Hallo nochmal,
ich hoffe die ersten protokolldateien haben Dich erreicht - ich wollte alles hintereinandersetzen aber bis ich die neue Datei kopiert hab war der vorher reinkopierte Text schon weg. Hier also MBAM: Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlaufdatum: 01.06.2016
Suchlaufzeit: 23:04
Protokolldatei: mbam.txt
Administrator: Ja
Version: 2.2.1.1043
Malware-Datenbank: v2016.06.01.07
Rootkit-Datenbank: v2016.05.27.01
Lizenz: Testversion
Malware-Schutz: Aktiviert
Schutz vor bösartigen Websites: Aktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows 10
CPU: x64
Dateisystem: NTFS
Benutzer: gmichali
Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 399448
Abgelaufene Zeit: 45 Min., 36 Sek.
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(keine bösartigen Elemente erkannt)
Module: 0
(keine bösartigen Elemente erkannt)
Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)
Registrierungswerte: 0
(keine bösartigen Elemente erkannt)
Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)
Ordner: 0
(keine bösartigen Elemente erkannt)
Dateien: 1
PUP.Optional.Conduit, C:\Prefs.js, , [9b30f2058c0d9d995584b2ca24e029d7],
Physische Sektoren: 0
(keine bösartigen Elemente erkannt)
(end) als nächstes folgt das ESET protokoll Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=200d7ab31d51244c9937b8499f5b05bd
# end=init
# utc_time=2016-06-01 10:00:56
# local_time=2016-06-02 12:00:56 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 29663
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=200d7ab31d51244c9937b8499f5b05bd
# end=updated
# utc_time=2016-06-01 10:07:29
# local_time=2016-06-02 12:07:29 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=200d7ab31d51244c9937b8499f5b05bd
# engine=29663
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-06-02 10:14:52
# local_time=2016-06-02 12:14:52 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='Avira Antivirus'
# compatibility_mode=1815 16777213 100 99 45168 30422313 0 0
# compatibility_mode_1='*McAfee*'
# compatibility_mode=5131 16777214 100 97 26762465 67373996 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 26583979 28336504 0 0
# scanned=574212
# found=18
# cleaned=0
# scan_time=43642
sh=6F8290D2EFD55B3E6980FAE26BA616FE4A196692 ft=1 fh=6c631d57497f063b vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3193164286-583676693-3289013894-1001\$R4X8ASB.exe"
sh=FC13CFD5784A7B7EB2E21B35536AEBC42AC858A7 ft=1 fh=30f3b06e57136945 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\gmichali\AppData\Local\Temp\DMR\dmr_72.exe"
sh=1A4C62C3704EC6D44FC6FD5F1B404BDB514FDB31 ft=1 fh=fb77dbb6efdbba65 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\gmichali\Downloads\Ashampoo Burning Studio 2016 - CHIP-Installer.exe"
sh=DAF32F30F119A49526AFF590249A920A549CC0E3 ft=1 fh=9f5f40b90ed287dd vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\gmichali\Downloads\CHIP Guide Heimnetz und NAS - CHIP-Installer.exe"
sh=2D67E0EE4D42109A6D5DE52DE7D547BC61071DCD ft=1 fh=275b7ddcb07a4c54 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\gmichali\Downloads\Glary Utilities Pro - CHIP-Installer.exe"
sh=2860D234FA45FA8C4F413D5D826589C6F6280324 ft=1 fh=894d54595dcc6427 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\gmichali\Downloads\HDR projects 2 Win Mac - CHIP-Installer.exe"
sh=D02F784971E619FFBD2C8C0F27496540C4856F91 ft=1 fh=d0dbdcf8a81296a8 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\gmichali\Downloads\Hinter dem Spiegel 2 - CHIP-Installer.exe"
sh=E8CE0193B17D3C7F24FC6B0611E1632F9F863A72 ft=1 fh=108ca2cff3ff3bab vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\gmichali\Downloads\IObit Uninstaller - CHIP-Installer.exe"
sh=097181A4938A7C4BA1156D898E3B8EABF8B5DCB3 ft=1 fh=549bfb4793e9f0c3 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\gmichali\Downloads\OnlineTV 11 - CHIP-Installer.exe"
sh=9329BF1A02C37A8EDF3C84FA0BC37D8C03C3AF66 ft=1 fh=0fefed748c0e5390 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\gmichali\Downloads\Paragon Drive Copy 2015 Kompakt - CHIP-Installer.exe"
sh=148BC745CB91B9DFDD09FF955DCE01CA6DC10F5A ft=1 fh=cce6864c1bf4fbda vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\gmichali\Downloads\PDFCreator_v2.2.2(1).exe"
sh=148BC745CB91B9DFDD09FF955DCE01CA6DC10F5A ft=1 fh=cce6864c1bf4fbda vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\gmichali\Downloads\PDFCreator_v2.2.2.exe"
sh=ED40F7C4BFFDC0A1E823B607D3C278E77D673088 ft=1 fh=5e3a3a3063045e7b vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\gmichali\Downloads\Steganos Privacy Suite 16 - CHIP-Installer.exe"
sh=3A7E83E078DA048BFEC2EE5C104DBE249B049DF8 ft=1 fh=3b137066f898662a vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\gmichali\Downloads\UltraEdit - CHIP-Installer.exe"
sh=579845C7967EB30F4F55658426CB3DC4E23DF1ED ft=1 fh=256dcb2af658a6fe vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\gmichali\Downloads\Vollversion Google Earth Pro - CHIP-Installer.exe"
sh=EF77F07BFB6EE018F70F33154FC37E09AC0FBB11 ft=1 fh=f9e9286c9211a967 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\gmichali\Downloads\WebSite X5 Compact 11 - CHIP-Installer.exe"
sh=8B748430A158D8623766904227427AAD92D60E48 ft=1 fh=0efe84f17a146adc vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\gmichali\Downloads\Wise Care 365 Pro - CHIP-Installer.exe"
sh=E44E6F3626CF698E642A56062DBE63EEBB12B8D2 ft=1 fh=37f4854510caa11a vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\gmichali\AppData\Local\Temp\DMR\dmr_72.exe" Zum Abschluss noch die Protokolldateien von FRST Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:01-06-2016
durchgeführt von gmichali (Administrator) auf RANTEL (02-06-2016 13:03:54)
Gestartet von C:\Users\gmichali\Desktop
Geladene Profile: gmichali & (Verfügbare Profile: gmichali & Mini & Gast)
Platform: Windows 10 Home (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
(© pdfforge GmbH.) C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe
(pdfforge GmbH) C:\Program Files\PDF Architect 4\creator-ws.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect 3\creator-ws.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(WiseCleaner.com) C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.5.495.0\McCSPServiceHost.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.2.6.547\AsusWSPanel.exe
() C:\Program Files (x86)\ASUS\WebStorage\2.2.6.547\AsusWSService.exe
konnte nicht auf den Prozess zugreifen -> HxTsr.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamresearch.exe
konnte nicht auf den Prozess zugreifen -> explorer.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\123 Free Solitaire\123FreeSolitaire.exe
konnte nicht auf den Prozess zugreifen -> RemindersServer.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
konnte nicht auf den Prozess zugreifen -> RemindersServer.exe
konnte nicht auf den Prozess zugreifen -> RemindersServer.exe
konnte nicht auf den Prozess zugreifen -> RemindersServer.exe
konnte nicht auf den Prozess zugreifen -> RemindersServer.exe
konnte nicht auf den Prozess zugreifen -> RemindersServer.exe
konnte nicht auf den Prozess zugreifen -> RemindersServer.exe
konnte nicht auf den Prozess zugreifen -> WiseTurbo.exe
konnte nicht auf den Prozess zugreifen -> WiseTurbo.exe
konnte nicht auf den Prozess zugreifen -> RemindersServer.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.2.6.547\ASUSWSLoader.exe [63272 2015-12-24] ()
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [814608 2016-05-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [110144 2013-03-06] (CyberLink)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-04-25] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3193164286-583676693-3289013894-1001\...\Run: [Power2GoExpress] => C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe [2649664 2014-01-15] (CyberLink Corp.)
