06:43 - 00291264 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2013-05-30 14:33 - 2013-02-23 16:46 - 00382608 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2013-05-30 14:33 - 2013-03-16 12:53 - 00515752 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2013-05-30 14:33 - 2013-03-16 12:53 - 00608424 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2015-06-25 07:53 - 2015-06-25 07:53 - 00699704 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2016-03-18 23:56 - 2016-03-18 23:56 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 01:08 - 2016-04-22 01:08 - 01047864 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-06-10 14:21 - 2015-06-10 14:21 - 00248872 _____ () C:\Program Files (x86)\F-Secure\daas2.dll
2015-07-30 22:18 - 2016-01-12 06:43 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2013-06-25 14:27 - 2015-05-26 16:47 - 00056360 _____ () C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\FSGUI\fsavures.eng
2013-06-25 14:32 - 2013-06-25 14:32 - 00030888 _____ () C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\hashlib_x86.dll
2013-06-25 14:27 - 2015-07-10 21:55 - 00212008 _____ () C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Spam Control\fsas.dll
2013-06-25 14:27 - 2015-05-26 16:47 - 00045608 _____ () C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\FSAVHRES.eng
2013-05-30 14:41 - 2013-05-30 14:41 - 00312976 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2013-05-30 14:41 - 2013-05-30 14:41 - 00356008 _____ () C:\Program Files\Microsoft Office 15\root\office15\c2r32.dll
2013-05-30 14:34 - 2013-05-30 14:34 - 00196224 _____ () C:\Program Files\Microsoft Office 15\root\office15\IEAWSDC.DLL

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData\TEMP:FCA8C9CD [274]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Heinz\AppData\Local\Ashampoo\Ashampoo Photo Commander 12\APCWallpaper.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\...\StartupApproved\StartupFolder: => "simplicheck.lnk"
HKLM\...\StartupApproved\Run: => "Launch LCore"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "SamsungRapidApp"
HKLM\...\StartupApproved\Run: => "Ashampoo Uninstaller 6 Guard"
HKLM\...\StartupApproved\Run: => "Ashampoo Backup"
HKLM\...\StartupApproved\Run32: => "LifeCam"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "PMBVolumeWatcher"
HKLM\...\StartupApproved\Run32: => "My Swisscom Assistant"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\StartupFolder: => "Logitech . Produktregistrierung.lnk"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\StartupFolder: => "Registration Heroes of Might & Magic 5.LNK"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\Run: => "RoboForm"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\Run: => "HP Officejet 6700 (NET)"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\Run: => "TomTomHOME.exe"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\Run: => "Adobe Reader Synchronizer"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\Run: => "iCloudPhotos"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\Run: => "Amazon Cloud Drive"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\Run: => "Amazon Music"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{555572DD-AC43-4DC5-A46D-808A2FE4C020}D:\soulseekqt\soulseekqt.exe] => (Allow) D:\soulseekqt\soulseekqt.exe
FirewallRules: [TCP Query User{9DD1B296-1F6C-4070-B63A-88675873C618}D:\soulseekqt\soulseekqt.exe] => (Allow) D:\soulseekqt\soulseekqt.exe
FirewallRules: [{19BD9E30-E5E5-48B5-A4F6-AFB653813F36}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5764869A-2D24-4FE9-AAB6-6692F26D74C6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D4651E7C-EC02-439C-9D6D-C48632C7D923}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1173C915-09C4-45FC-8F62-34BD91090817}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{85190660-E051-4E09-897E-CC81B0EB4A00}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{25B2A8C6-E80B-43C2-BB35-4F6536B9752A}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
FirewallRules: [{34DAD037-8A62-4C41-8D91-956163B2ED16}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\DeviceSetup.exe
FirewallRules: [{14AEB8D7-903F-4D06-ACB3-AB3991FBB3F5}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\SendAFax.exe
FirewallRules: [{543C245C-91EF-41BE-937A-2D885C739E3B}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\DigitalWizards.exe
FirewallRules: [{435BC9CC-59BB-4614-B9FB-546BE0BECB63}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\FaxApplications.exe
FirewallRules: [{C9A66DCC-E007-4B04-A313-69AE3EEB533F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{BDDD3C6D-5944-48E5-A771-02BB28494D20}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{2746371A-013F-4C6E-AB40-D0607D32CD9A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{9E128876-13BA-4431-A8DB-61D8AFF0361D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{943B67C8-E0FF-46D7-B61C-9C2957001266}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{779A00ED-B949-48E7-A3EB-5139C0D41620}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{99589787-3729-4E33-974A-E27234648B71}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\WLAN\SwisscomWLAN.exe
FirewallRules: [{42826AA8-6546-4E07-A6F9-A6DA76687DF5}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\WLAN\SwisscomWLAN.exe
FirewallRules: [{1EBD45E0-E6A9-4D58-8DA3-83224EBB5811}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe
FirewallRules: [{C5974FBF-A255-4191-8039-CDDAE4E3D650}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe
FirewallRules: [{E880337B-E878-4D2C-A7F6-7BE6E7E8D4C5}] => (Allow) C:\Program Files (x86)\Ubisoft\Far Cry 3 Blood Dragon\bin\fc3_blooddragon.exe
FirewallRules: [{B5AA6594-2BC9-4595-A5E1-24F538754C0F}] => (Allow) C:\Program Files (x86)\Ubisoft\Far Cry 3 Blood Dragon\bin\fc3_blooddragon.exe
FirewallRules: [{4F0CA273-CC49-4B82-9459-4CA1FFB5655C}] => (Allow) C:\Program Files (x86)\Ubisoft\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11.exe
FirewallRules: [{5984457C-1614-469D-AF34-1EA1C69CC3C9}] => (Allow) C:\Program Files (x86)\Ubisoft\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11.exe
FirewallRules: [{7CC9300C-0C6C-4953-A5B2-A39E656152D1}] => (Allow) C:\Program Files (x86)\Ubisoft\Far Cry 3 Blood Dragon\bin\FC3BDUpdater.exe
FirewallRules: [{C9E90CE0-5A26-431D-91D7-F2B439AC2D55}] => (Allow) C:\Program Files (x86)\Ubisoft\Far Cry 3 Blood Dragon\bin\FC3BDUpdater.exe
FirewallRules: [TCP Query User{89DC18CD-2F2E-4ECB-8BB1-87626793DFCA}D:\magix\video deluxe 2015 premium\videodeluxe.exe] => (Allow) D:\magix\video deluxe 2015 premium\videodeluxe.exe
FirewallRules: [UDP Query User{A6ABD8A0-4630-43E0-BFCB-AC5FC1BF1539}D:\magix\video deluxe 2015 premium\videodeluxe.exe] => (Allow) D:\magix\video deluxe 2015 premium\videodeluxe.exe
FirewallRules: [{64582C45-9FB2-4BD4-80F5-5ED6E289D691}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E279ECBE-6143-494D-A23A-6C32738CF3F6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7B308AD9-132E-4066-A8B1-EF9C3FA03901}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{15513709-C780-43EE-A2BB-AC04392486C5}] => (Allow) LPort=2869
FirewallRules: [{65B71408-ECBE-4248-9BA3-8A1C6D2B916C}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{DF21489F-AFF0-4B2A-A51F-4D0EF2DBEFE1}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [UDP Query User{9012038C-60D9-4967-85BC-AF576CE920EE}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [{95D740C8-297C-4EC4-A8E4-BBC0BA9EAC08}] => (Allow) C:\Program Files\MAGIX\Video Pro X7\Video_Pro_X.exe
FirewallRules: [{BF22D6C7-7D6B-4F03-92FE-29687C885325}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\MySwisscomAssistant_Launcher.exe
FirewallRules: [{FBA03AB6-D35F-4892-8CCB-94A80A9F5619}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\MySwisscomAssistant_Launcher.exe
FirewallRules: [{614963A4-2B64-4D13-A0E0-1F7AB3FE8DDA}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\MySwisscomAssistant_Repair.exe
FirewallRules: [{80C4566C-CE6E-4304-A2CC-74E6D79D97D2}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\MySwisscomAssistant_Repair.exe
FirewallRules: [{610CD5B8-E5D0-41FB-BC42-0BE2C252DBA3}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\MySwisscomAssistant.exe
FirewallRules: [{8896B807-3DEE-4CBA-9CAB-0E626F9ACAC8}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\MySwisscomAssistant.exe
FirewallRules: [{00E5389D-3D6E-405E-8496-A4B241A6F9AA}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\Update\M2Updater.exe
FirewallRules: [{D065AEB6-5EC2-4C49-9E7C-EC167EEA8DE5}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\Update\M2Updater.exe
FirewallRules: [{5CE334AC-99C0-49F2-96A4-0F32ECA25329}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\PDF_Viewer\m2PDFViewer.exe
FirewallRules: [{D6B15A89-3B77-40BC-8CD0-4033A4910610}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\PDF_Viewer\m2PDFViewer.exe
FirewallRules: [{97A554D0-CAF6-4694-AB43-780B09EF117D}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8C1CF21C-F486-409F-950D-156D56C8F2F8}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{03539951-8AAB-49FD-9CF2-0C0327F53D6D}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2AF41C0E-B9B2-44EF-9D6F-9478F61B74D4}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{61145F1B-631B-466C-8841-9A50195E0B3C}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{64F1C429-7D8D-4A06-BA16-147076ECB9DE}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{DACF7298-E62B-408A-AED3-679D1B983046}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{CDFACA66-0D67-43E3-A32B-CA4D61B262D6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{5DC989AE-D992-4640-96F5-CA286E0C5F49}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{4FA24DA1-3FDF-4DED-AC33-69C824221D06}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C8125BE1-B8A2-4E8B-A117-39682AECD826}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A2FE8AFD-BD7A-446D-A8F5-BAA1AF1CF717}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{093C8530-EE11-418C-949D-4A600C33C107}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E1F81141-B9D3-41BC-AC50-94A663BA95F1}] => (Allow) D:\ANNO\Anno 2205\Bin\Win64\Anno2205.exe
FirewallRules: [{E9245BAA-D73B-4B9C-BF25-6024743FD273}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{C43A6786-8351-4156-ADC0-BB37848F3943}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{73064C57-800E-44E8-92F5-554112E4B360}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{C11FF067-B0A3-4F40-80F1-55D1FF0AD0C2}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{711671C1-8F2F-4AB0-8990-9DFD5CCB5E24}] => (Allow) D:\iTunes\iTunes.exe

==================== Wiederherstellungspunkte =========================

11-06-2016 16:22:50 Geplanter Prüfpunkt
15-06-2016 23:16:01 Windows Update
23-06-2016 16:34:35 Windows Update

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (06/27/2016 07:25:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: fshoster32.exe, Version: 1.6.214.0, Zeitstempel: 0x55631674
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.18264, Zeitstempel: 0x56e1b34d
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x00015b68
ID des fehlerhaften Prozesses: 0x1650
Startzeit der fehlerhaften Anwendung: 0xfshoster32.exe0
Pfad der fehlerhaften Anwendung: fshoster32.exe1
Pfad des fehlerhaften Moduls: fshoster32.exe2
Berichtskennung: fshoster32.exe3
Vollständiger Name des fehlerhaften Pakets: fshoster32.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: fshoster32.exe5

Error: (06/27/2016 07:25:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IAStorDataMgrSvc.exe, Version: 12.5.0.1066, Zeitstempel: 0x5147a50c
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x051c4c0d
ID des fehlerhaften Prozesses: 0xad0
Startzeit der fehlerhaften Anwendung: 0xIAStorDataMgrSvc.exe0
Pfad der fehlerhaften Anwendung: IAStorDataMgrSvc.exe1
Pfad des fehlerhaften Moduls: IAStorDataMgrSvc.exe2
Berichtskennung: IAStorDataMgrSvc.exe3
Vollständiger Name des fehlerhaften Pakets: IAStorDataMgrSvc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IAStorDataMgrSvc.exe5

Error: (06/27/2016 07:25:04 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: IAStorDataMgrSvc.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.NullReferenceException
Stapel:
   bei IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges()
   bei IAStorUtil.SystemDataModelListener.LoadSavedSystemState()
   bei IAStorDataMgr.EventRelay.<Start>b__0(System.Object)
   bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()
   bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (06/27/2016 07:24:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: fshoster32.exe, Version: 1.6.214.0, Zeitstempel: 0x55631674
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.18264, Zeitstempel: 0x56e1b34d
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x00015b68
ID des fehlerhaften Prozesses: 0x15c8
Startzeit der fehlerhaften Anwendung: 0xfshoster32.exe0
Pfad der fehlerhaften Anwendung: fshoster32.exe1
Pfad des fehlerhaften Moduls: fshoster32.exe2
Berichtskennung: fshoster32.exe3
Vollständiger Name des fehlerhaften Pakets: fshoster32.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: fshoster32.exe5

Error: (06/27/2016 07:24:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: fshoster32.exe, Version: 1.6.214.0, Zeitstempel: 0x55631674
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.18264, Zeitstempel: 0x56e1b34d
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x00015b68
ID des fehlerhaften Prozesses: 0x798
Startzeit der fehlerhaften Anwendung: 0xfshoster32.exe0
Pfad der fehlerhaften Anwendung: fshoster32.exe1
Pfad des fehlerhaften Moduls: fshoster32.exe2
Berichtskennung: fshoster32.exe3
Vollständiger Name des fehlerhaften Pakets: fshoster32.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: fshoster32.exe5

Error: (06/26/2016 10:35:21 AM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 2  2016-06-26  10:35:21+02:00  HZMOPC  HZMOPC\Heinz  F-Secure Anti-Virus
 Databases are old: the latest database file is 352 days old.

Error: (06/26/2016 09:24:31 AM) (Source: MsiInstaller) (EventID: 1002) (User: HZMOPC)
Description: Nicht erwarteter oder fehlender Wert (Name: "PackageName", Wert: "") für Schlüssel "HKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList".

Error: (06/26/2016 09:24:22 AM) (Source: HP Active Health) (EventID: 2200) (User: )
Description: Agent DriverCrash threw an exception: System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
   bei HP.ActiveHealth.Agents.DriverCrash.DriverCrashAgent.ParseMinidump(FileInfo minidumpFile)
   bei HP.ActiveHealth.Agents.DriverCrash.DriverCrashAgent.CollectNewDataClasses(FileInfo agentStateFile, IDataClassCollector dataClassColector)
   bei HP.ActiveHealth.API.DataGeneration.AgentRunner.QueryAgentDelegate(Object agentObj)

Error: (06/26/2016 09:15:40 AM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 1  2016-06-26  09:15:40+02:00  HZMOPC  SYSTEM  F-Secure Anti-Virus
 Malicious code found in file C:\Windows\Temp\WAX557D.tmp.
 Infection: Gen:Trojan.Heur.FU.UuZ@a8NNrf

Error: (06/26/2016 09:15:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: fshoster32.exe, Version: 1.6.214.0, Zeitstempel: 0x55631674
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.18264, Zeitstempel: 0x56e1b34d
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x00015b68
ID des fehlerhaften Prozesses: 0xad8
Startzeit der fehlerhaften Anwendung: 0xfshoster32.exe0
Pfad der fehlerhaften Anwendung: fshoster32.exe1
Pfad des fehlerhaften Moduls: fshoster32.exe2
Berichtskennung: fshoster32.exe3
Vollständiger Name des fehlerhaften Pakets: fshoster32.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: fshoster32.exe5


Systemfehler:
=============
Error: (06/27/2016 07:35:27 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80240020 fehlgeschlagen: Upgrade auf Windows 10 Pro, Version 1511, 10586

Error: (06/27/2016 07:25:04 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/27/2016 07:24:53 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "F-Secure Dll Hoster" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/27/2016 07:24:37 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "F-Secure Dll Hoster" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/27/2016 07:24:19 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Interenet Optimizer erreicht.