HKU\S-1-5-21-3193164286-583676693-3289013894-1001\...\Run: [BingSvc] => C:\Users\gmichali\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-12-29] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3193164286-583676693-3289013894-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50377336 2015-12-14] (Skype Technologies S.A.)
HKU\S-1-5-21-3193164286-583676693-3289013894-1001\...\RunOnce: [Uninstall C:\Users\gmichali\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\gmichali\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64"
HKU\S-1-5-21-3193164286-583676693-3289013894-1001\...\RunOnce: [Uninstall C:\Users\gmichali\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\gmichali\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
HKU\S-1-5-21-3193164286-583676693-3289013894-1001\...\RunOnce: [Uninstall C:\Users\gmichali\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\gmichali\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"
HKU\S-1-5-21-3193164286-583676693-3289013894-1001\...\RunOnce: [Uninstall C:\Users\gmichali\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\gmichali\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
HKU\S-1-5-21-3193164286-583676693-3289013894-1001\...\RunOnce: [Uninstall C:\Users\gmichali\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\gmichali\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-3193164286-583676693-3289013894-1001\...\RunOnce: [Uninstall C:\Users\gmichali\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\gmichali\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-3193164286-583676693-3289013894-1001\...\RunOnce: [Uninstall C:\Users\gmichali\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\gmichali\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"
HKU\S-1-5-21-3193164286-583676693-3289013894-1001\...\RunOnce: [Uninstall C:\Users\gmichali\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => c:\windows\system32\cmd.exe /q /c rmdir /s /q "c:\users\gmichali\appdata\local\microsoft\onedrive\17.3.5930.0814\amd64"
HKU\S-1-5-21-3193164286-583676693-3289013894-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3193164286-583676693-3289013894-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Power2GoExpress] => C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe [2649664 2014-01-15] (CyberLink Corp.)
HKU\S-1-5-21-3193164286-583676693-3289013894-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [BingSvc] => C:\Users\gmichali\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-12-29] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3193164286-583676693-3289013894-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50377336 2015-12-14] (Skype Technologies S.A.)
HKU\S-1-5-21-3193164286-583676693-3289013894-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall C:\Users\gmichali\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\gmichali\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64"
HKU\S-1-5-21-3193164286-583676693-3289013894-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall C:\Users\gmichali\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\gmichali\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
HKU\S-1-5-21-3193164286-583676693-3289013894-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall C:\Users\gmichali\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\gmichali\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"
HKU\S-1-5-21-3193164286-583676693-3289013894-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall C:\Users\gmichali\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\gmichali\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
HKU\S-1-5-21-3193164286-583676693-3289013894-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall C:\Users\gmichali\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\gmichali\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-3193164286-583676693-3289013894-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall C:\Users\gmichali\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\gmichali\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-3193164286-583676693-3289013894-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall C:\Users\gmichali\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\gmichali\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"
HKU\S-1-5-21-3193164286-583676693-3289013894-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall C:\Users\gmichali\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => c:\windows\system32\cmd.exe /q /c rmdir /s /q "c:\users\gmichali\appdata\local\microsoft\onedrive\17.3.5930.0814\amd64"
HKU\S-1-5-21-3193164286-583676693-3289013894-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3193164286-583676693-3289013894-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Power2GoExpress] => C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe [2649664 2014-01-15] (CyberLink Corp.)
HKU\S-1-5-21-3193164286-583676693-3289013894-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [BingSvc] => C:\Users\gmichali\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-12-29] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3193164286-583676693-3289013894-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50377336 2015-12-14] (Skype Technologies S.A.)
HKU\S-1-5-21-3193164286-583676693-3289013894-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\RunOnce: [Uninstall C:\Users\gmichali\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\gmichali\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64"
HKU\S-1-5-21-3193164286-583676693-3289013894-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\RunOnce: [Uninstall C:\Users\gmichali\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\gmichali\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
HKU\S-1-5-21-3193164286-583676693-3289013894-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\RunOnce: [Uninstall C:\Users\gmichali\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\gmichali\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"
HKU\S-1-5-21-3193164286-583676693-3289013894-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\RunOnce: [Uninstall C:\Users\gmichali\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\gmichali\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
HKU\S-1-5-21-3193164286-583676693-3289013894-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\RunOnce: [Uninstall C:\Users\gmichali\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\gmichali\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-3193164286-583676693-3289013894-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\RunOnce: [Uninstall C:\Users\gmichali\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\gmichali\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-3193164286-583676693-3289013894-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\RunOnce: [Uninstall C:\Users\gmichali\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\gmichali\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"
HKU\S-1-5-21-3193164286-583676693-3289013894-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\RunOnce: [Uninstall C:\Users\gmichali\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => c:\windows\system32\cmd.exe /q /c rmdir /s /q "c:\users\gmichali\appdata\local\microsoft\onedrive\17.3.5930.0814\amd64"
HKU\S-1-5-21-3193164286-583676693-3289013894-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3193164286-583676693-3289013894-1006-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\RunOnce: [Uninstall C:\Users\Mini.rantel\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Mini.rantel\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
HKU\S-1-5-21-3193164286-583676693-3289013894-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall C:\Users\Mini.rantel\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Mini.rantel\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
HKU\S-1-5-21-3193164286-583676693-3289013894-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-07-10] (Microsoft Corporation)
HKU\S-1-5-21-3193164286-583676693-3289013894-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-07-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.2.6.547\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.2.6.547\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.2.6.547\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-09-26]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{10665a42-518b-4022-86a8-1077b8b493af}: [DhcpNameServer] 192.168.2.1
Internet Explorer:
==================
HKU\S-1-5-21-3193164286-583676693-3289013894-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
HKU\S-1-5-21-3193164286-583676693-3289013894-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
HKU\S-1-5-21-3193164286-583676693-3289013894-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
HKU\S-1-5-21-3193164286-583676693-3289013894-1006-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com/?pc=ASJB
HKU\S-1-5-21-3193164286-583676693-3289013894-1006-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
HKU\S-1-5-21-3193164286-583676693-3289013894-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com/?pc=ASJB
HKU\S-1-5-21-3193164286-583676693-3289013894-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
HKU\S-1-5-21-3193164286-583676693-3289013894-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com/?pc=ASJB
HKU\S-1-5-21-3193164286-583676693-3289013894-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
HKU\S-1-5-21-3193164286-583676693-3289013894-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com/?pc=ASJB
HKU\S-1-5-21-3193164286-583676693-3289013894-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: PDF Architect 3 Helper -> {06E08260-0695-4EC1-A74B-1310D8899D93} -> C:\Program Files (x86)\PDF Architect 3\creator-ie-helper.dll [2015-04-24] (pdfforge GmbH)
BHO-x32: PDF Architect 4 Helper -> {38279E1A-7019-40C1-B579-E99DFB3312E8} -> C:\Program Files (x86)\PDF Architect 4\creator-ie-helper.dll [2016-05-04] (pdfforge GmbH)
Toolbar: HKLM-x32 - PDF Architect 3 Toolbar - {2DFF3579-5AA7-45B9-9328-1D38EA230861} - C:\Program Files (x86)\PDF Architect 3\creator-ie-plugin.dll [2015-04-24] (pdfforge GmbH)
Toolbar: HKLM-x32 - PDF Architect 4 Toolbar - {23FD9C33-A9E1-48A1-8404-E5925CF1C8E1} - C:\Program Files (x86)\PDF Architect 4\creator-ie-plugin.dll [2016-05-04] (pdfforge GmbH)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll Keine Datei
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll Keine Datei
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-05-13] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-05-13] (McAfee, Inc.)
FireFox:
========
FF ProfilePath: C:\Users\gmichali\AppData\Roaming\Mozilla\Firefox\Profiles\y0c5i5zg.default
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://google.com/
FF Keyword.URL: hxxp://www.bing.com/search?FORM=SL5MDF&PC=SL5M&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-13] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-05-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: PDF Architect 4 -> C:\Program Files\PDF Architect 4\np-previewer.dll [2016-05-04] (pdfforge GmbH)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-13] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-12-18] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-12-18] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-05-13] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: PDF Architect 3 -> C:\Program Files (x86)\PDF Architect 3\np-previewer.dll [2015-04-24] (pdfforge GmbH)
FF Plugin HKU\S-1-5-21-3193164286-583676693-3289013894-1001: SkypePlugin -> C:\Users\gmichali\AppData\Local\SkypePlugin\7.5.0.123\npGatewayNpapi.dll [2015-07-17] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-3193164286-583676693-3289013894-1001: SkypePlugin64 -> C:\Users\gmichali\AppData\Local\SkypePlugin\7.5.0.123\npGatewayNpapi-x64.dll [2015-07-17] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-3193164286-583676693-3289013894-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: SkypePlugin -> C:\Users\gmichali\AppData\Local\SkypePlugin\7.5.0.123\npGatewayNpapi.dll [2015-07-17] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-3193164286-583676693-3289013894-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: SkypePlugin64 -> C:\Users\gmichali\AppData\Local\SkypePlugin\7.5.0.123\npGatewayNpapi-x64.dll [2015-07-17] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-3193164286-583676693-3289013894-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1: SkypePlugin -> C:\Users\gmichali\AppData\Local\SkypePlugin\7.5.0.123\npGatewayNpapi.dll [2015-07-17] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-3193164286-583676693-3289013894-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1: SkypePlugin64 -> C:\Users\gmichali\AppData\Local\SkypePlugin\7.5.0.123\npGatewayNpapi-x64.dll [2015-07-17] (Skype Technologies S.A.)
FF SearchPlugin: C:\Users\gmichali\AppData\Roaming\Mozilla\Firefox\Profiles\y0c5i5zg.default\searchplugins\bing-.xml [2015-12-29]
FF Extension: Avira Browser Safety - C:\Users\gmichali\AppData\Roaming\Mozilla\Firefox\Profiles\y0c5i5zg.default\Extensions\abs@avira.com [2016-05-12]
FF Extension: Bing Search - C:\Users\gmichali\AppData\Roaming\Mozilla\Firefox\Profiles\y0c5i5zg.default\Extensions\bingsearch.full@microsoft.com.xpi [2015-12-29]
FF Extension: Cliqz - C:\Users\gmichali\AppData\Roaming\Mozilla\Firefox\Profiles\y0c5i5zg.default\Extensions\cliqz@cliqz.com.xpi [2016-04-20]
FF Extension: Ghostery - C:\Users\gmichali\AppData\Roaming\Mozilla\Firefox\Profiles\y0c5i5zg.default\Extensions\firefox@ghostery.com.xpi [2016-05-05]
FF Extension: Google search link fix - C:\Users\gmichali\AppData\Roaming\Mozilla\Firefox\Profiles\y0c5i5zg.default\Extensions\jid0-XWJxt5VvCXkKzQK99PhZqAn7Xbg@jetpack.xpi [2015-12-23]
FF Extension: Google™ Translator Lite - C:\Users\gmichali\AppData\Roaming\Mozilla\Firefox\Profiles\y0c5i5zg.default\Extensions\jid1-f3mYMbCpz2AZYl@jetpack.xpi [2016-03-14]
FF HKLM\...\Firefox\Extensions: [pdf_architect_4_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension
FF Extension: PDF Architect 4 Creator - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension [2016-05-31] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_3_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 3\resources\pdfarchitect3firefoxextension
FF Extension: PDF Architect 3 Creator - C:\Program Files (x86)\PDF Architect 3\resources\pdfarchitect3firefoxextension [2015-07-20] [ist nicht signiert]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-07-19] [ist nicht signiert]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [970656 2016-05-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [467016 2016-05-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [467016 2016-05-18] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1435704 2016-05-18] (Avira Operations GmbH & Co. KG)
S2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSWinService.exe [71168 2014-08-20] (ASUS Cloud Corporation) [Datei ist nicht signiert]
S2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [280008 2016-04-25] (Avira Operations GmbH & Co. KG)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [143872 2014-10-24] (Microsoft Corporation) [Datei ist nicht signiert]
U2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [Datei ist nicht signiert]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28552 2016-04-26] (Hewlett-Packard Company)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2016-04-11] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S4 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [754280 2015-05-13] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [332528 2014-03-12] (McAfee, Inc.)
U2 mcbootdelaystartsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.5.495.0\McCSPServiceHost.exe [207344 2015-06-04] (McAfee, Inc.)
S3 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
S3 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [609592 2015-05-05] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
S3 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
S3 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
S4 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-03-18] (McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-04-08] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-05-14] (McAfee, Inc.)
S4 mfevtp; C:\Windows\system32\mfevtps.exe [250672 2015-04-08] (McAfee, Inc.)
U3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
S3 PDF Architect 3; C:\Program Files (x86)\PDF Architect 3\ws.exe [2244312 2015-04-24] (pdfforge GmbH)
S3 PDF Architect 3 CrashHandler; C:\Program Files (x86)\PDF Architect 3\crash-handler-ws.exe [901336 2015-04-24] (pdfforge GmbH)
R2 PDF Architect 3 Creator; C:\Program Files (x86)\PDF Architect 3\creator-ws.exe [740568 2015-04-24] (pdfforge GmbH)
S3 PDF Architect 4; C:\Program Files\PDF Architect 4\ws.exe [2438368 2016-05-04] (pdfforge GmbH)
S3 PDF Architect 4 CrashHandler; C:\Program Files\PDF Architect 4\crash-handler-ws.exe [1038048 2016-05-04] (pdfforge GmbH)
R2 PDF Architect 4 Creator; C:\Program Files\PDF Architect 4\creator-ws.exe [851168 2016-05-04] (pdfforge GmbH)
R2 PDF Architect 4 Manager; C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe [959248 2015-10-05] (© pdfforge GmbH.)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [122368 2015-02-26] (Microsoft Corporation) [Datei ist nicht signiert]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
S2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580144 2015-08-06] (WiseCleaner.com)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4325544 2015-06-26] (Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [101368 2015-12-14] (ASUS Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128664 2016-03-13] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [146712 2016-05-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [78208 2016-05-18] (Avira Operations GmbH & Co. KG)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [68784 2015-04-08] (McAfee, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows (R) Win 7 DDK provider)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [198448 2015-04-27] (McAfee, Inc.)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( )
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-06-02] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-28] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [402888 2015-04-08] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [338272 2015-04-08] (McAfee, Inc.)