Error: (06/26/2016 09:25:52 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80240020 fehlgeschlagen: Upgrade auf Windows 10 Pro, Version 1511, 10586

Error: (06/26/2016 09:15:34 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/26/2016 09:15:23 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "F-Secure Dll Hoster" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/26/2016 09:15:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "F-Secure Dll Hoster" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/26/2016 09:14:49 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Interenet Optimizer erreicht.


CodeIntegrity:
===================================
  Date: 2016-06-27 07:36:29.127
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-27 07:35:29.311
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\hmpalert.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-27 07:33:59.116
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-27 07:26:31.037
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-27 07:25:32.938
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-27 07:24:41.123
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\hmpalert.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-27 07:24:37.685
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-26 10:34:47.827
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-26 10:17:33.724
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\hmpalert.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-26 10:17:33.099
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\hmpalert.dll that did not meet the Microsoft signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz
Prozentuale Nutzung des RAM: 25%
Installierter physikalischer RAM: 16328.39 MB
Verfügbarer physikalischer RAM: 12151.66 MB
Summe virtueller Speicher: 18760.39 MB
Verfügbarer virtueller Speicher: 14485.18 MB

==================== Laufwerke ================================

Drive c: (Windows) (Fixed) (Total:232.78 GB) (Free:48.63 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (DATEN) (Fixed) (Total:1838.6 GB) (Free:749.32 GB) NTFS
Drive e: (INTENSO) (Fixed) (Total:1862.55 GB) (Free:1561.53 GB) FAT32

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 7683B724)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: FCB5DEFE)
Partition 1: (Not Active) - (Size=24.4 GB) - (Type=27)
Partition 2: (Not Active) - (Size=1838.6 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 1863 GB) (Disk ID: 6D86302A)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=0C)

==================== Ende von Addition.txt ============================

Hallo, zu Deiner Frage:
Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?
Nein habe ich nicht und auch keine Meldungen von anderen z.B. aus den WindowsSystem
Danke mal und Gruss hzmo

Der erste Teil hat offenbar nicht richtig geklapp, ein zweites Mal

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 26-06-2016 02
durchgeführt von Heinz (Administrator) auf HZMOPC (27-06-2016 07:37:21)
Gestartet von C:\Users\Heinz\Downloads
Geladene Profile: Heinz (Verfügbare Profile: Heinz & Dennis & _ashbackup_)
Platform: Windows 8.1 Pro (Update) (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fslauncher.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSHDLL64.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fslauncher.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(MSS) C:\Users\Heinz\AppData\Local\delta\delta\1.4.5.10\deltaup.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fssm32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(MSS) C:\Users\Heinz\AppData\Local\delta\delta\1.4.5.10\deltaup.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6827664 2012-08-07] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [7477016 2013-04-25] (Logitech Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2991856 2013-02-21] (Logitech, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-03-22] (Intel Corporation)
HKLM\...\Run: [iTunesHelper] => D:\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.)
HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\RAPID\CacheFilter\SamsungRapidApp.exe [281776 2014-09-16] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [Ashampoo Uninstaller 6 Guard] => C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 6\UI6Guard.exe [2369384 2016-01-20] (Ashampoo Development GmbH & Co. KG)
HKLM\...\Run: [Ashampoo Backup] => D:\Ashampoo\Neuer Ordner\Ashampoo Backup 2016\bin\backupClient-ab.exe [323392 2016-04-21] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-04-22] (Apple Inc.)
HKLM-x32\...\Run: [F-Secure Manager] => C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE [306216 2015-05-26] (F-Secure Corporation)
HKLM-x32\...\Run: [My Swisscom Assistant] => C:\Program Files (x86)\Swisscom\My Swisscom Assistant\MySwisscomAssistant_Launcher.exe [12028512 2015-06-03] (Swisscom (Schweiz) AG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [F-Secure Hoster (666)] => C:\Program Files (x86)\F-Secure\fshoster32.exe [193064 2015-06-10] (F-Secure Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2016-04-22] (Apple Inc.)
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-04-22] (Apple Inc.)
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Run: [TomTomHOME.exe] => D:\tomtommazda\\TomTom HOME 2\TomTomHOMERunner.exe [248176 2014-06-05] (TomTom)
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Run: [Steam] => D:\Program Files (x86)\Steam\Steam.exe [3077712 2016-03-31] (Valve Corporation)
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Run: [EADM] => D:\Origin\Origin.exe [3632112 2015-07-25] (Electronic Arts)
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2016-04-22] (Apple Inc.)
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe [882872 2016-05-27] (Adobe Systems Incorporated)
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2016-04-22] (Apple Inc.)
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Run: [Amazon Cloud Drive] => C:\Users\Heinz\AppData\Local\Amazon Cloud Drive\AmazonCloudDrive.exe [2057912 2016-04-20] (Amazon.com Inc.)
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Run: [Amazon Music] => C:\Users\Heinz\AppData\Local\Amazon Music\Amazon Music Helper.exe [5907944 2016-03-04] ()
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110376 2016-04-18] (Siber Systems)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
IFEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\backupclient-ab.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\driveclone.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\h5_game.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\hamachi-2-ui.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\hmpalert.exe: [Debugger] 
IFEO\hp officejet 6700.exe: [Debugger] 
IFEO\hpcustpartic.exe: [Debugger] 
IFEO\hpqdtss.exe: [Debugger] 
IFEO\hpwucli.exe: [Debugger] 
IFEO\launcher.exe: [Debugger] 
IFEO\lcore.exe: [Debugger] 
IFEO\photoproduct.exe: [Debugger] 
IFEO\pmbbrowser.exe: [Debugger] 
IFEO\pmbinit.exe: [Debugger] 
IFEO\powersuitestart.exe: [Debugger] 
IFEO\registrationreminder.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\simplicheck.exe: [Debugger] 
IFEO\tomtomhome.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\uninst.exe: [Debugger] 
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Heinz\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-05-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Heinz\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-05-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Heinz\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-05-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Heinz\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-05-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Heinz\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-05-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Heinz\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-05-20] (Microsoft Corporation)
Startup: C:\Users\Heinz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2015-09-30]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Heinz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk [2013-07-15]
ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1F42AC83-657C-4455-BFB5-ADEB03FE13E9}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://localoem.msn.com
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.steg-electronics.ch
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {8E62A01D-BA7B-48D5-B636-0DF419EFEDBF} URL = 
SearchScopes: HKU\S-1-5-21-3496421778-4022263089-3498141264-1002 -> DefaultScope {8E62A01D-BA7B-48D5-B636-0DF419EFEDBF} URL = 
SearchScopes: HKU\S-1-5-21-3496421778-4022263089-3498141264-1002 -> {8E62A01D-BA7B-48D5-B636-0DF419EFEDBF} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2013-05-30] (Microsoft Corporation)
BHO: Browsing Protection -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https64.dll [2015-06-15] (F-Secure Corporation)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-04-18] (Siber Systems Inc.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2013-02-21] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2013-05-30] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2013-05-30] (Microsoft Corporation)
BHO-x32: Browsing Protection -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https.dll [2015-06-15] (F-Secure Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-04-18] (Siber Systems Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-10] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2013-02-21] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2013-05-30] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-10] (Oracle Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-04-18] (Siber Systems Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-04-18] (Siber Systems Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10] (Microsoft Corporation.)
Toolbar: HKU\.DEFAULT -> Kein Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  Keine Datei
Toolbar: HKU\S-1-5-21-3496421778-4022263089-3498141264-1002 -> Kein Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  Keine Datei
Toolbar: HKU\S-1-5-21-3496421778-4022263089-3498141264-1002 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-04-18] (Siber Systems Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2013-05-30] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\cfdolx5l.default
FF Homepage: hxxps://www.google.ch/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-17] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [Keine Datei]
FF Plugin: @videolan.org/vlc,version=2.0.8 -> D:\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> D:\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> D:\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> D:\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-17] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Users\Heinz\Picasa3\npPicasa3.dll [2015-08-26] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-31] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-31] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-31] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-10] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-05-30] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @myriad-online.com/x-myriad-music -> C:\Program Files (x86)\Mozilla Firefox\Plugins\npMyrMus.dll [2013-10-03] (Myriad Software.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-01-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-01-23] (NVIDIA Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2013-09-17] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3496421778-4022263089-3498141264-1002: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2016-04-18] ()
FF user.js: detected! => C:\Users\Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\cfdolx5l.default\user.js [2016-06-13]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPMyrMus.dll [2013-10-03] (Myriad Software.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Extension: Cliqz - C:\Users\Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\cfdolx5l.default\Extensions\cliqz@cliqz.com.xpi [2015-12-22]
FF Extension: iCloud Bookmarks - C:\Users\Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\cfdolx5l.default\Extensions\firefoxdav@icloud.com [2015-05-29]
FF Extension: Trusted Shops Add-On für Firefox - C:\Users\Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\cfdolx5l.default\Extensions\jid1-PBNne26X1Kn6hQ@jetpack.xpi [2015-10-28]
FF Extension: F_Secure Search - C:\Users\Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\cfdolx5l.default\Extensions\{46CD8256-0A40-41da-ACB6-795587A6ED34}.xpi [2015-12-27]
FF Extension: My Swisscom Assistant - C:\Users\Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\cfdolx5l.default\Extensions\{6A6114A5-EEF5-45F4-BCD1-B00A7B33E04B} [2016-04-08] [ist nicht signiert]
FF Extension: Adblock Plus - C:\Users\Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\cfdolx5l.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-16]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-07-15] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [{ae12ab8e-5c48-4aba-b5e2-cacd84ff0f26}] - C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\deploy\fs_firefox_https
FF Extension: Browsing Protection - C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\deploy\fs_firefox_https [2014-12-06] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
FF Extension: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi [2016-04-18]
FF HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Firefox\Extensions: [safesearch@f-secure.com] - C:\Users\Heinz\AppData\Roaming\F-Secure\SafeSearch\FFPlugIn
FF Extension: F-Secure Search - C:\Users\Heinz\AppData\Roaming\F-Secure\SafeSearch\FFPlugIn [2014-02-25] [ist nicht signiert]
FF HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\cfdolx5l.default\extensions\cliqz@cliqz.com => nicht gefunden
FF HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi

Chrome: 
=======
CHR Profile: C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-16]
CHR Extension: (Google Docs) - C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-16]
CHR Extension: (Google Drive) - C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-16]
CHR Extension: (YouTube) - C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-16]
CHR Extension: (Google-Suche) - C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-16]
CHR Extension: (Logitech SetPoint) - C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2015-05-16]
CHR Extension: (Google Tabellen) - C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-16]
CHR Extension: (Bookmark Manager) - C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-16]
CHR Extension: (Browsing Protection by F-Secure) - C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjjnhpacphpjmnnlnccpfmhkcloaade [2015-05-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-16]
CHR Extension: (Google Wallet) - C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-16]
CHR Extension: (Google Mail) - C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-16]
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2013-07-15]
CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - C:/Program Files (x86)/F-Secure/apps/CCF_Scanning/bin/browser/install/fs_chrome_https/fs_chrome_https.crx [2014-11-27]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S4 ashbackup; d:\Ashampoo\Neuer Ordner\Ashampoo Backup 2016\bin\backupService-ab.exe [32064 2016-04-21] ()
S4 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [Datei ist nicht signiert]
S4 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [Datei ist nicht signiert]
S4 FSDcSvc; C:\Program Files (x86)\FarStone DriveClone\Files\FsSvcExe.exe [338944 2013-06-20] (FarStone Inc.) [Datei ist nicht signiert]
R2 fshoster; C:\Program Files (x86)\F-Secure\fshoster32.exe [193064 2015-06-10] (F-Secure Corporation)
R3 FSMA; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE [216104 2015-05-26] (F-Secure Corporation)
R2 FSORSPClient; C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe [60456 2015-03-09] (F-Secure Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-12] (NVIDIA Corporation)
S4 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2014-08-10] (SurfRight B.V.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28552 2016-04-26] (Hewlett-Packard Company)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Datei ist nicht signiert]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-31] (Intel Corporation)
S3 m2UpdateService_{F8F85656-87B0-43BD-B2BA-3B7982C22B5E}; C:\Program Files (x86)\Swisscom\My Swisscom Assistant\m2UpdateService.exe [12022368 2015-06-03] (Swisscom (Schweiz) AG)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-12] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-12] (NVIDIA Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1872568 2013-04-19] (Microsoft Corporation)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [2007048 2015-07-25] (Electronic Arts)
R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [28848 2014-09-16] (Samsung Electronics Co., Ltd.)
S4 TomTomHOMEService; D:\tomtommazda\TomTom HOME 2\TomTomHOMEService.exe [93040 2014-06-05] (TomTom)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2015-06-25] (TuneUp Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 0c632643; "C:\WINDOWS\system32\rundll32.exe" "c:\progra~3\intere~1\InterenetOptimizerSvc.dll",service

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S0 asahci64; C:\Windows\System32\drivers\asahci64.sys [47512 2013-01-10] (Asmedia Technology)
R0 asstor64; C:\Windows\System32\drivers\asstor64.sys [82232 2013-11-25] (Asmedia Technology)
R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c64x64.sys [468240 2013-08-21] (Intel Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 F-Secure Gatekeeper; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [203304 2015-07-10] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys [71080 2015-07-07] (F-Secure Corporation)
S3 FARMNTIO; c:\windows\system32\drivers\farmntio.sys [25144 2013-04-11] () [Datei ist nicht signiert]
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [55336 2015-07-10] ()
R0 fsbts; C:\Windows\SysWOW64\Drivers\fsbts.sys [42248 2013-06-25] ()
R3 fsni; C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\fsni64.sys [95784 2015-06-15] (F-Secure Corporation)
R1 fsvista; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [13352 2014-06-24] ()
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [44296 2015-03-30] (LogMeIn Inc.)
R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2014-08-10] ()
S3 IAMTVE; C:\Windows\System32\drivers\IAMTVE.sys [43416 2007-04-12] (Intel Corporation)
S3 LcUvcUpper; C:\Windows\system32\DRIVERS\LcUvcUpper.sys [34424 2015-02-09] (Microsoft Corporation)
R3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.)
S3 MarvinBus; C:\Windows\System32\drivers\MarvinBus64.sys [261120 2005-09-23] (Pinnacle Systems GmbH) [Datei ist nicht signiert]
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [116736 2014-02-19] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [268976 2014-09-16] (Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [111280 2014-09-16] (Samsung Electronics Co., Ltd.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [31144 2015-06-04] (TuneUp Software)
R2 UI5IFS; C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 6\IFS64.sys [31320 2016-01-20] ()
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [71680 2014-04-30] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-06-27 07:37 - 2016-06-27 07:37 - 00035036 _____ C:\Users\Heinz\Downloads\FRST.txt
2016-06-27 07:36 - 2016-06-27 07:37 - 00000000 ___DC C:\FRST
2016-06-27 07:35 - 2016-06-27 07:36 - 02389504 _____ (Farbar) C:\Users\Heinz\Downloads\FRST64.exe
2016-06-26 09:41 - 2016-06-27 07:23 - 00000000 ____D C:\Users\Heinz\AppData\Local\FSDART
2016-06-20 18:02 - 2016-06-20 18:02 - 00152173 _____ C:\Users\Heinz\Downloads\Vorlage_Finanzplan.xlsx
2016-06-15 23:09 - 2016-05-12 20:38 - 00135336 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-06-15 23:09 - 2016-05-12 19:43 - 00115704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-06-15 23:09 - 2016-05-12 18:24 - 00678912 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2016-06-15 23:09 - 2016-05-12 18:17 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-06-15 23:09 - 2016-05-12 18:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.dll
2016-06-15 23:09 - 2016-05-12 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-06-15 23:09 - 2016-05-12 18:07 - 01360896 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-06-15 23:09 - 2016-05-12 17:59 - 00398848 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-06-15 23:09 - 2016-05-12 17:48 - 00580096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll
2016-06-15 23:09 - 2016-05-12 17:43 - 00291328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-06-15 23:09 - 2016-05-12 17:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.dll
2016-06-15 23:09 - 2016-05-12 17:37 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-06-15 23:09 - 2016-05-06 17:45 - 00748544 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-06-15 23:09 - 2016-05-06 17:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-06-15 23:08 - 2016-06-03 19:11 - 00472576 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-06-15 23:08 - 2016-06-03 15:38 - 01413120 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-06-15 23:08 - 2016-06-02 19:51 - 00050352 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-06-15 23:08 - 2016-05-29 17:04 - 01204224 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-06-15 23:08 - 2016-05-29 17:04 - 00569856 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-06-15 23:08 - 2016-05-29 17:04 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-06-15 23:08 - 2016-05-29 17:04 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-06-15 23:08 - 2016-05-29 17:04 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-06-15 23:08 - 2016-05-29 17:04 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-06-15 23:08 - 2016-05-21 19:28 - 25802752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-15 23:08 - 2016-05-21 18:57 - 20341248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-06-15 23:08 - 2016-05-21 00:09 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-15 23:08 - 2016-05-21 00:08 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-15 23:08 - 2016-05-21 00:02 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-15 23:08 - 2016-05-20 23:57 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-06-15 23:08 - 2016-05-20 23:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-06-15 23:08 - 2016-05-20 23:54 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-06-15 23:08 - 2016-05-20 23:50 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-06-15 23:08 - 2016-05-20 23:44 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-06-15 23:08 - 2016-05-20 23:29 - 13815808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-06-15 23:08 - 2016-05-20 23:27 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-06-15 23:08 - 2016-05-20 23:25 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-06-15 23:08 - 2016-05-20 23:25 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2016-06-15 23:08 - 2016-05-20 23:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-06-15 23:08 - 2016-05-20 23:21 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2016-06-15 23:08 - 2016-05-20 23:19 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-06-15 23:08 - 2016-05-20 23:16 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-06-15 23:08 - 2016-05-20 23:14 - 04610048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-06-15 23:08 - 2016-05-20 23:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-06-15 23:08 - 2016-05-20 23:11 - 15420928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-15 23:08 - 2016-05-20 23:11 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-06-15 23:08 - 2016-05-20 23:09 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-06-15 23:08 - 2016-05-20 23:09 - 00379392 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-06-15 23:08 - 2016-05-20 23:08 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-06-15 23:08 - 2016-05-20 23:08 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-15 23:08 - 2016-05-20 23:06 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-15 23:08 - 2016-05-20 22:46 - 02597888 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-15 23:08 - 2016-05-20 22:42 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-06-15 23:08 - 2016-05-20 22:38 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-06-15 23:08 - 2016-05-20 22:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-06-15 23:08 - 2016-05-20 22:34 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-15 23:08 - 2016-05-20 22:23 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-06-15 23:08 - 2016-05-19 01:15 - 01379040 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-15 23:08 - 2016-05-18 22:35 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-06-15 23:08 - 2016-05-18 07:31 - 00372568 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-15 23:08 - 2016-05-18 07:31 - 00315224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-06-15 23:08 - 2016-05-16 23:13 - 00563016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-06-15 23:08 - 2016-05-16 23:13 - 00397224 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-06-15 23:08 - 2016-05-16 23:13 - 00340872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-06-15 23:08 - 2016-05-16 23:13 - 00178008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-06-15 23:08 - 2016-05-14 22:01 - 00363104 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-15 23:08 - 2016-05-14 22:01 - 00320720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-06-15 23:08 - 2016-05-14 01:09 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-06-15 23:08 - 2016-05-14 01:07 - 00675328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-15 23:08 - 2016-05-14 01:07 - 00416768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-15 23:08 - 2016-05-14 01:07 - 00281088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-15 23:08 - 2016-05-14 01:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-15 23:08 - 2016-05-14 01:04 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-15 23:08 - 2016-05-14 00:34 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-06-15 23:08 - 2016-05-14 00:19 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-06-15 23:08 - 2016-05-13 23:58 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-15 23:08 - 2016-05-13 23:58 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-06-15 23:08 - 2016-05-13 23:45 - 00802816 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-15 23:08 - 2016-05-13 23:35 - 00286208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-06-15 23:08 - 2016-05-13 23:26 - 00631808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-06-15 23:08 - 2016-05-09 23:35 - 07075328 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2016-06-15 23:08 - 2016-05-09 22:56 - 05270016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2016-06-15 23:08 - 2016-05-09 22:45 - 07793152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-06-15 23:08 - 2016-05-09 22:23 - 05265920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-06-15 23:08 - 2016-04-14 17:25 - 02778624 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-06-15 23:08 - 2016-04-14 17:11 - 02464768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-06-15 23:08 - 2016-04-12 17:46 - 14467584 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-06-15 23:08 - 2016-04-12 17:30 - 12879872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-06-15 23:08 - 2016-01-31 21:17 - 00118624 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-06-15 23:08 - 2016-01-31 20:07 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-06-15 23:08 - 2016-01-31 19:42 - 03320832 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-06-15 23:08 - 2016-01-31 19:14 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-06-13 17:11 - 2016-06-13 17:17 - 00000000 ___DC C:\AdwCleaner
2016-06-13 17:10 - 2016-06-13 17:10 - 03677248 _____ C:\Users\Heinz\Downloads\AdwCleaner_5.119.exe
2016-06-12 09:18 - 2016-06-12 09:19 - 34810488 _____ (Mozilla) C:\Users\Heinz\Downloads\Thunderbird Setup 45.1.1(1).exe
2016-06-08 08:39 - 2016-06-08 08:39 - 34950056 _____ (Mozilla) C:\Users\Heinz\Downloads\Thunderbird Setup 45.1.1.exe

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-06-27 07:33 - 2014-08-10 23:14 - 00000000 ____D C:\Windows\CryptoGuard
2016-06-27 07:31 - 2013-09-30 06:14 - 01780340 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-27 07:31 - 2013-09-30 05:56 - 00765378 _____ C:\Windows\system32\perfh007.dat
2016-06-27 07:31 - 2013-09-30 05:56 - 00159696 _____ C:\Windows\system32\perfc007.dat
2016-06-27 07:31 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
2016-06-27 07:26 - 2013-11-23 10:21 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{50690F22-4F3F-458D-88CA-21FDB97DDD78}
2016-06-27 07:24 - 2013-09-09 15:14 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-27 07:23 - 2013-11-19 10:48 - 00000000 ____D C:\ProgramData\NVIDIA
2016-06-27 07:23 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-26 10:41 - 2013-08-22 15:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2016-06-26 10:27 - 2015-11-01 18:09 - 00005130 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for HZMOPC-Heinz hzmopc
2016-06-26 10:16 - 2013-06-03 07:59 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-26 09:48 - 2013-09-09 15:14 - 00001132 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-26 09:41 - 2013-08-05 21:08 - 00000000 ____D C:\Users\Heinz\AppData\Local\F-Secure
2016-06-26 09:41 - 2013-06-25 14:17 - 00000000 ____D C:\ProgramData\F-Secure
2016-06-26 09:19 - 2013-05-30 14:34 - 00000000 ___DO C:\Users\Heinz\SkyDrive
2016-06-25 11:47 - 2016-03-03 17:56 - 00000000 ____D C:\Users\Heinz\iTunes
2016-06-24 15:00 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2016-06-24 14:59 - 2013-10-01 14:41 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-06-24 14:59 - 2013-10-01 14:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-06-23 19:11 - 2015-04-27 18:45 - 00000000 ____D C:\Users\Heinz\Desktop\Verein
2016-06-23 18:37 - 2013-05-30 11:24 - 00000000 ____D C:\Users\Heinz\AppData\Local\Packages
2016-06-23 17:23 - 2013-05-30 11:31 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3496421778-4022263089-3498141264-1002
2016-06-23 16:35 - 2013-10-01 14:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-06-23 16:32 - 2013-06-24 08:00 - 00003416 _____ C:\Windows\System32\Tasks\Apple Diagnostics
2016-06-23 16:23 - 2016-04-05 00:41 - 00000346 _____ C:\Windows\Tasks\HPCeeScheduleForHeinz.job
2016-06-22 14:19 - 2016-04-05 00:41 - 00003160 _____ C:\Windows\System32\Tasks\HPCeeScheduleForHeinz
2016-06-19 08:07 - 2013-06-06 12:44 - 00000000 ____D C:\Users\Heinz\AppData\Local\CrashDumps
2016-06-18 15:36 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-17 18:29 - 2012-07-26 09:59 - 00000000 ____D C:\Windows\CbsTemp
2016-06-17 07:16 - 2013-06-03 07:59 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-06-16 09:11 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2016-06-15 23:22 - 2016-01-23 19:16 - 00573472 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-15 23:21 - 2014-12-12 09:42 - 00000000 ____D C:\Windows\system32\appraiser
2016-06-15 23:21 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ToastData
2016-06-15 23:18 - 2013-08-15 15:10 - 00000000 ____D C:\Windows\system32\MRT
2016-06-15 23:16 - 2013-04-23 15:31 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-14 19:13 - 2013-08-22 17:38 - 00828408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-06-14 19:13 - 2013-08-22 17:38 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-13 08:24 - 2013-12-29 14:31 - 00000000 ____D C:\Users\Heinz\AppData\Local\Microsoft Help
2016-06-13 07:18 - 2016-05-08 09:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-13 07:18 - 2013-05-30 12:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-12 09:19 - 2016-04-18 10:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-06-12 09:19 - 2013-05-30 12:00 - 00001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2016-06-12 09:19 - 2013-05-30 12:00 - 00001220 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2016-06-09 17:38 - 2013-11-09 13:48 - 00000000 ____D C:\Users\Heinz\Documents\vortrag
2016-06-07 22:01 - 2014-09-16 21:21 - 00001453 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-06-07 22:01 - 2014-09-16 21:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-06-07 22:01 - 2013-06-20 21:01 - 00000000 ___DC C:\Program Files\Common Files\Apple
2016-06-07 14:39 - 2013-11-19 10:49 - 00000000 ____D C:\Users\Heinz
2016-06-02 11:44 - 2015-09-16 16:17 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2013-06-02 10:51 - 2013-11-14 22:49 - 0004198 _____ () C:\Users\Heinz\AppData\Roaming\HZMOPC.MTBF.txt
2013-11-26 15:01 - 2013-11-26 15:01 - 0001099 _____ () C:\Users\Heinz\AppData\Roaming\ShiftN.ini
2013-06-02 10:51 - 2013-11-14 22:52 - 0000902 _____ () C:\Users\Heinz\AppData\Roaming\__AvidCloudManager.log
2013-06-02 10:51 - 2013-10-02 21:24 - 0000902 _____ () C:\Users\Heinz\AppData\Roaming\__AvidCloudManagerPrevious.log
2013-06-02 12:18 - 2016-05-12 20:48 - 0059392 _____ () C:\Users\Heinz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-04 20:35 - 2014-10-04 20:35 - 0000858 _____ () C:\Users\Heinz\AppData\Local\recently-used.xbel
2014-10-22 21:29 - 2014-10-22 21:29 - 0007027 _____ () C:\Users\Heinz\AppData\Local\soulseek-client.dat.1414006152383
2015-01-20 22:01 - 2015-01-20 22:01 - 0007027 _____ () C:\Users\Heinz\AppData\Local\soulseek-client.dat.1421784116922
2015-11-27 20:08 - 2015-11-27 20:08 - 0007027 _____ () C:\Users\Heinz\AppData\Local\soulseek-client.dat.1448647737866
2013-06-10 16:15 - 2013-06-10 16:15 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-06-25 20:59 - 2015-05-06 15:38 - 95609776 _____ (mquadr.at software engineering & consulting GmbH) C:\ProgramData\MSASetup.exe

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\ProgramData\MSASetup.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-06-26 10:17

==================== Ende von FRST.txt ============================

Mit dem Farber Tool habe ich nur eine "Untersuchung" gemacht. Auf das "Entfernen" habe ich verzichtet? hzmo

cosinus · 27.06.2016, 09:56

Zitat:

Any Video Converter Professional
MAGIX Video deluxe 2014 Premium
MAGIX Video deluxe 2015 Premium
MAGIX Video Pro X7

Gewerblich genutztes System??

hzmo · 27.06.2016, 11:08

Hallo
Benutze diese Teile nur Hobbymässig. Machte seit Jahren private Vidos für mich und meine Familie. Gruss hzmo

Any Video Converter Professional
MAGIX Video deluxe 2014 Premium
MAGIX Video deluxe 2015 Premium
MAGIX Video Pro X7

cosinus · 27.06.2016, 11:37

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

hzmo · 27.06.2016, 16:00

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2016.06.27.02
  rootkit: v2016.05.27.01

Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.18350
Heinz :: HZMOPC [administrator]

27.06.2016 12:54:23
mbar-log-2016-06-27 (12-54-23).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 533213
Time elapsed: 15 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\LAUNCHER.EXE (RiskWare.IFEOHijack) -> Delete on reboot. [5599d031aded76c0cb004f7cb053867a]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\LAUNCHER.EXE (RiskWare.IFEOHijack) -> Delete on reboot. [d915936e5b3f96a0f1da47842fd4ac54]

Registry Values Detected: 2
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\LAUNCHER.EXE|Debugger (RiskWare.IFEOHijack) -> Data:  -> Delete on reboot. [5599d031aded76c0cb004f7cb053867a]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\LAUNCHER.EXE|Debugger (RiskWare.IFEOHijack) -> Data:  -> Delete on reboot. [d915936e5b3f96a0f1da47842fd4ac54]

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\ProgramData\374311380 (Rogue.Multiple) -> Delete on reboot. [9c5210f10e8cfb3b0951702645bd21df]

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2016.06.27.03
  rootkit: v2016.05.27.01

Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.18350
Heinz :: HZMOPC [administrator]

27.06.2016 14:04:33
mbar-log-2016-06-27 (14-04-33).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 530694
Time elapsed: 14 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

cosinus · 28.06.2016, 10:56

Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!