R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [101872 2015-04-08] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80160 2015-04-08] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [488000 2015-04-08] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [864200 2015-04-08] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [441264 2014-03-18] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-03-18] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [335944 2015-04-08] (McAfee, Inc.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [895256 2015-07-07] (Realtek )
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [751632 2015-05-14] (Realsil Semiconductor Corporation)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
R3 WiseHDInfo; C:\WINDOWS\WiseHDInfo64.dll [14800 2015-12-23] (wisecleaner.com)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-06-02 13:02 - 2016-06-02 13:02 - 00000000 ____D C:\Users\gmichali\Desktop\FRST-OlderVersion
2016-06-02 12:10 - 2016-06-02 12:10 - 00016148 _____ C:\WINDOWS\system32\RANTEL_gmichali_HistoryPrediction.bin
2016-06-02 00:00 - 2016-06-02 13:03 - 00000000 ____D C:\Program Files (x86)\ESET
2016-06-01 23:58 - 2016-06-01 23:58 - 02870984 _____ (ESET) C:\Users\gmichali\Downloads\esetsmartinstaller_deu(1).exe
2016-06-01 23:57 - 2016-06-01 23:59 - 02870984 _____ (ESET) C:\Users\gmichali\Desktop\esetsmartinstaller_deu.exe
2016-06-01 23:51 - 2016-06-01 23:51 - 00001226 _____ C:\mbam.txt
2016-06-01 22:59 - 2016-06-02 11:48 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-06-01 22:59 - 2016-06-01 22:59 - 00001173 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-06-01 22:59 - 2016-06-01 22:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-01 22:59 - 2016-06-01 22:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-01 22:59 - 2016-06-01 22:59 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-06-01 22:59 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-06-01 22:59 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-06-01 22:59 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-06-01 22:56 - 2016-06-01 22:57 - 22851472 _____ (Malwarebytes ) C:\Users\gmichali\Downloads\mbam-setup-2.2.1.1043.exe
2016-06-01 22:40 - 2016-06-01 22:47 - 00000000 ____D C:\AdwCleaner
2016-06-01 22:39 - 2016-06-01 22:40 - 03677248 _____ C:\Users\gmichali\Desktop\AdwCleaner_5.119.exe
2016-06-01 17:36 - 2016-06-01 17:37 - 00000000 ___HD C:\$WINDOWS.~BT
2016-06-01 10:29 - 2016-06-01 14:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-06-01 08:58 - 2016-06-01 09:00 - 00043215 _____ C:\Users\gmichali\Desktop\Addition.txt
2016-06-01 08:55 - 2016-06-02 13:05 - 00036865 _____ C:\Users\gmichali\Desktop\FRST.txt
2016-06-01 08:54 - 2016-06-02 13:03 - 00000000 ____D C:\FRST
2016-06-01 08:52 - 2016-06-02 13:02 - 02383872 _____ (Farbar) C:\Users\gmichali\Desktop\FRST64.exe
2016-05-30 16:19 - 2016-05-30 16:19 - 00284368 _____ C:\WINDOWS\Minidump\053016-58156-01.dmp
2016-05-30 16:19 - 2016-05-30 16:19 - 00000000 ____D C:\WINDOWS\Minidump
2016-05-30 16:18 - 2016-05-30 16:18 - 720448952 _____ C:\WINDOWS\MEMORY.DMP
2016-05-29 10:21 - 2016-05-29 10:21 - 00000000 ____D C:\Users\gmichali\Documents\PDF Architect
2016-05-29 00:09 - 2016-05-29 00:09 - 00000000 ___HD C:\OneDriveTemp
2016-05-29 00:08 - 2016-05-29 00:08 - 00016148 _____ C:\WINDOWS\system32\RANTEL_Mini_HistoryPrediction.bin
2016-05-28 23:52 - 2016-05-28 23:52 - 00000000 ____D C:\Users\Mini.rantel\AppData\Roaming\Macromedia
2016-05-28 23:04 - 2016-05-28 23:04 - 00000000 ____D C:\WINDOWS\System32\Tasks\Aufgaben der Ereignisanzeige
2016-05-28 21:23 - 2016-04-22 09:57 - 00453288 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-05-28 19:04 - 2016-05-28 19:05 - 08808696 _____ (SparkTrust) C:\Users\gmichali\Downloads\SparkTrust PC Cleaner Plus Setup_9FF22AC2-8C39-4DDB-9BF7-87C2F1FF3794_.exe
2016-05-28 19:02 - 2016-05-28 19:02 - 08808696 _____ (SparkTrust) C:\Users\gmichali\Downloads\SparkTrust PC Cleaner Plus Setup_9A279CBB-B4C8-4F38-A017-5607858EBE4B_.exe
2016-05-28 19:01 - 2016-05-28 19:01 - 08808696 _____ (SparkTrust) C:\Users\gmichali\Downloads\SparkTrust PC Cleaner Plus Setup_6392927F-DADA-43BC-A246-6E2A6258C313_.exe
2016-05-28 19:01 - 2016-05-28 19:01 - 08808696 _____ (SparkTrust) C:\Users\gmichali\Downloads\SparkTrust PC Cleaner Plus Setup_542FEE73-1C0A-4432-9307-B8C8590A9C8D_.exe
2016-05-28 16:25 - 2016-05-28 16:25 - 00093127 _____ C:\Users\gmichali\Documents\Kreissparkasse Göppingen (61050000) - Umsämaitze.pdf
2016-05-28 15:46 - 2016-05-28 15:46 - 00080311 _____ C:\Users\gmichali\Downloads\Konto_3257757-Auszug_2016_002.PDF
2016-05-28 11:30 - 2016-05-28 11:30 - 00001272 _____ C:\Users\Public\Desktop\abramania mahjongg freeware.lnk
2016-05-28 11:30 - 2016-05-28 11:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\abramania mahjongg freeware
2016-05-28 08:19 - 2016-05-28 08:19 - 00233080 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-05-25 20:11 - 2016-05-25 20:11 - 00003206 _____ C:\WINDOWS\System32\Tasks\{B7261829-2B4F-4474-A717-3FC92536B9A7}
2016-05-25 20:07 - 2016-05-25 20:07 - 00003206 _____ C:\WINDOWS\System32\Tasks\{BB9D45F6-21D5-4DF1-909E-3EA1383BC4E9}
2016-05-25 06:11 - 2016-05-25 06:11 - 00013182 _____ C:\Users\gmichali\Documents\ausgaben.ods
2016-05-20 04:41 - 2016-05-31 12:24 - 00003262 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForgmichali
2016-05-20 04:41 - 2016-05-31 12:24 - 00000358 _____ C:\WINDOWS\Tasks\HPCeeScheduleForgmichali.job
2016-05-06 15:21 - 2016-05-28 08:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-06-02 13:01 - 2015-07-18 19:05 - 00000000 ____D C:\Users\gmichali\AppData\Roaming\Skype
2016-06-02 12:52 - 2015-07-23 21:55 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-06-02 12:14 - 2016-04-12 18:54 - 00003544 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2016-06-02 12:14 - 2015-07-18 19:19 - 00003534 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2016-06-02 12:11 - 2015-11-11 21:51 - 00001132 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-02 07:36 - 2015-07-18 19:20 - 00004158 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DFE5D58D-CB06-453E-98D2-AFF66790EA57}
2016-06-01 23:11 - 2015-11-11 21:51 - 00001128 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-01 22:58 - 2015-07-18 19:01 - 00000000 ____D C:\Users\gmichali\AppData\Roaming\WebStorage
2016-06-01 22:56 - 2015-12-23 23:16 - 00002129 _____ C:\Users\Public\Desktop\Wise Care 365.lnk
2016-06-01 22:55 - 2016-04-29 13:35 - 00000081 _____ C:\Users\gmichali\AppData\Roaming\sp_data.sys
2016-06-01 22:54 - 2015-07-31 00:55 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2016-06-01 22:53 - 2015-07-19 11:54 - 00000000 ___RD C:\Users\gmichali\OneDrive
2016-06-01 22:52 - 2015-12-23 23:17 - 00000000 ____D C:\Users\gmichali\AppData\Roaming\Wise Care 365
2016-06-01 22:52 - 2015-07-18 18:54 - 00000000 __SHD C:\Users\gmichali\IntelGraphicsProfiles
2016-06-01 22:50 - 2015-07-10 14:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-01 22:48 - 2015-12-14 23:47 - 00000000 ____D C:\searchplugins
2016-06-01 22:48 - 2015-12-14 23:46 - 00000000 ____D C:\Users\gmichali\AppData\Roaming\Lavasoft
2016-06-01 22:48 - 2015-12-14 23:46 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2016-06-01 22:47 - 2015-12-14 23:45 - 00000000 ____D C:\ProgramData\Lavasoft
2016-06-01 18:25 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-01 18:23 - 2015-07-18 18:55 - 00000000 ____D C:\Users\gmichali\AppData\Local\Packages
2016-06-01 17:45 - 2015-07-30 20:15 - 00000000 ___DC C:\WINDOWS\Panther
2016-06-01 17:28 - 2015-07-18 19:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-05-31 02:13 - 2015-07-30 19:37 - 00000000 ____D C:\Users\gmichali
2016-05-31 02:06 - 2015-07-30 19:37 - 00000000 ____D C:\Users\Mini.rantel
2016-05-31 02:06 - 2015-07-30 19:37 - 00000000 ____D C:\Users\Gast