1. Schritt: adwCleaner

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

hzmo · 28.06.2016, 16:55

Beim Neustart am 28.06.2016, 1739 folgende Meldung erhalten:
Nachricht von F-Secure: "Bösartiger Code in Datei C\Windows\Temp\WAX2A47.tmp gefunden. Infektion:Gen.Trojan.Heur.FU.UuZ@a4dC5Hh"

Code:

ATTFilter

# AdwCleaner v5.200 - Bericht erstellt am 28/06/2016 um 17:27:13
# Aktualisiert am 14/06/2016 von ToolsLib
# Datenbank : 2016-06-26.1 [Server]
# Betriebssystem : Windows 8.1 Pro  (X64)
# Benutzername : Heinz - HZMOPC
# Gestartet von : C:\Users\Heinz\Downloads\AdwCleaner_5.200.exe
# Option : Löschen
# Unterstützung : https://toolslib.net/forum

***** [ Dienste ] *****


***** [ Ordner ] *****


***** [ Dateien ] *****


***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Verknüpfungen ] *****


***** [ Aufgabenplanung ] *****


***** [ Registrierungsdatenbank ] *****

[-] Schlüssel gelöscht : HKCU\Software\Classes\keepmysearch

***** [ Internetbrowser ] *****


*************************

:: "Tracing" Schlüssel gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [964 Bytes] - [28/06/2016 17:27:13]
C:\AdwCleaner\AdwCleaner[S1].txt - [989 Bytes] - [28/06/2016 17:25:20]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1108 Bytes] ##########

Code:

ATTFilter

# AdwCleaner v5.200 - Bericht erstellt am 28/06/2016 um 17:25:20
# Aktualisiert am 14/06/2016 von ToolsLib
# Datenbank : 2016-06-26.1 [Server]
# Betriebssystem : Windows 8.1 Pro  (X64)
# Benutzername : Heinz - HZMOPC
# Gestartet von : C:\Users\Heinz\Downloads\AdwCleaner_5.200.exe
# Option : Suchlauf
# Unterstützung : https://toolslib.net/forum

***** [ Dienste ] *****


***** [ Ordner ] *****


***** [ Dateien ] *****


***** [ DLL ] *****


***** [ WMI ] *****


***** [ Verknüpfungen ] *****


***** [ Aufgabenplanung ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel gefunden : HKCU\Software\Classes\keepmysearch
Schlüssel gefunden : HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\Software\Classes\keepmysearch

***** [ Internetbrowser ] *****


*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [839 Bytes] - [28/06/2016 17:25:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [911 Bytes] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 8.1 Pro x64 
Ran by Heinz (Administrator) on 28.06.2016 at 17:35:26,72
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 10 

Successfully deleted: C:\ProgramData\drivergenius (Folder) 
Successfully deleted: C:\ProgramData\Start Menu\Programs\tuneup utilities 2014.lnk (Shortcut) 
Successfully deleted: C:\Users\Heinz\AppData\Local\crashrpt (Folder) 
Successfully deleted: C:\Users\Heinz\AppData\Local\delta (Folder) 
Successfully deleted: C:\Users\Heinz\Appdata\LocalLow\delta (Folder) 
Successfully deleted: C:\Users\Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\cfdolx5l.default\user.js (File) 
Successfully deleted: C:\Users\Heinz\Documents\optimizer pro (Folder) 
Successfully deleted: C:\Users\Public\Desktop\tuneup utilities 2014.lnk (Shortcut) 
Successfully deleted: C:\Windows\system32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 (Task)
Successfully deleted: C:\Program Files (x86)\delta (Folder) 

Deleted the following from C:\Users\Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\cfdolx5l.default\prefs.js
user_pref(browser.urlbar.suggest.searches, true);
user_pref(extensions.xpiState, {\app-profile\:{\cliqz@cliqz.com\:{\d\:\C:\\\\Users\\\\Heinz\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\cfdolx5l.defau



Registry: 2 

Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\0c632643 (Registry Key) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8E62A01D-BA7B-48D5-B636-0DF419EFEDBF} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28.06.2016 at 17:37:05,98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Gruss hzmo

cosinus · 28.06.2016, 20:33

Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Untersuchen klicken

hzmo · 29.06.2016, 07:25

Beim Neustart am 29.06.2016, 0807 folgende Meldung erhalten:
Nachricht von F-Secure: "Bösartiger Code usw.

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 28-06-2016
durchgeführt von Heinz (Administrator) auf HZMOPC (29-06-2016 08:15:55)
Gestartet von C:\Users\Heinz\Downloads
Geladene Profile: Heinz (Verfügbare Profile: Heinz & Dennis & _ashbackup_)
Platform: Windows 8.1 Pro (Update) (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\NCS2\WMIProv\ncs2prov.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fslauncher.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSHDLL64.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fslauncher.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fssm32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6827664 2012-08-07] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [7477016 2013-04-25] (Logitech Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2991856 2013-02-21] (Logitech, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-03-22] (Intel Corporation)
HKLM\...\Run: [iTunesHelper] => D:\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.)
HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\RAPID\CacheFilter\SamsungRapidApp.exe [281776 2014-09-16] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [Ashampoo Uninstaller 6 Guard] => C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 6\UI6Guard.exe [2369384 2016-01-20] (Ashampoo Development GmbH & Co. KG)
HKLM\...\Run: [Ashampoo Backup] => D:\Ashampoo\Neuer Ordner\Ashampoo Backup 2016\bin\backupClient-ab.exe [323392 2016-04-21] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-04-22] (Apple Inc.)
HKLM-x32\...\Run: [F-Secure Manager] => C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE [306216 2015-05-26] (F-Secure Corporation)
HKLM-x32\...\Run: [My Swisscom Assistant] => C:\Program Files (x86)\Swisscom\My Swisscom Assistant\MySwisscomAssistant_Launcher.exe [12028512 2015-06-03] (Swisscom (Schweiz) AG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [F-Secure Hoster (666)] => C:\Program Files (x86)\F-Secure\fshoster32.exe [193064 2015-06-10] (F-Secure Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2016-04-22] (Apple Inc.)
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-04-22] (Apple Inc.)
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Run: [TomTomHOME.exe] => D:\tomtommazda\\TomTom HOME 2\TomTomHOMERunner.exe [248176 2014-06-05] (TomTom)
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Run: [Steam] => D:\Program Files (x86)\Steam\Steam.exe [3077712 2016-03-31] (Valve Corporation)
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Run: [EADM] => D:\Origin\Origin.exe [3632112 2015-07-25] (Electronic Arts)
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2016-04-22] (Apple Inc.)
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe [882872 2016-05-27] (Adobe Systems Incorporated)
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2016-04-22] (Apple Inc.)
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Run: [Amazon Cloud Drive] => C:\Users\Heinz\AppData\Local\Amazon Cloud Drive\AmazonCloudDrive.exe [2057912 2016-04-20] (Amazon.com Inc.)
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Run: [Amazon Music] => C:\Users\Heinz\AppData\Local\Amazon Music\Amazon Music Helper.exe [5907944 2016-03-04] ()
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110376 2016-04-18] (Siber Systems)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
IFEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\backupclient-ab.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\driveclone.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\h5_game.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\hamachi-2-ui.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\hmpalert.exe: [Debugger] 
IFEO\hp officejet 6700.exe: [Debugger] 
IFEO\hpcustpartic.exe: [Debugger] 
IFEO\hpqdtss.exe: [Debugger] 
IFEO\hpwucli.exe: [Debugger] 
IFEO\lcore.exe: [Debugger] 
IFEO\photoproduct.exe: [Debugger] 
IFEO\pmbbrowser.exe: [Debugger] 
IFEO\pmbinit.exe: [Debugger] 
IFEO\powersuitestart.exe: [Debugger] 
IFEO\registrationreminder.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\simplicheck.exe: [Debugger] 
IFEO\tomtomhome.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\uninst.exe: [Debugger] 
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Heinz\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-05-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Heinz\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-05-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Heinz\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-05-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Heinz\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-05-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Heinz\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-05-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Heinz\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-05-20] (Microsoft Corporation)
Startup: C:\Users\Heinz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2015-09-30]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Heinz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk [2013-07-15]
ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1F42AC83-657C-4455-BFB5-ADEB03FE13E9}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://localoem.msn.com
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.steg-electronics.ch
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {8E62A01D-BA7B-48D5-B636-0DF419EFEDBF} URL = 
SearchScopes: HKU\S-1-5-21-3496421778-4022263089-3498141264-1002 -> DefaultScope {8E62A01D-BA7B-48D5-B636-0DF419EFEDBF} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2013-05-30] (Microsoft Corporation)
BHO: Browsing Protection -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https64.dll [2015-06-15] (F-Secure Corporation)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-04-18] (Siber Systems Inc.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2013-02-21] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2013-05-30] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2013-05-30] (Microsoft Corporation)
BHO-x32: Browsing Protection -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https.dll [2015-06-15] (F-Secure Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-04-18] (Siber Systems Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-10] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2013-02-21] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2013-05-30] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-10] (Oracle Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-04-18] (Siber Systems Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-04-18] (Siber Systems Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10] (Microsoft Corporation.)
Toolbar: HKU\.DEFAULT -> Kein Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  Keine Datei
Toolbar: HKU\S-1-5-21-3496421778-4022263089-3498141264-1002 -> Kein Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  Keine Datei
Toolbar: HKU\S-1-5-21-3496421778-4022263089-3498141264-1002 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-04-18] (Siber Systems Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2013-05-30] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\cfdolx5l.default
FF Homepage: hxxps://www.google.ch/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-17] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [Keine Datei]
FF Plugin: @videolan.org/vlc,version=2.0.8 -> D:\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> D:\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> D:\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> D:\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-17] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Users\Heinz\Picasa3\npPicasa3.dll [2015-08-26] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-31] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-31] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-31] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-10] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-05-30] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @myriad-online.com/x-myriad-music -> C:\Program Files (x86)\Mozilla Firefox\Plugins\npMyrMus.dll [2013-10-03] (Myriad Software.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-01-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-01-23] (NVIDIA Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2013-09-17] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3496421778-4022263089-3498141264-1002: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2016-04-18] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPMyrMus.dll [2013-10-03] (Myriad Software.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Extension: Cliqz - C:\Users\Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\cfdolx5l.default\Extensions\cliqz@cliqz.com.xpi [2015-12-22]
FF Extension: iCloud Bookmarks - C:\Users\Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\cfdolx5l.default\Extensions\firefoxdav@icloud.com [2015-05-29]
FF Extension: Trusted Shops Add-On für Firefox - C:\Users\Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\cfdolx5l.default\Extensions\jid1-PBNne26X1Kn6hQ@jetpack.xpi [2015-10-28]
FF Extension: F_Secure Search - C:\Users\Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\cfdolx5l.default\Extensions\{46CD8256-0A40-41da-ACB6-795587A6ED34}.xpi [2015-12-27]
FF Extension: My Swisscom Assistant - C:\Users\Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\cfdolx5l.default\Extensions\{6A6114A5-EEF5-45F4-BCD1-B00A7B33E04B} [2016-04-08] [ist nicht signiert]
FF Extension: Adblock Plus - C:\Users\Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\cfdolx5l.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-16]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-07-15] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [{ae12ab8e-5c48-4aba-b5e2-cacd84ff0f26}] - C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\deploy\fs_firefox_https
FF Extension: Browsing Protection - C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\deploy\fs_firefox_https [2014-12-06] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
FF Extension: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi [2016-04-18]
FF HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Firefox\Extensions: [safesearch@f-secure.com] - C:\Users\Heinz\AppData\Roaming\F-Secure\SafeSearch\FFPlugIn
FF Extension: F-Secure Search - C:\Users\Heinz\AppData\Roaming\F-Secure\SafeSearch\FFPlugIn [2014-02-25] [ist nicht signiert]
FF HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\cfdolx5l.default\extensions\cliqz@cliqz.com => nicht gefunden
FF HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi

Chrome: 
=======
CHR Profile: C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-16]
CHR Extension: (Google Docs) - C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-16]
CHR Extension: (Google Drive) - C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-16]
CHR Extension: (YouTube) - C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-16]
CHR Extension: (Google-Suche) - C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-16]
CHR Extension: (Logitech SetPoint) - C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2015-05-16]
CHR Extension: (Google Tabellen) - C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-16]
CHR Extension: (Bookmark Manager) - C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-16]
CHR Extension: (Browsing Protection by F-Secure) - C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjjnhpacphpjmnnlnccpfmhkcloaade [2015-05-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-16]
CHR Extension: (Google Wallet) - C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-16]
CHR Extension: (Google Mail) - C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-16]
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2013-07-15]
CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - C:/Program Files (x86)/F-Secure/apps/CCF_Scanning/bin/browser/install/fs_chrome_https/fs_chrome_https.crx [2014-11-27]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S4 ashbackup; d:\Ashampoo\Neuer Ordner\Ashampoo Backup 2016\bin\backupService-ab.exe [32064 2016-04-21] ()
S4 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [Datei ist nicht signiert]
S4 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [Datei ist nicht signiert]
S4 FSDcSvc; C:\Program Files (x86)\FarStone DriveClone\Files\FsSvcExe.exe [338944 2013-06-20] (FarStone Inc.) [Datei ist nicht signiert]
R2 fshoster; C:\Program Files (x86)\F-Secure\fshoster32.exe [193064 2015-06-10] (F-Secure Corporation)
R3 FSMA; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE [216104 2015-05-26] (F-Secure Corporation)
R2 FSORSPClient; C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe [60456 2015-03-09] (F-Secure Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-12] (NVIDIA Corporation)
S4 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2014-08-10] (SurfRight B.V.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28552 2016-04-26] (Hewlett-Packard Company)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Datei ist nicht signiert]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-31] (Intel Corporation)
S3 m2UpdateService_{F8F85656-87B0-43BD-B2BA-3B7982C22B5E}; C:\Program Files (x86)\Swisscom\My Swisscom Assistant\m2UpdateService.exe [12022368 2015-06-03] (Swisscom (Schweiz) AG)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-12] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-12] (NVIDIA Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1872568 2013-04-19] (Microsoft Corporation)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [2007048 2015-07-25] (Electronic Arts)
R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [28848 2014-09-16] (Samsung Electronics Co., Ltd.)
S4 TomTomHOMEService; D:\tomtommazda\TomTom HOME 2\TomTomHOMEService.exe [93040 2014-06-05] (TomTom)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2015-06-25] (TuneUp Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S0 asahci64; C:\Windows\System32\drivers\asahci64.sys [47512 2013-01-10] (Asmedia Technology)
R0 asstor64; C:\Windows\System32\drivers\asstor64.sys [82232 2013-11-25] (Asmedia Technology)
R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c64x64.sys [468240 2013-08-21] (Intel Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 F-Secure Gatekeeper; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [203304 2015-07-10] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys [71080 2015-07-07] (F-Secure Corporation)
S3 FARMNTIO; c:\windows\system32\drivers\farmntio.sys [25144 2013-04-11] () [Datei ist nicht signiert]
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [55336 2015-07-10] ()
R0 fsbts; C:\Windows\SysWOW64\Drivers\fsbts.sys [42248 2013-06-25] ()
R3 fsni; C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\fsni64.sys [95784 2015-06-15] (F-Secure Corporation)
R1 fsvista; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [13352 2014-06-24] ()
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [44296 2015-03-30] (LogMeIn Inc.)
R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2014-08-10] ()
S3 IAMTVE; C:\Windows\System32\drivers\IAMTVE.sys [43416 2007-04-12] (Intel Corporation)
S3 LcUvcUpper; C:\Windows\system32\DRIVERS\LcUvcUpper.sys [34424 2015-02-09] (Microsoft Corporation)
R3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.)
S3 MarvinBus; C:\Windows\System32\drivers\MarvinBus64.sys [261120 2005-09-23] (Pinnacle Systems GmbH) [Datei ist nicht signiert]
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [116736 2014-02-19] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [268976 2014-09-16] (Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [111280 2014-09-16] (Samsung Electronics Co., Ltd.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [31144 2015-06-04] (TuneUp Software)
R2 UI5IFS; C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 6\IFS64.sys [31320 2016-01-20] ()
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [71680 2014-04-30] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-06-29 08:15 - 2016-06-29 08:15 - 00034246 _____ C:\Users\Heinz\Downloads\FRST.txt
2016-06-29 08:14 - 2016-06-29 08:14 - 00000000 ____D C:\Users\Heinz\Downloads\FRST-OlderVersion
2016-06-28 17:37 - 2016-06-28 17:37 - 00001893 _____ C:\Users\Heinz\Desktop\JRT.txt
2016-06-28 17:33 - 2016-06-28 17:33 - 01610816 _____ (Malwarebytes) C:\Users\Heinz\Downloads\JRT.exe
2016-06-28 17:20 - 2016-06-28 17:20 - 03703360 _____ C:\Users\Heinz\Downloads\AdwCleaner_5.200.exe
2016-06-27 12:54 - 2016-06-27 17:02 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-06-27 12:54 - 2016-06-27 14:04 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-27 12:54 - 2016-06-27 12:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-27 12:53 - 2016-06-29 08:13 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-06-27 12:53 - 2016-06-27 16:55 - 00000000 ____D C:\Users\Heinz\Desktop\mbar
2016-06-27 12:52 - 2016-06-27 12:52 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Heinz\Downloads\mbar-1.09.3.1001.exe
2016-06-27 07:50 - 2016-06-27 07:50 - 00053880 _____ C:\Users\Heinz\Desktop\FRST.txt
2016-06-27 07:49 - 2016-06-29 08:15 - 00000000 ____D C:\Users\Heinz\Desktop\PC Untersuchung
2016-06-27 07:37 - 2016-06-27 07:37 - 00064391 _____ C:\Users\Heinz\Downloads\Addition.txt
2016-06-27 07:36 - 2016-06-29 08:15 - 00000000 ___DC C:\FRST
2016-06-27 07:35 - 2016-06-29 08:14 - 02389504 ____C (Farbar) C:\Users\Heinz\Downloads\FRST64.exe
2016-06-26 09:41 - 2016-06-27 07:23 - 00000000 ____D C:\Users\Heinz\AppData\Local\FSDART
2016-06-20 18:02 - 2016-06-20 18:02 - 00152173 _____ C:\Users\Heinz\Downloads\Vorlage_Finanzplan.xlsx
2016-06-15 23:09 - 2016-05-12 20:38 - 00135336 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-06-15 23:09 - 2016-05-12 19:43 - 00115704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-06-15 23:09 - 2016-05-12 18:24 - 00678912 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2016-06-15 23:09 - 2016-05-12 18:17 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-06-15 23:09 - 2016-05-12 18:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.dll
2016-06-15 23:09 - 2016-05-12 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-06-15 23:09 - 2016-05-12 18:07 - 01360896 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-06-15 23:09 - 2016-05-12 17:59 - 00398848 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-06-15 23:09 - 2016-05-12 17:48 - 00580096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll
2016-06-15 23:09 - 2016-05-12 17:43 - 00291328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-06-15 23:09 - 2016-05-12 17:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.dll
2016-06-15 23:09 - 2016-05-12 17:37 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-06-15 23:09 - 2016-05-06 17:45 - 00748544 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-06-15 23:09 - 2016-05-06 17:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-06-15 23:08 - 2016-06-03 19:11 - 00472576 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-06-15 23:08 - 2016-06-03 15:38 - 01413120 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-06-15 23:08 - 2016-06-02 19:51 - 00050352 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-06-15 23:08 - 2016-05-29 17:04 - 01204224 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-06-15 23:08 - 2016-05-29 17:04 - 00569856 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-06-15 23:08 - 2016-05-29 17:04 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-06-15 23:08 - 2016-05-29 17:04 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-06-15 23:08 - 2016-05-29 17:04 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-06-15 23:08 - 2016-05-29 17:04 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-06-15 23:08 - 2016-05-21 19:28 - 25802752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-15 23:08 - 2016-05-21 18:57 - 20341248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-06-15 23:08 - 2016-05-21 00:09 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-15 23:08 - 2016-05-21 00:08 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-15 23:08 - 2016-05-21 00:02 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-15 23:08 - 2016-05-20 23:57 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-06-15 23:08 - 2016-05-20 23:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-06-15 23:08 - 2016-05-20 23:54 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-06-15 23:08 - 2016-05-20 23:50 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-06-15 23:08 - 2016-05-20 23:44 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-06-15 23:08 - 2016-05-20 23:29 - 13815808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-06-15 23:08 - 2016-05-20 23:27 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-06-15 23:08 - 2016-05-20 23:25 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-06-15 23:08 - 2016-05-20 23:25 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2016-06-15 23:08 - 2016-05-20 23:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-06-15 23:08 - 2016-05-20 23:21 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2016-06-15 23:08 - 2016-05-20 23:19 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-06-15 23:08 - 2016-05-20 23:16 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-06-15 23:08 - 2016-05-20 23:14 - 04610048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-06-15 23:08 - 2016-05-20 23:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-06-15 23:08 - 2016-05-20 23:11 - 15420928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-15 23:08 - 2016-05-20 23:11 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-06-15 23:08 - 2016-05-20 23:09 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-06-15 23:08 - 2016-05-20 23:09 - 00379392 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-06-15 23:08 - 2016-05-20 23:08 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-06-15 23:08 - 2016-05-20 23:08 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-15 23:08 - 2016-05-20 23:06 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-15 23:08 - 2016-05-20 22:46 - 02597888 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-15 23:08 - 2016-05-20 22:42 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-06-15 23:08 - 2016-05-20 22:38 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-06-15 23:08 - 2016-05-20 22:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-06-15 23:08 - 2016-05-20 22:34 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-15 23:08 - 2016-05-20 22:23 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-06-15 23:08 - 2016-05-19 01:15 - 01379040 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-15 23:08 - 2016-05-18 22:35 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-06-15 23:08 - 2016-05-18 07:31 - 00372568 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-15 23:08 - 2016-05-18 07:31 - 00315224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-06-15 23:08 - 2016-05-16 23:13 - 00563016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-06-15 23:08 - 2016-05-16 23:13 - 00397224 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-06-15 23:08 - 2016-05-16 23:13 - 00340872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-06-15 23:08 - 2016-05-16 23:13 - 00178008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-06-15 23:08 - 2016-05-14 22:01 - 00363104 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-15 23:08 - 2016-05-14 22:01 - 00320720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-06-15 23:08 - 2016-05-14 01:09 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-06-15 23:08 - 2016-05-14 01:07 - 00675328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-15 23:08 - 2016-05-14 01:07 - 00416768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-15 23:08 - 2016-05-14 01:07 - 00281088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-15 23:08 - 2016-05-14 01:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-15 23:08 - 2016-05-14 01:04 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-15 23:08 - 2016-05-14 00:34 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-06-15 23:08 - 2016-05-14 00:19 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-06-15 23:08 - 2016-05-13 23:58 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-15 23:08 - 2016-05-13 23:58 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-06-15 23:08 - 2016-05-13 23:45 - 00802816 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-15 23:08 - 2016-05-13 23:35 - 00286208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-06-15 23:08 - 2016-05-13 23:26 - 00631808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-06-15 23:08 - 2016-05-09 23:35 - 07075328 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2016-06-15 23:08 - 2016-05-09 22:56 - 05270016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2016-06-15 23:08 - 2016-05-09 22:45 - 07793152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-06-15 23:08 - 2016-05-09 22:23 - 05265920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-06-15 23:08 - 2016-04-14 17:25 - 02778624 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-06-15 23:08 - 2016-04-14 17:11 - 02464768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-06-15 23:08 - 2016-04-12 17:46 - 14467584 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-06-15 23:08 - 2016-04-12 17:30 - 12879872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-06-15 23:08 - 2016-01-31 21:17 - 00118624 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-06-15 23:08 - 2016-01-31 20:07 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-06-15 23:08 - 2016-01-31 19:42 - 03320832 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-06-15 23:08 - 2016-01-31 19:14 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-06-13 17:11 - 2016-06-28 17:27 - 00000000 ___DC C:\AdwCleaner
2016-06-12 09:18 - 2016-06-12 09:19 - 34810488 _____ (Mozilla) C:\Users\Heinz\Downloads\Thunderbird Setup 45.1.1(1).exe
2016-06-08 08:39 - 2016-06-08 08:39 - 34950056 _____ (Mozilla) C:\Users\Heinz\Downloads\Thunderbird Setup 45.1.1.exe

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-06-29 08:16 - 2013-06-03 07:59 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-29 08:15 - 2014-08-10 23:14 - 00000000 ____D C:\Windows\CryptoGuard
2016-06-29 08:15 - 2013-09-30 06:14 - 01780340 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-29 08:15 - 2013-09-30 05:56 - 00765378 _____ C:\Windows\system32\perfh007.dat
2016-06-29 08:15 - 2013-09-30 05:56 - 00159696 _____ C:\Windows\system32\perfc007.dat
2016-06-29 08:15 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
2016-06-29 08:08 - 2015-11-01 18:09 - 00005130 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for HZMOPC-Heinz hzmopc
2016-06-29 08:08 - 2013-11-19 10:48 - 00000000 ____D C:\ProgramData\NVIDIA
2016-06-29 08:08 - 2013-09-09 15:14 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-29 08:08 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-29 08:08 - 2013-05-30 14:34 - 00000000 __RDO C:\Users\Heinz\SkyDrive
2016-06-28 17:48 - 2013-09-09 15:14 - 00001132 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-28 17:39 - 2013-06-06 12:44 - 00000000 ____D C:\Users\Heinz\AppData\Local\CrashDumps
2016-06-28 17:32 - 2015-12-04 19:54 - 00003556 _____ C:\Windows\System32\Tasks\Delta Updater
2016-06-28 17:27 - 2013-08-22 15:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2016-06-28 17:04 - 2013-11-23 10:21 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{50690F22-4F3F-458D-88CA-21FDB97DDD78}
2016-06-28 17:01 - 2016-04-05 00:41 - 00000346 _____ C:\Windows\Tasks\HPCeeScheduleForHeinz.job
2016-06-28 06:09 - 2016-04-05 00:41 - 00003160 _____ C:\Windows\System32\Tasks\HPCeeScheduleForHeinz
2016-06-27 13:53 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2016-06-26 09:41 - 2013-08-05 21:08 - 00000000 ____D C:\Users\Heinz\AppData\Local\F-Secure
2016-06-26 09:41 - 2013-06-25 14:17 - 00000000 ____D C:\ProgramData\F-Secure
2016-06-25 11:47 - 2016-03-03 17:56 - 00000000 ____D C:\Users\Heinz\iTunes
2016-06-24 15:00 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2016-06-24 14:59 - 2013-10-01 14:41 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-06-24 14:59 - 2013-10-01 14:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-06-23 19:11 - 2015-04-27 18:45 - 00000000 ____D C:\Users\Heinz\Desktop\Verein
2016-06-23 18:37 - 2013-05-30 11:24 - 00000000 ____D C:\Users\Heinz\AppData\Local\Packages
2016-06-23 17:23 - 2013-05-30 11:31 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3496421778-4022263089-3498141264-1002
2016-06-23 16:35 - 2013-10-01 14:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-06-23 16:32 - 2013-06-24 08:00 - 00003416 _____ C:\Windows\System32\Tasks\Apple Diagnostics
2016-06-18 15:36 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-17 18:29 - 2012-07-26 09:59 - 00000000 ____D C:\Windows\CbsTemp
2016-06-17 07:16 - 2013-06-03 07:59 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-06-16 09:11 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2016-06-15 23:22 - 2016-01-23 19:16 - 00573472 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-15 23:21 - 2014-12-12 09:42 - 00000000 ____D C:\Windows\system32\appraiser
2016-06-15 23:21 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ToastData
2016-06-15 23:18 - 2013-08-15 15:10 - 00000000 ____D C:\Windows\system32\MRT
2016-06-15 23:16 - 2013-04-23 15:31 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-14 19:13 - 2013-08-22 17:38 - 00828408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-06-14 19:13 - 2013-08-22 17:38 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-13 08:24 - 2013-12-29 14:31 - 00000000 ____D C:\Users\Heinz\AppData\Local\Microsoft Help
2016-06-13 07:18 - 2016-05-08 09:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-13 07:18 - 2013-05-30 12:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-12 09:19 - 2016-04-18 10:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-06-12 09:19 - 2013-05-30 12:00 - 00001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2016-06-12 09:19 - 2013-05-30 12:00 - 00001220 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2016-06-09 17:38 - 2013-11-09 13:48 - 00000000 ____D C:\Users\Heinz\Documents\vortrag
2016-06-07 22:01 - 2014-09-16 21:21 - 00001453 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-06-07 22:01 - 2014-09-16 21:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-06-07 22:01 - 2013-06-20 21:01 - 00000000 ___DC C:\Program Files\Common Files\Apple
2016-06-07 14:39 - 2013-11-19 10:49 - 00000000 ____D C:\Users\Heinz
2016-06-02 11:44 - 2015-09-16 16:17 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2013-06-02 10:51 - 2013-11-14 22:49 - 0004198 _____ () C:\Users\Heinz\AppData\Roaming\HZMOPC.MTBF.txt
2013-11-26 15:01 - 2013-11-26 15:01 - 0001099 _____ () C:\Users\Heinz\AppData\Roaming\ShiftN.ini
2013-06-02 10:51 - 2013-11-14 22:52 - 0000902 _____ () C:\Users\Heinz\AppData\Roaming\__AvidCloudManager.log
2013-06-02 10:51 - 2013-10-02 21:24 - 0000902 _____ () C:\Users\Heinz\AppData\Roaming\__AvidCloudManagerPrevious.log
2013-06-02 12:18 - 2016-05-12 20:48 - 0059392 _____ () C:\Users\Heinz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-04 20:35 - 2014-10-04 20:35 - 0000858 _____ () C:\Users\Heinz\AppData\Local\recently-used.xbel
2014-10-22 21:29 - 2014-10-22 21:29 - 0007027 _____ () C:\Users\Heinz\AppData\Local\soulseek-client.dat.1414006152383
2015-01-20 22:01 - 2015-01-20 22:01 - 0007027 _____ () C:\Users\Heinz\AppData\Local\soulseek-client.dat.1421784116922
2015-11-27 20:08 - 2015-11-27 20:08 - 0007027 _____ () C:\Users\Heinz\AppData\Local\soulseek-client.dat.1448647737866
2013-06-10 16:15 - 2013-06-10 16:15 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-06-25 20:59 - 2015-05-06 15:38 - 95609776 _____ (mquadr.at software engineering & consulting GmbH) C:\ProgramData\MSASetup.exe