2016-05-31 02:05 - 2015-12-14 23:47 - 00000000 ____D C:\Users\gmichali\AppData\Local\Lavasoft
2016-05-31 02:05 - 2015-09-17 19:19 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2016-05-31 02:05 - 2015-07-18 22:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-05-31 02:05 - 2014-10-29 08:25 - 00000000 ____D C:\ProgramData\Package Cache
2016-05-31 01:59 - 2015-07-10 13:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-05-31 01:41 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\registration
2016-05-31 01:41 - 2015-07-10 11:05 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-05-31 01:40 - 2015-12-17 12:12 - 00000000 ____D C:\Program Files\PDF Architect 4
2016-05-30 09:21 - 2015-09-09 03:23 - 00001213 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2016-05-29 10:26 - 2015-12-17 12:12 - 00000000 ____D C:\Program Files (x86)\PDF Architect 4
2016-05-29 07:15 - 2015-07-18 19:16 - 00000000 ____D C:\Users\gmichali\AppData\Roaming\WildTangent
2016-05-29 07:15 - 2014-10-29 08:26 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-05-29 07:15 - 2014-10-29 08:26 - 00000000 ____D C:\ProgramData\WildTangent
2016-05-28 23:45 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-05-28 23:39 - 2015-08-02 20:07 - 00004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A6FCEFA5-DD25-4B1E-BD9E-078BAEBBB842}
2016-05-28 23:39 - 2015-07-20 15:38 - 00000000 ____D C:\Users\Mini.rantel\AppData\Roaming\awsRun
2016-05-28 23:38 - 2015-07-20 15:31 - 00000000 ____D C:\Users\Mini.rantel\AppData\Local\Packages
2016-05-28 23:32 - 2015-07-20 15:34 - 00000081 _____ C:\Users\Mini.rantel\AppData\Roaming\sp_data.sys
2016-05-28 23:31 - 2015-07-19 02:54 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-05-28 22:25 - 2015-07-10 11:05 - 01048576 ___SH C:\WINDOWS\system32\config\BBI
2016-05-28 14:25 - 2015-07-28 10:36 - 00001116 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\123 Free Solitaire.lnk
2016-05-28 14:25 - 2015-07-28 10:36 - 00001104 _____ C:\Users\Public\Desktop\123 Free Solitaire.lnk
2016-05-28 14:25 - 2015-07-28 10:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\123 Free Solitaire
2016-05-28 14:25 - 2015-07-28 10:36 - 00000000 ____D C:\Program Files (x86)\123 Free Solitaire
2016-05-28 12:01 - 2015-07-10 12:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-27 08:06 - 2015-12-14 23:26 - 00000000 ____D C:\Users\gmichali\.gimp-2.8
2016-05-27 08:01 - 2015-07-19 22:19 - 00000000 ____D C:\Users\Mini\Bilder
2016-05-25 20:11 - 2014-10-29 08:25 - 00000000 ____D C:\ProgramData\Skype
2016-05-24 19:47 - 2015-07-30 20:05 - 04666070 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-05-24 19:47 - 2015-07-30 19:49 - 00797936 _____ C:\WINDOWS\system32\perfh010.dat
2016-05-24 19:47 - 2015-07-30 19:49 - 00150156 _____ C:\WINDOWS\system32\perfc010.dat
2016-05-24 19:47 - 2015-07-30 19:21 - 00805136 _____ C:\WINDOWS\system32\perfh013.dat
2016-05-24 19:47 - 2015-07-30 19:21 - 00158012 _____ C:\WINDOWS\system32\perfc013.dat
2016-05-24 19:47 - 2015-07-30 19:07 - 00810064 _____ C:\WINDOWS\system32\perfh00C.dat
2016-05-24 19:47 - 2015-07-30 19:07 - 00153784 _____ C:\WINDOWS\system32\perfc00C.dat
2016-05-24 19:47 - 2015-07-10 18:34 - 00772342 _____ C:\WINDOWS\system32\perfh007.dat
2016-05-24 19:47 - 2015-07-10 18:34 - 00154170 _____ C:\WINDOWS\system32\perfc007.dat
2016-05-24 19:47 - 2015-07-10 13:02 - 00000000 ____D C:\WINDOWS\INF
2016-05-24 19:45 - 2015-07-20 12:43 - 00000984 _____ C:\Users\Public\Desktop\TomTom MyDrive Connect.lnk
2016-05-24 19:44 - 2015-07-20 12:43 - 00000000 ____D C:\Program Files (x86)\MyDrive Connect
2016-05-18 15:38 - 2015-07-18 22:53 - 00146712 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2016-05-18 15:38 - 2015-07-18 22:53 - 00078208 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2016-05-14 09:48 - 2015-07-31 01:03 - 00002432 _____ C:\Users\gmichali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-05-13 09:52 - 2015-12-29 00:52 - 05995712 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2016-05-10 23:06 - 2015-11-11 21:51 - 00004190 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-10 23:06 - 2015-11-11 21:51 - 00003958 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2016-05-28 19:06 - 2016-05-30 18:28 - 0000053 _____ () C:\Users\gmichali\AppData\Roaming\LogFile.txt
2016-04-29 13:35 - 2016-06-01 22:55 - 0000081 _____ () C:\Users\gmichali\AppData\Roaming\sp_data.sys
2016-04-10 08:36 - 2016-04-10 08:36 - 0007741 _____ () C:\Users\gmichali\AppData\Local\recently-used.xbel
2015-07-30 19:31 - 2015-07-30 19:31 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-09-21 14:29 - 2015-11-15 15:51 - 0002166 _____ () C:\ProgramData\hpzinstall.log
2014-10-29 08:25 - 2012-09-07 13:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2014-10-29 08:25 - 2009-07-22 12:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2014-10-29 08:25 - 2012-09-07 13:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
2015-07-19 10:59 - 2015-07-19 11:02 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2015-07-19 10:59 - 2015-07-19 10:59 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
Einige Dateien in TEMP:
====================
C:\Users\gmichali\AppData\Local\Temp\avgnt.exe
C:\Users\gmichali\AppData\Local\Temp\libeay32.dll
C:\Users\gmichali\AppData\Local\Temp\msvcr120.dll
C:\Users\gmichali\AppData\Local\Temp\SkypeSetup.exe
C:\Users\gmichali\AppData\Local\Temp\sqlite3.dll
C:\Users\Mini.rantel\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-07-30 19:18
==================== Ende von FRST.txt ============================ Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:01-06-2016
durchgeführt von gmichali (2016-06-02 13:06:46)
Gestartet von C:\Users\gmichali\Desktop
Windows 10 Home (X64) (2015-07-30 22:43:39)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3193164286-583676693-3289013894-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3193164286-583676693-3289013894-503 - Limited - Disabled)
Gast (S-1-5-21-3193164286-583676693-3289013894-501 - Limited - Disabled) => C:\Users\Gast
gmichali (S-1-5-21-3193164286-583676693-3289013894-1001 - Administrator - Enabled) => C:\Users\gmichali
HomeGroupUser$ (S-1-5-21-3193164286-583676693-3289013894-1003 - Limited - Enabled)
Mini (S-1-5-21-3193164286-583676693-3289013894-1006 - Limited - Enabled) => C:\Users\Mini.rantel
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus und Anti-Spyware (Disabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Disabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Disabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
123 Free Solitaire v10.0 (HKLM-x32\...\123 Free Solitaire_is1) (Version: - TreeCardGames)
4500_G510nz_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
4500G510nz (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
4500G510nz_Software_Min (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Application Verifier x64 External Package (Version: 8.100.26936 - Microsoft) Hidden
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS)
ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.3 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.12 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.01.0003 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.9 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0034 - ASUS)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.17.273 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{bfb60b68-92b8-481b-b416-7e05b4ea01c9}) (Version: 1.1.61.18979 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.61.18979 - Avira Operations GmbH & Co. KG) Hidden
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0.0.8517 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Device Setup (HKLM-x32\...\{1F07F2C7-596F-4F34-B805-2C61A3E50E5A}) (Version: 1.0.18 - ASUSTek Computer Inc.)