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\ProgramData\MSASetup.exe


Einige Dateien in TEMP:
====================
C:\Users\Heinz\AppData\Local\Temp\libeay32.dll
C:\Users\Heinz\AppData\Local\Temp\msvcr120.dll
C:\Users\Heinz\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-06-27 17:35

==================== Ende von FRST.txt ============================

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 28-06-2016
durchgeführt von Heinz (2016-06-29 08:16:10)
Gestartet von C:\Users\Heinz\Downloads
Windows 8.1 Pro (Update) (X64) (2013-11-19 09:24:02)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3496421778-4022263089-3498141264-500 - Administrator - Disabled)
Dennis (S-1-5-21-3496421778-4022263089-3498141264-1008 - Limited - Enabled) => C:\Users\Dennis
Gast (S-1-5-21-3496421778-4022263089-3498141264-501 - Limited - Disabled)
Heinz (S-1-5-21-3496421778-4022263089-3498141264-1002 - Administrator - Enabled) => C:\Users\Heinz
HomeGroupUser$ (S-1-5-21-3496421778-4022263089-3498141264-1006 - Limited - Enabled)
_ashbackup_ (S-1-5-21-3496421778-4022263089-3498141264-1010 - Administrator - Enabled) => C:\Users\_ashbackup_

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Antivirus (Enabled - Up to date) {0F70A6C4-76E4-6A3B-2695-519F428B1C20}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Antivirus (Enabled - Up to date) {B4114720-50DE-65B5-1C25-6AED390C569D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Amazon Cloud Drive (HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Amazon Cloud Drive) (Version: 3.4.0.36 - Amazon.com, Inc.)
Amazon Music (HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Amazon Amazon Music) (Version: 4.2.0.1281 - Amazon Services LLC)
Anno 2205 (HKLM-x32\...\Uplay Install 1253) (Version:  - Ubisoft)
Any Video Converter Professional 5.8.4 (HKLM-x32\...\Any Video Converter Professional_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (32-Bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Ashampoo Backup 2016 (HKLM\...\{FDAE1FAD-57F8-6DCD-940E-885B7FB1CE43}_is1) (Version: 10.01 - Ashampoo GmbH & Co. KG)
Ashampoo Burning Studio 2015 (HKLM-x32\...\{91B33C97-21E3-DF34-9630-2EE80DDE1648}_is1) (Version: 1.15.3 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Commander 14 (HKLM-x32\...\{C92AB6F1-616B-A905-B3D2-3B7C238851DC}_is1) (Version: 14.0.5 - Ashampoo GmbH & Co. KG)
Ashampoo UnInstaller 6 (HKLM-x32\...\{4209F371-7DE5-9DF2-5DEF-91667EBBBBC5}_is1) (Version: 6.00.14 - Ashampoo GmbH & Co. KG)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 2.0.4.0000 - Asmedia Technology)
AudioCon (HKLM-x32\...\AudioCon) (Version: 1.0 - Basement Softworks)
Bing Bar (HKLM-x32\...\{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}) (Version: 7.1.361.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.76.0.2015 - Georgy Berdyshev)
cnlabSpeedTest (HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\{fxApplication}}_is1) (Version: 1.3.0 - cnlab AG)
Computer Security 14.139.100.0 (release) (x32 Version: 14.139.100.0 - F-Secure Corporation) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DriveClone 10 (HKLM-x32\...\{A1290B93-AB90-408C-A456-9AF508E7E345}) (Version: 10.0.0 - FarStone Technology Inc.)
EasyTax 2014 BL 1.1 (HKLM-x32\...\3597-1189-7869-6330) (Version: 1.1 - HWI Solutions AG)
EasyTax 2015 BL 1.0 (HKLM-x32\...\6608-8277-7051-6704) (Version: 1.0 - HWI Solutions AG)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Far Cry (OEM) (HKLM-x32\...\InstallShield_{F400BA3B-B134-4701-8536-68A99CD44F5A}) (Version: 1.00.0000 - Ihr Firmenname)
Far Cry (OEM) (x32 Version: 1.00.0000 - Ihr Firmenname) Hidden
Far Cry 3 Blood Dragon (HKLM-x32\...\{A071F478-73E0-4143-AE55-4DD6BABD74F5}) (Version: 1.00 - Ubisoft)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
F-Secure (HKLM-x32\...\F-Secure ServiceEnabler 666) (Version: 2.39.273.0 - F-Secure Corporation)
F-Secure (x32 Version: 2.39.273.0 - F-Secure Corporation) Hidden
F-Secure CCF Reputation (x32 Version: 2.0.1337.0 - F-Secure) Hidden
F-Secure CCF Scanning 1.66.103.568 (release) (x32 Version: 1.66.103.568 - F-Secure Corporation) Hidden
F-Secure Network CCF 1.03.139 (x32 Version: 1.03.139 - F-Secure Corporation) Hidden
F-Secure SafeSearch 1.05.143.0 (release) (x32 Version: 1.05.143.0 - F-Secure Corporation) Hidden
Galeria de Fotografias (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 2.6.5.77 - SurfRight B.V.)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 6700 - Grundlegende Software für das Gerät (HKLM\...\{9086D601-50B7-491D-A143-28193DADE36B}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6700 Hilfe (HKLM-x32\...\{50DA41E2-0701-43E2-A8BB-FAA0CB64B28B}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6700 Hilfe (HKLM-x32\...\{E1AE0CB7-1333-4728-8520-CB3F88A252B4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.2.8.25 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{8F1A441E-AD6D-4732-BD6A-F38D5F1D1E47}) (Version: 12.4.18.7 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{ADFDB647-35C0-4254-9EE6-2D9C3B7104BD}) (Version: 5.2.1.69 - Apple Inc.)
ifolor Designer (HKLM-x32\...\ifolor-Designer) (Version:  - Ifolor AG)
Intel(R) Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1168 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.10.1550 - Intel Corporation)
Intel(R) Network Connections 19.0.27.0 (HKLM\...\PROSetDX) (Version: 19.0.27.0 - Intel)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.0.1066 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Logitech Gaming Software 8.46 (HKLM\...\Logitech Gaming Software) (Version: 8.46.27 - Logitech Inc.)
Logitech SetPoint 6.52 (HKLM\...\sp6) (Version: 6.52.74 - Logitech)
MAGIX Content und Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Foto Designer 7 (HKLM-x32\...\MAGIX_{2DCD52EE-1AE1-4128-9819-A79F7D09B6B3}) (Version: 7.0.1.1 - MAGIX AG)
MAGIX Goya burnR (MSI) (HKLM-x32\...\MX.{EC410BDA-E943-453F-ABF5-DDEDA1D12D3B}) (Version: 4.3.2.0 - MAGIX Software GmbH)
MAGIX Goya burnR (MSI) (Version: 4.3.2.0 - MAGIX Software GmbH) Hidden
MAGIX MP3 deluxe MX Download-Version (HKLM-x32\...\MX.{CFC811BB-5AC4-4F00-A88B-6DED596C2B36}) (Version: 18.0.3.115 - MAGIX Software GmbH)
MAGIX MP3 deluxe MX Download-Version (Version: 18.0.3.115 - MAGIX Software GmbH) Hidden
MAGIX Music Maker 2015 Movie Score Edition Update (Version: 21.0.4.50 - MAGIX Software GmbH) Hidden
MAGIX Music Maker Movie Score Edition (HKLM-x32\...\MX.{692A8B82-1189-4DBF-B4C4-A285F4970E20}) (Version: 21.0.3.47 - MAGIX Software GmbH)
MAGIX Music Maker Movie Score Edition (Version: 21.0.3.47 - MAGIX Software GmbH) Hidden
MAGIX Music Maker Movie Score Edition Soundpools (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Screenshare (HKLM-x32\...\{4696FD4A-A0DF-4F84-BC9D-12D73E1D95D3}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Slideshow Maker 2 (HKLM-x32\...\MAGIX_{48897B17-3DD2-4BAA-A81D-4E4EA8E9FD51}) (Version: 2.0.1.9 - MAGIX AG)
MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{B6B4D918-A667-48D2-9AB6-FAF34FB25223}) (Version: 7.0.2.6 - MAGIX Software GmbH)
MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{FBE6F998-E9A0-4A15-974B-6592DCEEE7AC}) (Version: 7.0.2.6 - MAGIX Software GmbH)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2014 Premium (HKLM-x32\...\MX.{FBCA50BE-C022-45DA-9261-10230EC1012E}) (Version: 13.0.0.30 - MAGIX AG)
MAGIX Video deluxe 2014 Premium (NewBlueFX ColorFast) (HKLM-x32\...\MX.{D9D24F5F-1E36-48BE-9419-CF97B34AB063}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 2014 Premium (proDAD Heroglyph 4.0) (HKLM-x32\...\MX.{CFD52E6D-2AF5-495C-87E3-4D243FE202E7}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 2014 Premium (Version: 13.0.0.30 - MAGIX AG) Hidden
MAGIX Video deluxe 2015 Premium (HKLM\...\MX.{EAC79752-A0A4-45DB-9F99-9F6445920F77}) (Version: 14.0.0.140 - MAGIX Software GmbH)
MAGIX Video deluxe 2015 Premium (Version: 14.0.0.140 - MAGIX Software GmbH) Hidden
MAGIX Video easy TERRATEC Edition (HKLM-x32\...\MAGIX_{2FA06473-23F0-4372-8DD5-1EAE42503D93}) (Version: 3.0.1.50 - MAGIX AG)
MAGIX Video easy TERRATEC Edition (Version: 3.0.1.50 - MAGIX AG) Hidden
MAGIX Video Pro X7 (Designelemente) (HKLM\...\MX.{10FF2952-0E0E-48B3-A536-BB112AF2CB51}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video Pro X7 (Designelemente) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video Pro X7 (Filmvorlagen) (HKLM\...\MX.{515110FD-B44B-460B-AC42-63EBF05B6082}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video Pro X7 (Filmvorlagen) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video Pro X7 (Fotoshow Maker-Stile) (HKLM\...\MX.{AD8221A0-591D-4CBE-AA2A-FE0B705D148B}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video Pro X7 (Fotoshow Maker-Stile) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video Pro X7 (HKLM\...\MX.{317B58FE-6117-4601-913A-9BA64BCA6535}) (Version: 14.0.0.96 - MAGIX Software GmbH)
MAGIX Video Pro X7 (Individuelle Menüvorlagen) (HKLM\...\MX.{B174182A-7D02-4D1D-9AAE-F210FAF0692D}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video Pro X7 (Individuelle Menüvorlagen) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video Pro X7 (Menüvorlagen) (HKLM\...\MX.{585CA335-503C-4237-A4B2-F25F58A83D98}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video Pro X7 (Menüvorlagen) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video Pro X7 (proDAD Mercalli V4) (HKLM\...\MX.{5941BA8B-E170-4F1F-B42F-90F49E1C07F7}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video Pro X7 (proDAD Mercalli V4) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video Pro X7 (Soundtrack Maker-Stile) (HKLM\...\MX.{7B739F29-AB56-4898-92F7-F62816308A19}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video Pro X7 (Soundtrack Maker-Stile) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video Pro X7 (Titeleffekte) (HKLM\...\MX.{7384156B-EA84-4910-B4E1-611A83CF1B6E}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video Pro X7 (Titeleffekte) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video Pro X7 (Überblendeffekte) (HKLM\...\MX.{FACEE989-3F19-486A-AD92-D905EF0B790A}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video Pro X7 (Überblendeffekte) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video Pro X7 (Version: 14.0.0.96 - MAGIX Software GmbH) Hidden
MAGIX Video Pro X7 (Video deluxe - Designelemente) (HKLM\...\MX.{0F8A6506-BF6B-4876-9A75-B42628EC8A21}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video Pro X7 (Video deluxe - Designelemente) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video Pro X7 (Video deluxe - Fotoshow Maker-Stile) (HKLM\...\MX.{77E73225-F4FA-45EB-8A6E-63C956600BE2}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video Pro X7 (Video deluxe - Fotoshow Maker-Stile) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video Pro X7 (Video deluxe - Individuelle Menüvorlagen) (HKLM\...\MX.{76F5F102-A3E4-4A75-B692-5C98397B213E}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video Pro X7 (Video deluxe - Individuelle Menüvorlagen) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video Pro X7 (Video deluxe - Menüvorlagen) (HKLM\...\MX.{F8204A38-51E3-4C1C-A3F1-859D31ADC303}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video Pro X7 (Video deluxe - Menüvorlagen) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video Pro X7 (Video deluxe - Titeleffekte) (HKLM\...\MX.{C3D96884-356D-4CEE-B2EB-79D91DBC7BB5}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video Pro X7 (Video deluxe - Titeleffekte) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX VPX7 Update (Version: 14.0.0.143 - MAGIX Software GmbH) Hidden
MAGIX VPX7 Update (Version: 14.0.0.144 - MAGIX Software GmbH) Hidden
MAGIX VPX7 Update (Version: 14.0.0.145 - MAGIX Software GmbH) Hidden
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{8EC9E7BB-2443-49B1-8476-490EBF932C2E}) (Version: 4.25.512.0 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4505.1006 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\OneDriveSetup.exe) (Version: 17.3.6390.0509 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{E4A1FDA3-689D-44DA-9B39-86BD2270F522}) (Version: 11.2.5058.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{99AC7F47-A4E0-4706-9C65-8948775C2652}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Motion Graphics Toolkit for Studio (HKLM-x32\...\InstallShield_{178D71F4-DFB1-40EC-9D95-326FD8A3E7A0}) (Version: 1.00.0000 - Red Giant)
Motion Graphics Toolkit for Studio (x32 Version: 1.00.0000 - Red Giant) Hidden
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 47.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 de)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
Mozilla Thunderbird 45.1.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.1.1 (x86 de)) (Version: 45.1.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NewBlue Titler EX for MAGIX (HKLM-x32\...\NewBlue Titler EX for MAGIX) (Version: 1.0 - NewBlue)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.5 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 361.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 361.75 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.9.1.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.9.1.22 - NVIDIA Corporation)
NVIDIA Grafiktreiber 361.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.75 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA Miracast Virtueller Ton 361.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 361.75 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4505.1006 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4505.1006 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4505.1006 - Microsoft Corporation) Hidden
Online Safety 2.139.3446.2391 (x32 Version: 2.139.3446.2391 - F-Secure Corporation) Hidden
Opera Stable 25.0.1614.68 (HKLM-x32\...\Opera 25.0.1614.68) (Version: 25.0.1614.68 - Opera Software ASA)
Origin (HKLM-x32\...\Origin) (Version: 9.5.20.5318 - Electronic Arts, Inc.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.248 - Google, Inc.)
proDAD Mercalli NLE 4.0 (64bit) (HKLM\...\proDAD-MercalliPlugins-4.0) (Version: 4.0.446.1 - proDAD GmbH)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
RAPID Mode (Version: 1.0.1.81 - Samsung Electronics Co., Ltd.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6699 - Realtek Semiconductor Corp.)
RoboForm 7-9-18-5 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-18-5 - Siber Systems)
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.7 - Samsung)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
SHIELD Streaming (Version: 4.1.0260 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.9.1.22 - NVIDIA Corporation) Hidden
SoulseekQt (HKLM-x32\...\SoulseekQt) (Version:  - )
South Park™: The Stick of Truth™ (HKLM-x32\...\Steam App 213670) (Version:  - Obsidian Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Studie zur Verbesserung von HP Officejet 6700 Produkten (HKLM\...\{4EE2A4CB-47B0-4412-808C-D556E3940598}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
SuperEasy Video Converter 3 v.3.0.4355 (HKLM-x32\...\{039BC111-1514-CA51-10AA-5A3FFD6FC015}_is1) (Version: 3.0.4355 - SuperEasy Software GmbH & Co. KG)
System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
Tastaturschreiben (HKLM-x32\...\Tastaturschreiben) (Version:  - )
TERRATEC GRABBY (64 Bit) (HKLM-x32\...\{17CC47BB-ADA7-4EB3-B3D0-FFE461E0CEBE}) (Version: 5.201.1823.0 - TERRATEC)
TERRATEC GRABBY (HKLM-x32\...\{BD1F3804-4AB5-42A7-AF41-EACDB3498E21}) (Version: 5.201.1823.0 - )
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TreeSize Free V3.4.5 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.4.5 - JAM Software)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.353 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.353 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.353 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.4000.245 - TuneUp Software) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 2.1 - Ubisoft)
VideoCompressor (HKLM-x32\...\VideoCompressor_is1) (Version: 1.1 - Abelssoft)
Vita Soundtrack Percussion (Version: 2.4.0.78 - MAGIX Software GmbH) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows-Treiberpaket - TERRATEC  (USB28xxBGA) Media  (05/16/2013 5.2011.823.0) (HKLM\...\2752F9F448205AF04D07DBF6BD4573D7F4AC1CC6) (Version: 05/16/2013 5.2011.823.0 - TERRATEC )

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-3496421778-4022263089-3498141264-1002_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Heinz\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-3496421778-4022263089-3498141264-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Heinz\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {01B4A395-C721-4A23-9244-028CC636BA53} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-06-15] (HP Inc.)
Task: {040985C7-8EB9-44E3-9FC3-8201DCC45C00} - System32\Tasks\HPCustParticipation HP Officejet 6700 => C:\Program Files\HP\HP Officejet 6700\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {14D8BEF3-3A78-40F5-A0C5-BF08440437B8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {176D0E19-18C8-44BF-AD70-21B15311EAD0} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {19906C00-7BB0-4697-85F0-A5241156DDE0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {1B858D32-47AF-4346-9A48-FC707A8CAD02} - System32\Tasks\HP AR Program Upload - 71d09557f49845c4819c1f1125bced9aa9e9282175a340ca9707e67305f5d30e => C:\Program Files\HP\HP Officejet 6700\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {2B884A2F-14B7-45E2-BC89-BA5840D3BFE1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-05-04] (Hewlett-Packard)
Task: {2FF8340B-257F-4E57-A7A6-6A9754DC86A6} - System32\Tasks\Microsoft Office 15 Sync Maintenance for HZMOPC-Heinz hzmopc => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2013-05-30] (Microsoft Corporation)
Task: {3980ECEB-51CB-4337-93DA-07CA9A739F8D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {461E85AD-5314-4F98-AFDB-2617E0CA0110} - System32\Tasks\Microsoft\Office\Office First Run Task => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-04-19] (Microsoft Corporation)
Task: {555A9D48-E102-44E3-A4DA-D0E2A99420BC} - System32\Tasks\StPrsSW => C:\Users\Heinz\AppData\Roaming\StPrsSW\stprss.exe [2015-02-02] ()
Task: {5B242F86-2A0B-4F87-8166-29A3BFDAC914} - System32\Tasks\HP AR Program Upload - 39a8f325ba564aa490f517569e8e2227c54af47f02b24205963f347921dcee77 => C:\Program Files\HP\HP Officejet 6700\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {62BD0FFC-57AD-4881-9230-0D03346E94E2} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2016-04-22] (Apple Inc.)
Task: {69BE4B4A-C7D8-4120-9C0E-CDEF1E2688A4} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMNJPMMJPMLJJJNMNMCNJJJJMJGMCNLMGMKMJMCNHMMMGMLJCNJMJMLJNMJMLJJJOJNJKJMMLMJNJICMIMCNGMCNOMHMFMOMOMCNPMCNGMJMPMPMFMJMCNMMCNGMJMPMPMCNNMJNPICMOMFMEKMICNJJCKFMOMPMKMOMJNHICMMJBJKJLIMJJNBJCMHLKJGJBJFIPNCLAJMIKJNIJNKJCMJNNICMJNDJCM (Der Dateneintrag hat 59 mehr Zeichen).
Task: {84CEF426-1F77-48C1-B319-BDB78082B9B4} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-02-10] (Oracle Corporation)
Task: {8A6AEB72-3826-458C-8EFD-F1372C0FC34D} - System32\Tasks\HP AR Program Upload - 29ebc60cbff34f7dae210c0b8ee10017bbfcfeb19eb04dad925d15bd34f4e261 => C:\Program Files\HP\HP Officejet 6700\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {9114F1E6-E63B-4D88-8900-94B5068570D1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {996AB060-FB71-4ED2-B0D2-80B61DFB5DF5} - System32\Tasks\HP AR Program Upload - ff17f8f96ae04645b5eec2676c8d0cdd6aca98bc86aa4d3f8ff481017bb2c28f => C:\Program Files\HP\HP Officejet 6700\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {A12D8E59-7B37-471A-998F-532E1B5C06E9} - System32\Tasks\HPCeeScheduleForHeinz => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {A95E9785-E2A7-4793-9FCB-90056171DFCE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
Task: {B94ECC76-A2D4-455D-9F2A-783BD8A7BEB6} - System32\Tasks\HP AR Program Upload - 32a98d52cb614c84b7b3e7140479d6e21c13a210e7a9410fa08236c9d2af1014 => C:\Program Files\HP\HP Officejet 6700\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {B992F1F6-2B03-4213-A69E-BDC773B410FF} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3496421778-4022263089-3498141264-1002 => C:\Users\Heinz\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-05-20] (Microsoft Corporation)
Task: {BCBDCFBB-5A0F-4F38-8FAD-2C4D83FC2E5A} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-17] (Adobe Systems Incorporated)
Task: {BCF6FDCF-5226-4860-95FE-4B937FE65C5A} - System32\Tasks\HP AR Program Upload - ebba9a28e43440c189a411c4f132ff0ce3a8e1c0468845c98518daf9c19c45c0 => C:\Program Files\HP\HP Officejet 6700\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {C77DBD2E-EA93-4D17-895F-3E42E0B0DDBB} - System32\Tasks\Opera scheduled Autoupdate 1412931964 => C:\Program Files (x86)\Opera\launcher.exe [2014-10-29] (Opera Software)
Task: {D8665B13-A8C3-454B-96BB-D396B773CB2F} - System32\Tasks\Delta Updater => Wscript.exe //B "C:\Users\Heinz\AppData\Local\delta\delta\1.4.5.10\..\updt.js"
Task: {D8AEEC6D-7C86-4DCE-A7EF-0389B4D78AD5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {DD7C50F7-FF05-4868-88E7-ED3EB0388616} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-06-15] (Microsoft Corporation)
Task: {EB2F459A-2652-466F-8A7A-603472EF0F78} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {EEA5BC7C-7B22-414E-881A-3AFEBAA5691B} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2016-04-18] (Siber Systems)
Task: {F686723D-69C8-4312-B58E-52342FC8302D} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2013-05-30] (Hewlett-Packard)
Task: {FB9D831C-C0FC-4C93-9F46-43E3B6362922} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
Task: {FD0B5B48-459F-4A12-AF93-969C4AC6D7AC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-06-15] (HP Inc.)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForHeinz.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

Shortcut: C:\Users\Public\Desktop\CleverReach.com.lnk -> hxxp://swc.ashampoo.com/ikot/r.php?id=65 (Keine Datei)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2013-11-19 10:48 - 2016-01-23 03:04 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-01-28 18:14 - 2016-01-12 06:43 - 00291264 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2013-05-30 14:33 - 2013-02-23 16:46 - 00382608 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2013-05-30 14:33 - 2013-03-16 12:53 - 00515752 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2013-05-30 14:33 - 2013-03-16 12:53 - 00608424 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2015-06-25 07:53 - 2015-06-25 07:53 - 00699704 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2016-03-18 23:56 - 2016-03-18 23:56 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 01:08 - 2016-04-22 01:08 - 01047864 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-06-10 14:21 - 2015-06-10 14:21 - 00248872 _____ () C:\Program Files (x86)\F-Secure\daas2.dll
2015-07-30 22:18 - 2016-01-12 06:43 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2013-05-30 14:41 - 2013-05-30 14:43 - 00312976 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2013-05-30 14:41 - 2013-05-30 14:43 - 00356008 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\c2r32.dll
2013-05-30 14:41 - 2013-05-30 14:41 - 00312976 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2013-05-30 14:41 - 2013-05-30 14:41 - 00356008 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\c2r32.dll
2013-06-25 14:27 - 2015-05-26 16:47 - 00056360 _____ () C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\FSGUI\fsavures.eng
2013-06-25 14:32 - 2013-06-25 14:32 - 00030888 _____ () C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\hashlib_x86.dll
2013-06-25 14:27 - 2015-07-10 21:55 - 00212008 _____ () C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Spam Control\fsas.dll
2013-06-25 14:27 - 2015-05-26 16:47 - 00949288 _____ () C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fm4av.dll
2013-06-25 14:27 - 2015-05-26 16:47 - 00045608 _____ () C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\FSAVHRES.eng
2013-05-30 14:41 - 2013-05-30 14:41 - 00312976 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2013-05-30 14:41 - 2013-05-30 14:41 - 00356008 _____ () C:\Program Files\Microsoft Office 15\root\office15\c2r32.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData\TEMP:FCA8C9CD [274]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Heinz\AppData\Local\Ashampoo\Ashampoo Photo Commander 12\APCWallpaper.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\...\StartupApproved\StartupFolder: => "simplicheck.lnk"
HKLM\...\StartupApproved\Run: => "Launch LCore"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "SamsungRapidApp"
HKLM\...\StartupApproved\Run: => "Ashampoo Uninstaller 6 Guard"
HKLM\...\StartupApproved\Run: => "Ashampoo Backup"
HKLM\...\StartupApproved\Run32: => "LifeCam"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "PMBVolumeWatcher"
HKLM\...\StartupApproved\Run32: => "My Swisscom Assistant"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\StartupFolder: => "Logitech . Produktregistrierung.lnk"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\StartupFolder: => "Registration Heroes of Might & Magic 5.LNK"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\Run: => "RoboForm"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\Run: => "HP Officejet 6700 (NET)"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\Run: => "TomTomHOME.exe"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\Run: => "Adobe Reader Synchronizer"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\Run: => "iCloudPhotos"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\Run: => "Amazon Cloud Drive"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\Run: => "Amazon Music"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{555572DD-AC43-4DC5-A46D-808A2FE4C020}D:\soulseekqt\soulseekqt.exe] => (Allow) D:\soulseekqt\soulseekqt.exe
FirewallRules: [TCP Query User{9DD1B296-1F6C-4070-B63A-88675873C618}D:\soulseekqt\soulseekqt.exe] => (Allow) D:\soulseekqt\soulseekqt.exe
FirewallRules: [{19BD9E30-E5E5-48B5-A4F6-AFB653813F36}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5764869A-2D24-4FE9-AAB6-6692F26D74C6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D4651E7C-EC02-439C-9D6D-C48632C7D923}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1173C915-09C4-45FC-8F62-34BD91090817}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{85190660-E051-4E09-897E-CC81B0EB4A00}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{25B2A8C6-E80B-43C2-BB35-4F6536B9752A}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
FirewallRules: [{34DAD037-8A62-4C41-8D91-956163B2ED16}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\DeviceSetup.exe
FirewallRules: [{14AEB8D7-903F-4D06-ACB3-AB3991FBB3F5}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\SendAFax.exe
FirewallRules: [{543C245C-91EF-41BE-937A-2D885C739E3B}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\DigitalWizards.exe
FirewallRules: [{435BC9CC-59BB-4614-B9FB-546BE0BECB63}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\FaxApplications.exe
FirewallRules: [{C9A66DCC-E007-4B04-A313-69AE3EEB533F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{BDDD3C6D-5944-48E5-A771-02BB28494D20}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{2746371A-013F-4C6E-AB40-D0607D32CD9A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{9E128876-13BA-4431-A8DB-61D8AFF0361D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{943B67C8-E0FF-46D7-B61C-9C2957001266}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{779A00ED-B949-48E7-A3EB-5139C0D41620}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{99589787-3729-4E33-974A-E27234648B71}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\WLAN\SwisscomWLAN.exe
FirewallRules: [{42826AA8-6546-4E07-A6F9-A6DA76687DF5}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\WLAN\SwisscomWLAN.exe
FirewallRules: [{1EBD45E0-E6A9-4D58-8DA3-83224EBB5811}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe
FirewallRules: [{C5974FBF-A255-4191-8039-CDDAE4E3D650}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe
FirewallRules: [{E880337B-E878-4D2C-A7F6-7BE6E7E8D4C5}] => (Allow) C:\Program Files (x86)\Ubisoft\Far Cry 3 Blood Dragon\bin\fc3_blooddragon.exe
FirewallRules: [{B5AA6594-2BC9-4595-A5E1-24F538754C0F}] => (Allow) C:\Program Files (x86)\Ubisoft\Far Cry 3 Blood Dragon\bin\fc3_blooddragon.exe
FirewallRules: [{4F0CA273-CC49-4B82-9459-4CA1FFB5655C}] => (Allow) C:\Program Files (x86)\Ubisoft\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11.exe
FirewallRules: [{5984457C-1614-469D-AF34-1EA1C69CC3C9}] => (Allow) C:\Program Files (x86)\Ubisoft\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11.exe
FirewallRules: [{7CC9300C-0C6C-4953-A5B2-A39E656152D1}] => (Allow) C:\Program Files (x86)\Ubisoft\Far Cry 3 Blood Dragon\bin\FC3BDUpdater.exe
FirewallRules: [{C9E90CE0-5A26-431D-91D7-F2B439AC2D55}] => (Allow) C:\Program Files (x86)\Ubisoft\Far Cry 3 Blood Dragon\bin\FC3BDUpdater.exe
FirewallRules: [TCP Query User{89DC18CD-2F2E-4ECB-8BB1-87626793DFCA}D:\magix\video deluxe 2015 premium\videodeluxe.exe] => (Allow) D:\magix\video deluxe 2015 premium\videodeluxe.exe
FirewallRules: [UDP Query User{A6ABD8A0-4630-43E0-BFCB-AC5FC1BF1539}D:\magix\video deluxe 2015 premium\videodeluxe.exe] => (Allow) D:\magix\video deluxe 2015 premium\videodeluxe.exe
FirewallRules: [{64582C45-9FB2-4BD4-80F5-5ED6E289D691}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E279ECBE-6143-494D-A23A-6C32738CF3F6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7B308AD9-132E-4066-A8B1-EF9C3FA03901}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{15513709-C780-43EE-A2BB-AC04392486C5}] => (Allow) LPort=2869
FirewallRules: [{65B71408-ECBE-4248-9BA3-8A1C6D2B916C}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{DF21489F-AFF0-4B2A-A51F-4D0EF2DBEFE1}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [UDP Query User{9012038C-60D9-4967-85BC-AF576CE920EE}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [{95D740C8-297C-4EC4-A8E4-BBC0BA9EAC08}] => (Allow) C:\Program Files\MAGIX\Video Pro X7\Video_Pro_X.exe
FirewallRules: [{BF22D6C7-7D6B-4F03-92FE-29687C885325}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\MySwisscomAssistant_Launcher.exe
FirewallRules: [{FBA03AB6-D35F-4892-8CCB-94A80A9F5619}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\MySwisscomAssistant_Launcher.exe
FirewallRules: [{614963A4-2B64-4D13-A0E0-1F7AB3FE8DDA}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\MySwisscomAssistant_Repair.exe
FirewallRules: [{80C4566C-CE6E-4304-A2CC-74E6D79D97D2}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\MySwisscomAssistant_Repair.exe
FirewallRules: [{610CD5B8-E5D0-41FB-BC42-0BE2C252DBA3}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\MySwisscomAssistant.exe
FirewallRules: [{8896B807-3DEE-4CBA-9CAB-0E626F9ACAC8}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\MySwisscomAssistant.exe
FirewallRules: [{00E5389D-3D6E-405E-8496-A4B241A6F9AA}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\Update\M2Updater.exe
FirewallRules: [{D065AEB6-5EC2-4C49-9E7C-EC167EEA8DE5}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\Update\M2Updater.exe
FirewallRules: [{5CE334AC-99C0-49F2-96A4-0F32ECA25329}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\PDF_Viewer\m2PDFViewer.exe
FirewallRules: [{D6B15A89-3B77-40BC-8CD0-4033A4910610}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\PDF_Viewer\m2PDFViewer.exe
FirewallRules: [{97A554D0-CAF6-4694-AB43-780B09EF117D}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8C1CF21C-F486-409F-950D-156D56C8F2F8}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{03539951-8AAB-49FD-9CF2-0C0327F53D6D}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2AF41C0E-B9B2-44EF-9D6F-9478F61B74D4}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{61145F1B-631B-466C-8841-9A50195E0B3C}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{64F1C429-7D8D-4A06-BA16-147076ECB9DE}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{DACF7298-E62B-408A-AED3-679D1B983046}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{CDFACA66-0D67-43E3-A32B-CA4D61B262D6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{5DC989AE-D992-4640-96F5-CA286E0C5F49}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{4FA24DA1-3FDF-4DED-AC33-69C824221D06}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C8125BE1-B8A2-4E8B-A117-39682AECD826}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A2FE8AFD-BD7A-446D-A8F5-BAA1AF1CF717}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{093C8530-EE11-418C-949D-4A600C33C107}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E1F81141-B9D3-41BC-AC50-94A663BA95F1}] => (Allow) D:\ANNO\Anno 2205\Bin\Win64\Anno2205.exe
FirewallRules: [{E9245BAA-D73B-4B9C-BF25-6024743FD273}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{C43A6786-8351-4156-ADC0-BB37848F3943}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{73064C57-800E-44E8-92F5-554112E4B360}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{C11FF067-B0A3-4F40-80F1-55D1FF0AD0C2}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{711671C1-8F2F-4AB0-8990-9DFD5CCB5E24}] => (Allow) D:\iTunes\iTunes.exe