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
Find Me Google (HKU\S-1-5-21-3193164286-583676693-3289013894-1001\...\findmegoogle-6ce2e7f73f18dce3622639ec9e5d39ef) (Version: - Trishul, Adit, Tushar, Lavish)
Find Me Google (HKU\S-1-5-21-3193164286-583676693-3289013894-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\findmegoogle-6ce2e7f73f18dce3622639ec9e5d39ef) (Version: - Trishul, Adit, Tushar, Lavish)
Find Me Google (HKU\S-1-5-21-3193164286-583676693-3289013894-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\findmegoogle-6ce2e7f73f18dce3622639ec9e5d39ef) (Version: - Trishul, Adit, Tushar, Lavish)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Foxit PhantomPDF (HKLM-x32\...\{FC76E6BB-7CBB-4CD6-8178-3BCADC0526C3}) (Version: 6.0.62.801 - Foxit Corporation)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Earth Pro (HKLM-x32\...\{35DAA04C-1720-4BE3-A920-A03731EC6A1D}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Guitar Explorer 1.0 (HKLM-x32\...\Guitar Explorer 1.0) (Version: - )
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet 4500 G510n-z 14.0 Rel. 6 (HKLM\...\{6B9B2E57-D988-4258-8A2C-6F3657A600BD}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Solutions Framework (HKLM-x32\...\{8F1A441E-AD6D-4732-BD6A-F38D5F1D1E47}) (Version: 12.4.18.7 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.0.0.1002 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kits Configuration Installer (x32 Version: 8.100.25984 - Microsoft) Hidden
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Manager (x32 Version: 4.0.1.25166 - 2015 pdfforge GmbH. All rights reserved) Hidden
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 14.0.1076 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{D1D37853-0004-3E36-A7AA-74F4EEA35F64}) (Version: 4.5.50930 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4641.3004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 46.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 46.0.1 (x64 en-US)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)
Mozilla Thunderbird 45.1.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.1.1 (x86 de)) (Version: 45.1.1 - Mozilla)
MSI Development Tools (x32 Version: 8.100.26898 - Microsoft Corporation) Hidden
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
PDF Architect 3 (HKLM-x32\...\PDF Architect 3) (Version: 3.0.45.22485 - pdfforge GmbH)
PDF Architect 3 Create Module (x32 Version: 3.0.13.22993 - pdfforge GmbH) Hidden
PDF Architect 3 Edit Module (x32 Version: 3.0.13.22993 - pdfforge GmbH) Hidden
PDF Architect 3 View Module (x32 Version: 3.0.13.22993 - pdfforge GmbH) Hidden
PDF Architect 4 (HKLM-x32\...\PDF Architect 4) (Version: 4.0.34.26215 - pdfforge GmbH)
PDF Architect 4 Create Module (Version: 4.1.4.27684 - pdfforge GmbH) Hidden
PDF Architect 4 Edit Module (Version: 4.1.4.27684 - pdfforge GmbH) Hidden
PDF Architect 4 View Module (Version: 4.1.4.27684 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.2.2 - pdfforge)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.21243 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.29.314.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
SDK Debuggers (x32 Version: 8.100.26936 - Microsoft Corporation) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype Web Plugin (HKLM-x32\...\{75BBD24C-C19A-4885-B8FD-EB15009277D3}) (Version: 7.5.0.123 - Skype Technologies S.A.)
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.104 - Skype Technologies S.A.)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
TomTom MyDrive Connect 4.1.0.2658 (HKLM-x32\...\MyDriveConnect) (Version: 4.1.0.2658 - TomTom)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Web Companion (HKLM-x32\...\{2b2f4c1a-9d86-4e07-acf0-39286350db54}) (Version: 2.1.1265.2535 - Lavasoft)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.2.6.547 - ASUS Cloud Corporation)
Windows Driver Package - ASUS (ATP) Mouse (07/02/2014 1.0.0.228) (HKLM\...\7504488B89E0121B0737D63957491C9CD2633065) (Version: 07/02/2014 1.0.0.228 - ASUS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Software Development Kit for Windows 8.1 (HKLM-x32\...\{ed3a6e6d-9661-4357-abe4-fcc03dc57a07}) (Version: 8.100.26936 - Microsoft Corporation)
Windows-Treiberpaket - ASUS (ATP) Mouse (11/11/2015 1.0.0.262) (HKLM\...\A044C5901003C24E6891688653ABA1068D04A1A0) (Version: 11/11/2015 1.0.0.262 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WPT Redistributables (x32 Version: 8.100.26936 - Microsoft) Hidden
WPTx64 (x32 Version: 8.100.26936 - Microsoft) Hidden
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-3193164286-583676693-3289013894-1001_Classes\CLSID\{59CA9673-A08B-489C-8932-1C3E0CF244D8}\localserver32 -> C:\Users\gmichali\AppData\Local\SkypePlugin\7.5.0.123\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-3193164286-583676693-3289013894-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\gmichali\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3193164286-583676693-3289013894-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3193164286-583676693-3289013894-1001_Classes\CLSID\{b5eedee0-c06e-11cf-8c56-444553540000}\InprocServer32 -> C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ue64ctmn.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-3193164286-583676693-3289013894-1001_Classes\CLSID\{B982932A-124D-489C-A7B3-8BCD1FDB8DD3}\InprocServer32 -> C:\Users\gmichali\AppData\Local\SkypePlugin\7.5.0.123\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-3193164286-583676693-3289013894-1001_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\gmichali\AppData\Local\SkypePlugin\7.5.0.123\EdgeCalling.exe (Skype Technologies S.A.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {00DC036E-CD3D-46E1-884E-A3395E8A181D} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-06-24] (Realtek Semiconductor)
Task: {037A475A-13FF-4C11-A813-9A511302AE7F} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {0898048F-E203-417F-9F3C-9C62E5413699} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-04-11] (Microsoft Corporation)
Task: {0A426854-09ED-4783-8E3C-0DC78432B78C} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-03-27] (ASUSTek Computer Inc.)
Task: {0CF907DA-EC93-42A8-BF44-434517F0010D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {11D17448-EDB9-42F5-A496-6E0FBF07F412} - System32\Tasks\{9059D087-0745-40AE-B9DF-5E6894F5AE03} => Firefox.exe hxxp://ui.skype.com/ui/0/7.21.0.100/de/go/help.faq.installer?LastError=1603
Task: {21B3B480-9B0A-4946-ACB2-BF5052B8B069} - System32\Tasks\{1D452584-DCA4-40A7-8AFF-2333DC12955D} => Firefox.exe hxxp://ui.skype.com/ui/0/7.18.0.109/de/go/help.faq.installer?LastError=1603
Task: {3398E10B-EF1A-4472-A39B-61E6820809F7} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-06-24] (Realtek Semiconductor)
Task: {36E27157-D0DB-4D2D-A708-3BCE4417161E} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2014-09-02] (ASUSTek Computer Inc.)
Task: {3A4DF253-3913-4D3B-9B90-17A5710E7117} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {4D6E79EF-A6E1-4E14-939F-9145FD86CA60} - System32\Tasks\{0BB07732-6962-43B5-B18F-450F9B20264D} => Firefox.exe hxxp://ui.skype.com/ui/0/7.18.0.109/de/go/help.faq.installer?LastError=1603
Task: {50BCE37C-B42B-4A7D-88EA-2A958617A94F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-05-04] (Hewlett-Packard)
Task: {527D66C9-46E7-4515-953B-573CE84173D8} - System32\Tasks\{BB9D45F6-21D5-4DF1-909E-3EA1383BC4E9} => Firefox.exe hxxp://ui.skype.com/ui/0/7.23.0.105/de/go/help.faq.installer?LastError=1603
Task: {5EB7E209-684F-4993-9298-F3AB5F1ED7D8} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2014-04-02] (ASUS)
Task: {6F1D8891-54C4-43B0-8753-BB7BAC65B6BB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-11] (Google Inc.)