==================== Wiederherstellungspunkte =========================

11-06-2016 16:22:50 Geplanter Prüfpunkt
15-06-2016 23:16:01 Windows Update
23-06-2016 16:34:35 Windows Update
27-06-2016 13:52:42 Malwarebytes Anti-Rootkit Restore Point
28-06-2016 17:34:29 JRT Pre-Junkware Removal
28-06-2016 17:35:26 JRT Pre-Junkware Removal

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (06/29/2016 08:09:39 AM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 1  2016-06-29  08:09:39+02:00  HZMOPC  HZMOPC\Heinz  F-Secure Anti-Virus
 Malicious code found in file C:\Windows\Temp\WAX5639.tmp.
 Infection: Gen:Trojan.Heur.FU.UuZ@am9S2Gb

Error: (06/29/2016 08:09:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: fshoster32.exe, Version: 1.6.214.0, Zeitstempel: 0x55631674
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.18264, Zeitstempel: 0x56e1b34d
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x00015b68
ID des fehlerhaften Prozesses: 0x380
Startzeit der fehlerhaften Anwendung: 0xfshoster32.exe0
Pfad der fehlerhaften Anwendung: fshoster32.exe1
Pfad des fehlerhaften Moduls: fshoster32.exe2
Berichtskennung: fshoster32.exe3
Vollständiger Name des fehlerhaften Pakets: fshoster32.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: fshoster32.exe5

Error: (06/29/2016 08:09:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: fshoster32.exe, Version: 1.6.214.0, Zeitstempel: 0x55631674
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.18264, Zeitstempel: 0x56e1b34d
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x00015b68
ID des fehlerhaften Prozesses: 0x818
Startzeit der fehlerhaften Anwendung: 0xfshoster32.exe0
Pfad der fehlerhaften Anwendung: fshoster32.exe1
Pfad des fehlerhaften Moduls: fshoster32.exe2
Berichtskennung: fshoster32.exe3
Vollständiger Name des fehlerhaften Pakets: fshoster32.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: fshoster32.exe5

Error: (06/29/2016 08:09:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IAStorDataMgrSvc.exe, Version: 12.5.0.1066, Zeitstempel: 0x5147a50c
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x04904c0d
ID des fehlerhaften Prozesses: 0xa28
Startzeit der fehlerhaften Anwendung: 0xIAStorDataMgrSvc.exe0
Pfad der fehlerhaften Anwendung: IAStorDataMgrSvc.exe1
Pfad des fehlerhaften Moduls: IAStorDataMgrSvc.exe2
Berichtskennung: IAStorDataMgrSvc.exe3
Vollständiger Name des fehlerhaften Pakets: IAStorDataMgrSvc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IAStorDataMgrSvc.exe5

Error: (06/29/2016 08:09:04 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: IAStorDataMgrSvc.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.NullReferenceException
Stapel:
   bei IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges()
   bei IAStorUtil.SystemDataModelListener.LoadSavedSystemState()
   bei IAStorDataMgr.EventRelay.<Start>b__0(System.Object)
   bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()
   bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (06/29/2016 08:08:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: fshoster32.exe, Version: 1.6.214.0, Zeitstempel: 0x55631674
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.18264, Zeitstempel: 0x56e1b34d
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x00015b68
ID des fehlerhaften Prozesses: 0x708
Startzeit der fehlerhaften Anwendung: 0xfshoster32.exe0
Pfad der fehlerhaften Anwendung: fshoster32.exe1
Pfad des fehlerhaften Moduls: fshoster32.exe2
Berichtskennung: fshoster32.exe3
Vollständiger Name des fehlerhaften Pakets: fshoster32.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: fshoster32.exe5

Error: (06/28/2016 05:39:56 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 1  2016-06-28  17:39:56+02:00  HZMOPC  HZMOPC\Heinz  F-Secure Anti-Virus
 Malicious code found in file C:\Windows\Temp\WAX2A47.tmp.
 Infection: Gen:Trojan.Heur.FU.UuZ@a4dC5Hh

Error: (06/28/2016 05:39:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: fshoster32.exe, Version: 1.6.214.0, Zeitstempel: 0x55631674
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.18264, Zeitstempel: 0x56e1b34d
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x00015b68
ID des fehlerhaften Prozesses: 0x1d18
Startzeit der fehlerhaften Anwendung: 0xfshoster32.exe0
Pfad der fehlerhaften Anwendung: fshoster32.exe1
Pfad des fehlerhaften Moduls: fshoster32.exe2
Berichtskennung: fshoster32.exe3
Vollständiger Name des fehlerhaften Pakets: fshoster32.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: fshoster32.exe5

Error: (06/28/2016 05:39:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: skydrive.exe, Version: 6.3.9600.17484, Zeitstempel: 0x545d76bd
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.18233, Zeitstempel: 0x56bb4ebb
Ausnahmecode: 0xc000004b
Fehleroffset: 0x00000000000ecdd0
ID des fehlerhaften Prozesses: 0x1a78
Startzeit der fehlerhaften Anwendung: 0xskydrive.exe0
Pfad der fehlerhaften Anwendung: skydrive.exe1
Pfad des fehlerhaften Moduls: skydrive.exe2
Berichtskennung: skydrive.exe3
Vollständiger Name des fehlerhaften Pakets: skydrive.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: skydrive.exe5

Error: (06/28/2016 05:39:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IAStorDataMgrSvc.exe, Version: 12.5.0.1066, Zeitstempel: 0x5147a50c
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x048c4c0d
ID des fehlerhaften Prozesses: 0xa64
Startzeit der fehlerhaften Anwendung: 0xIAStorDataMgrSvc.exe0
Pfad der fehlerhaften Anwendung: IAStorDataMgrSvc.exe1
Pfad des fehlerhaften Moduls: IAStorDataMgrSvc.exe2
Berichtskennung: IAStorDataMgrSvc.exe3
Vollständiger Name des fehlerhaften Pakets: IAStorDataMgrSvc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IAStorDataMgrSvc.exe5


Systemfehler:
=============
Error: (06/29/2016 08:09:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "F-Secure Dll Hoster" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/29/2016 08:09:05 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/29/2016 08:08:59 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "F-Secure Dll Hoster" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/28/2016 05:49:01 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80240020 fehlgeschlagen: Upgrade auf Windows 10 Pro, Version 1511, 10586

Error: (06/28/2016 05:40:23 PM) (Source: DCOM) (EventID: 10010) (User: HZMOPC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (06/28/2016 05:39:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "F-Secure Dll Hoster" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/28/2016 05:39:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/28/2016 05:39:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "F-Secure Dll Hoster" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/28/2016 05:34:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "F-Secure Dll Hoster" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (06/28/2016 05:34:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


CodeIntegrity:
===================================
  Date: 2016-06-29 08:12:32.853
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-29 08:10:31.609
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-29 08:09:39.569
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-29 08:08:43.334
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\hmpalert.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-29 08:08:37.161
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-28 17:49:02.936
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\hmpalert.dll that did not meet the Windows signing level requirements.

  Date: 2016-06-28 17:48:43.916
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-28 17:47:19.457
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-28 17:41:02.070
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-28 17:40:03.097
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz
Prozentuale Nutzung des RAM: 20%
Installierter physikalischer RAM: 16328.39 MB
Verfügbarer physikalischer RAM: 12957.86 MB
Summe virtueller Speicher: 18760.39 MB
Verfügbarer virtueller Speicher: 15422.36 MB

==================== Laufwerke ================================

Drive c: (Windows) (Fixed) (Total:232.78 GB) (Free:49.71 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (DATEN) (Fixed) (Total:1838.6 GB) (Free:749.12 GB) NTFS
Drive e: (INTENSO) (Fixed) (Total:1862.55 GB) (Free:1561.53 GB) FAT32

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 7683B724)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: FCB5DEFE)
Partition 1: (Not Active) - (Size=24.4 GB) - (Type=27)
Partition 2: (Not Active) - (Size=1838.6 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 1863 GB) (Disk ID: 6D86302A)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=0C)

==================== Ende von Addition.txt ============================

cosinus · 29.06.2016, 08:43

Zitat:

Beim Neustart am 29.06.2016, 0807 folgende Meldung erhalten:
Nachricht von F-Secure: "Bösartiger Code usw.

Ja, und?
Da zu soll ich was jetzt genau sagen ohne den genauen Fundort?

hzmo · 29.06.2016, 09:13

ne war nur als Info gedacht. Mache ich nie wieder

Gruss hzmo

cosinus · 29.06.2016, 09:23

Naja, wo was genau gefunden wurde wäre schonb schön als Info

hzmo · 04.07.2016, 06:49

Mitteilung: Ich bin ab dem 09.06. bis 23.06.2016 in den Ferien und habe in dieser Zeit keinen Zugriff auf meinen PC. Gruss hzmo

28.06.2016, 20:33	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	$Bösartiger Code in Datei C:\Windows\Temp\WAX3AC2.tmp gefunden Infektion:Gen:Trojan.Heur.FU.UuZ@aCpc0Se - Standard$ Bösartiger Code in Datei C:\Windows\Temp\WAX3AC2.tmp gefunden Infektion:Gen:Trojan.Heur.FU.UuZ@aCpc0Se Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Untersuchen klicken __________________ Logfiles bitte immer in CODE-Tags posten

29.06.2016, 09:23	#14
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	$Bösartiger Code in Datei C:\Windows\Temp\WAX3AC2.tmp gefunden Infektion:Gen:Trojan.Heur.FU.UuZ@aCpc0Se - Standard$ Bösartiger Code in Datei C:\Windows\Temp\WAX3AC2.tmp gefunden Infektion:Gen:Trojan.Heur.FU.UuZ@aCpc0Se Naja, wo was genau gefunden wurde wäre schonb schön als Info __________________ Logfiles bitte immer in CODE-Tags posten

Bösartiger Code in Datei C:\Windows\Temp\WAX3AC2.tmp gefunden Infektion:Gen:Trojan.Heur.FU.UuZ@aCpc0Se

Log-Analyse und Auswertung: Bösartiger Code in Datei C:\Windows\Temp\WAX3AC2.tmp gefunden Infektion:Gen:Trojan.Heur.FU.UuZ@aCpc0Se