Task: {75AA1F05-4B4D-48D4-9C81-A1B99EDDBA16} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {7C1AEFEF-EC9A-49C7-86D8-D852EE81EB59} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-05-18] (HP Inc.)
Task: {7C733BAE-5242-4230-AC6A-1743EDE30556} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-11] (Google Inc.)
Task: {7CDA5C3B-D4C2-4580-865C-23D676FBFA73} - System32\Tasks\{B7261829-2B4F-4474-A717-3FC92536B9A7} => Firefox.exe hxxp://ui.skype.com/ui/0/7.23.0.105/de/go/help.faq.installer?LastError=1603
Task: {7EE49928-2839-4DB6-9220-AD6BAB73A17B} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-02-12] ()
Task: {8232A8B9-F7CB-4B90-BC78-D38D5E342E66} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPW10UpgradeReminder => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPW10UpgradeReminder.exe [2015-08-11] (Hewlett-Packard)
Task: {8E370904-37E0-4841-9960-3BDF74E9C0C9} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {8F9BD9BF-5B77-4E0B-ADF7-C89E36E7C77E} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {A67FCF25-F64F-468B-95F9-A11C8B5AA543} - System32\Tasks\Wise Turbo Checker.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe [2015-08-06] (WiseCleaner.COM)
Task: {A699EB6C-27D1-4552-BE35-069AC4BA4807} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {B0D70631-18BE-481A-B70A-5008DB7B4B57} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {B16F7583-06FE-4769-B2D2-05356FB2887F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-13] (Adobe Systems Incorporated)
Task: {B48D83D0-A2DF-45D3-BE73-DAB4C27BD6FD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-05-04] (Hewlett-Packard)
Task: {B7B17A6F-914E-4187-859C-414DFBF8EAE2} - System32\Tasks\{9139A92C-56F1-45C0-8AB3-07AF109FEA80} => Firefox.exe hxxp://ui.skype.com/ui/0/7.22.0.109/de/go/help.faq.installer?LastError=1603
Task: {B7E22544-C3B7-4E7A-A322-A4415C07A5B6} - System32\Tasks\{E90240C2-89A8-4075-B36B-5E53CF4A242C} => Firefox.exe hxxp://ui.skype.com/ui/0/7.18.0.112/de/go/help.faq.installer?LastError=1603
Task: {C450863F-F4DA-4049-9C77-FEA7929AA4C6} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {C4A6FF2A-5E36-4838-80F8-B3224755468E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {C55A5661-3C33-4853-8892-C8E2F2111A8E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {C617B153-6362-4123-B4C3-CA288C6865DF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {C69E3975-6C3A-452C-9E51-36CFFBF5D5BD} - System32\Tasks\{A32321BC-F5B1-4D15-B0CC-4E10435AF546} => Firefox.exe hxxp://ui.skype.com/ui/0/7.21.0.100/de/go/help.faq.installer?LastError=1603
Task: {C7ADB7E5-6104-4DD9-88C0-613D15D34098} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-01-14] (ASUSTek Computer Inc.)
Task: {CE46B477-CAF3-4B7D-BD2A-382FDE298906} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {D10F95FA-D9AB-4CC9-BD86-8C8B958E5EA2} - System32\Tasks\HPCeeScheduleForgmichali => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {D48B12D4-A428-42A2-B4F6-8BEBC9B6989E} - System32\Tasks\Wise Care 365.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe [2015-08-18] (WiseCleaner.com)
Task: {DABDAC64-DB6F-499D-AD67-C882E777B748} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {DB123570-BB77-4292-B407-0124612E9B97} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
Task: {DD9E123C-7D01-416D-A79E-0A4DFD7C449E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {E1DC28DE-BA7A-4C3E-A6BF-CD2F59234476} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-05-18] (HP Inc.)
Task: {F0236381-C6DA-44CA-9DE9-BF0A705609A6} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-12-14] (AsusTek)
Task: {FBF194DF-D5E4-40DC-9C55-2A7A73B1D8AA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForgmichali.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\WebReg HP Officejet 4500 G510n-z.job => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqwrg.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-07-10 13:00 - 2015-07-10 13:00 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-07-30 20:08 - 2015-07-30 20:08 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-19 00:26 - 2015-08-11 11:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-11-11 09:04 - 2015-09-17 08:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-24 09:33 - 2015-12-24 09:33 - 01382696 _____ () C:\Program Files (x86)\ASUS\WebStorage\2.2.6.547\AsusWSService.exe
2016-05-14 09:48 - 2016-05-14 09:48 - 00959168 _____ () C:\Users\gmichali\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2015-11-11 09:04 - 2015-09-17 08:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-07-28 10:36 - 2013-07-30 10:00 - 09549576 _____ () C:\Program Files (x86)\123 Free Solitaire\123FreeSolitaire.exe
2014-04-02 16:46 - 2014-04-02 16:46 - 00018992 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDColorEnhance.dll
2014-04-02 16:46 - 2014-04-02 16:46 - 00117248 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2014-04-02 16:46 - 2014-04-02 16:46 - 00037936 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2014-04-02 16:46 - 2014-04-02 16:46 - 00020528 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDRegammaAndGamut.dll
2012-07-04 18:14 - 2012-07-04 18:14 - 01875056 _____ () C:\Program Files (x86)\CyberLink\Power2Go\Language\DEU\P2GRC.dll
2013-11-13 13:51 - 2013-11-13 13:51 - 00866056 _____ () C:\Program Files (x86)\CyberLink\Power2Go\UNO.dll
2011-03-09 14:21 - 2011-03-09 14:21 - 00144680 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLVistaAudioMixer.dll
2016-05-14 09:48 - 2016-05-14 09:48 - 00679624 _____ () C:\Users\gmichali\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2015-12-05 11:21 - 2015-12-05 11:21 - 00933056 ____R () C:\Program Files (x86)\Skype\Phone\ssScreenVVS2.dll
2013-03-06 16:37 - 2013-03-06 16:37 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2011-03-09 14:21 - 2011-03-09 14:21 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2015-07-28 10:36 - 2013-07-30 10:00 - 08692488 _____ () C:\Program Files (x86)\123 Free Solitaire\SOL.RGF
2015-07-28 10:36 - 2013-07-30 10:00 - 00489224 _____ () C:\Program Files (x86)\123 Free Solitaire\SOL2.RGF
2013-04-27 10:24 - 2013-04-27 10:24 - 00071680 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\checkmetro.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\S-1-5-21-3193164286-583676693-3289013894-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3193164286-583676693-3289013894-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3193164286-583676693-3289013894-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\localhost -> localhost
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3193164286-583676693-3289013894-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Mini\Bilder\Borkum\DSC01829.JPG
HKU\S-1-5-21-3193164286-583676693-3289013894-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Mini\Bilder\Borkum\DSC01829.JPG
HKU\S-1-5-21-3193164286-583676693-3289013894-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> C:\Users\Mini\Bilder\Borkum\DSC01829.JPG
HKU\S-1-5-21-3193164286-583676693-3289013894-1006-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\asus\wallpapers\asus.jpg
HKU\S-1-5-21-3193164286-583676693-3289013894-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\asus\wallpapers\asus.jpg
HKU\S-1-5-21-3193164286-583676693-3289013894-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\asus\wallpapers\asus.jpg
HKU\S-1-5-21-3193164286-583676693-3289013894-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\asus\wallpapers\asus.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3193164286-583676693-3289013894-1001\...\StartupApproved\Run: => "MyDriveConnect.exe"
HKU\S-1-5-21-3193164286-583676693-3289013894-1001\...\StartupApproved\Run: => "BingSvc"
HKU\S-1-5-21-3193164286-583676693-3289013894-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "MyDriveConnect.exe"
HKU\S-1-5-21-3193164286-583676693-3289013894-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "BingSvc"
HKU\S-1-5-21-3193164286-583676693-3289013894-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\StartupApproved\Run: => "MyDriveConnect.exe"
HKU\S-1-5-21-3193164286-583676693-3289013894-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\StartupApproved\Run: => "BingSvc"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{6B2F2609-DAAD-4176-9645-383B75CF4F2B}C:\users\gmichali\appdata\local\skypeplugin\7.5.0.123\pluginhost.exe] => (Allow) C:\users\gmichali\appdata\local\skypeplugin\7.5.0.123\pluginhost.exe
FirewallRules: [TCP Query User{283CBFA7-3893-4D9F-8959-51B4C43379BD}C:\users\gmichali\appdata\local\skypeplugin\7.5.0.123\pluginhost.exe] => (Allow) C:\users\gmichali\appdata\local\skypeplugin\7.5.0.123\pluginhost.exe
FirewallRules: [{CDBE5ADF-175D-49A5-A7E9-5344903812A2}] => (Allow) LPort=1900
FirewallRules: [{A4D94AC6-D68E-4389-8836-68E43B976A2B}] => (Allow) LPort=2869
FirewallRules: [{ED7B683C-C41B-4701-A091-7133AD2C5CDB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B7D196C4-C4F3-4794-9F96-4EFFD25943D0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C2069C68-A51A-4168-BE76-2E7CE7EEC4ED}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0B50460F-AB35-4E1F-9A26-F71151C064A6}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{D48F6F7F-BD46-41F0-BD6B-37F58504FF32}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{8566958C-CE0D-468D-8DD2-19DD7B263A55}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{5DC266B3-4A95-412E-9CAA-AA7417652436}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{5A3520A4-7AD8-4B82-B8B2-4B15D3CDBC68}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{E5F72C35-8458-4F35-AFBF-3FE6528D26DF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{C7A021D7-9074-40AB-B929-161F194FBD86}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{A89400F0-74D5-4377-B0A0-3A6263DE3EEE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{6F366C1B-A182-49AB-9F72-7996460F7941}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{2EAEDF9C-3727-4936-B570-531AF476E1C3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{01D75586-8D1A-4491-ADF4-8C4D00F8BA1F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{9157AF3B-13B5-4003-A47A-816A012637A4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{854DBE10-70D5-4744-A985-B0171040ABD9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{0A0C9A36-499A-44B9-BEB8-7E9BB5EEABAC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{7F072B6B-821E-47CF-9E46-D22AC60AE051}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{DCA8D434-71F6-4BE5-9D46-ECCEBCCAE70E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{89A8D4C4-7449-46C5-812E-A05A53220481}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{06D1B835-8186-4A02-92F5-4692BD82899C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{20F35B43-63C1-4BEB-AFE0-AB01FB210E9C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{8D7846BA-104A-4D9B-8AE8-86F197864B25}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{EBB16863-35E3-43DC-B083-6C957D2F3190}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{3B030776-6B5B-4C0F-9A74-82DF1F311A14}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2B4BF5E5-2561-44A5-A243-3780388DAEE9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EC2F8347-4068-4A3E-8166-79535E136621}] => (Allow) C:\Program Files (x86)\concept design\onlineTV 11\onlineTV.exe
FirewallRules: [{A3695110-E944-4C56-9A44-B320246CAAF5}] => (Allow) C:\Program Files (x86)\concept design\onlineTV 11\onlineTV.exe
==================== Wiederherstellungspunkte =========================
28-05-2016 11:51:34 Windows Modules Installer
29-05-2016 10:15:23 Installed PDF Architect 4 View Module
29-05-2016 10:22:25 Installed PDF Architect 4 Create Module
29-05-2016 10:26:40 Installed PDF Architect 4 Edit Module
30-05-2016 18:24:15 SparkTrust PC Cleaner Plus-Wiederherstellungspunkt
30-05-2016 18:36:52 Wiederherstellungsvorgang
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Officejet 4500 G510n-z
Description: Officejet 4500 G510n-z
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (06/02/2016 01:05:18 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RANTEL)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (06/02/2016 01:05:14 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RANTEL)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (06/02/2016 12:55:44 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RANTEL)
Description: Bei der Aktivierung der App „Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (06/02/2016 12:55:44 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RANTEL)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (06/02/2016 12:55:44 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RANTEL)
Description: Bei der Aktivierung der App „Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (06/02/2016 12:55:44 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RANTEL)
Description: Bei der Aktivierung der App „Microsoft.WindowsStore_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (06/02/2016 12:55:44 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RANTEL)
Description: Bei der Aktivierung der App „Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (06/02/2016 12:55:44 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RANTEL)
Description: Bei der Aktivierung der App „Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (06/02/2016 12:55:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RANTEL)
Description: Bei der Aktivierung der App „Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (06/02/2016 12:55:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RANTEL)
Description: Bei der Aktivierung der App „Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Systemfehler:
=============
Error: (06/02/2016 01:05:18 PM) (Source: DCOM) (EventID: 10010) (User: RANTEL)
Description: CortanaUI.AppX66vvx0wsdb34y1dm8b872ypnaj4fqty0.mca
Error: (06/02/2016 01:05:14 PM) (Source: DCOM) (EventID: 10010) (User: RANTEL)
Description: CortanaUI.AppXjxtspbn4351hrtx8tc95e89kaz3h2f1f.mca
Error: (06/02/2016 12:55:44 PM) (Source: DCOM) (EventID: 10010) (User: RANTEL)
Description: Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider
Error: (06/02/2016 12:55:44 PM) (Source: DCOM) (EventID: 10010) (User: RANTEL)
Description: microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca
Error: (06/02/2016 12:55:44 PM) (Source: DCOM) (EventID: 10010) (User: RANTEL)
Description: Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider
Error: (06/02/2016 12:55:44 PM) (Source: DCOM) (EventID: 10010) (User: RANTEL)
Description: App.AppX65azfy60a5wn91mcvdd3dr2y0wj02n39.mca
Error: (06/02/2016 12:55:44 PM) (Source: DCOM) (EventID: 10010) (User: RANTEL)
Description: Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider
Error: (06/02/2016 12:55:44 PM) (Source: DCOM) (EventID: 10010) (User: RANTEL)
Description: Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider
Error: (06/02/2016 12:55:43 PM) (Source: DCOM) (EventID: 10010) (User: RANTEL)
Description: Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider
Error: (06/02/2016 12:55:43 PM) (Source: DCOM) (EventID: 10001) (User: RANTEL)
Description: "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca31CortanaUI.AppX8z5q44mt1b9k6x2nkjj0bkr2e1ac0dxy.mcaNicht verfügbarNicht verfügbar
CodeIntegrity:
===================================
Date: 2016-05-30 16:44:52.546
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-05-28 21:02:33.809
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-05-28 21:02:31.934
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Celeron(R) CPU N2940 @ 1.83GHz
Prozentuale Nutzung des RAM: 68%
Installierter physikalischer RAM: 3982.54 MB
Verfügbarer physikalischer RAM: 1236.41 MB
Summe virtueller Speicher: 5646.54 MB
Verfügbarer virtueller Speicher: 2291.43 MB
==================== Laufwerke ================================
Drive c: (OS) (Fixed) (Total:372.6 GB) (Free:287.68 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (Data) (Fixed) (Total:542.8 GB) (Free:542 GB) NTFS
==================== MBR & Partitionstabelle ==================
==================== Ende von Addition.txt ============================ dies sind alle protokolldateien
welcher Virenscanner ist statt Avira angesagt?
als nächstes teste ich nochmal die Funktion des Startbuttons
danke bis dahin Gabi |