Danke. Das war sehr verständlich. Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:27-12-2015
durchgeführt von Claudia (Administrator) auf BRO (28-12-2015 14:07:01)
Gestartet von C:\Users\Claudia\Downloads
Geladene Profile: Claudia (Verfügbare Profile: Claudia)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: IE)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
() C:\Users\Claudia\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
() C:\ProgramData\dlprotect.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Farbar) C:\Users\Claudia\Downloads\FRST64 (1).exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2862448 2012-08-06] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191312 2012-08-07] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764032 2012-08-10] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-10] (Atheros Communications)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Download Protect] => C:\ProgramData\dlprotect.exe [12800 2014-01-31] ()
HKU\S-1-5-21-3492379164-3486580833-1077918532-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3632112 2015-08-14] (Electronic Arts)
HKU\S-1-5-21-3492379164-3486580833-1077918532-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2901584 2015-10-14] (Valve Corporation)
HKU\S-1-5-21-3492379164-3486580833-1077918532-1001\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3492379164-3486580833-1077918532-1001\...\Run: [AppSafe] => C:\Program Files (x86)\AppSafe\AppSafe.exe
HKU\S-1-5-21-3492379164-3486580833-1077918532-1001\...\Run: [Amazon Music] => C:\Users\Claudia\AppData\Local\Amazon Music\Amazon Music Helper.exe [5887808 2015-07-21] ()
HKU\S-1-5-21-3492379164-3486580833-1077918532-1001\...\RunOnce: [Application Restart #4] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.)
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => Keine Datei
AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => Keine Datei
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Keine Datei
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Keine Datei
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => Keine Datei
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Keine Datei
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Keine Datei
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => Keine Datei
Startup: C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk [2015-12-28]
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
GroupPolicy: Beschränkung - Chrome <======= ACHTUNG
CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{90D77E91-6B8A-4DB9-A4A2-AEECDDEC36D9}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{FAB4916E-D94D-4667-9229-B71FA3830175}: [DhcpNameServer] 192.168.2.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1402328749&from=cor&uid=ST500LM012XHN-M500MBB_S2RSJ9KD184972&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1402328749&from=cor&uid=ST500LM012XHN-M500MBB_S2RSJ9KD184972&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1402328749&from=cor&uid=ST500LM012XHN-M500MBB_S2RSJ9KD184972
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1402328749&from=cor&uid=ST500LM012XHN-M500MBB_S2RSJ9KD184972
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1402328749&from=cor&uid=ST500LM012XHN-M500MBB_S2RSJ9KD184972&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1402328749&from=cor&uid=ST500LM012XHN-M500MBB_S2RSJ9KD184972&q={searchTerms}
HKU\S-1-5-21-3492379164-3486580833-1077918532-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.delta-homes.com/web/?type=ds&ts=1402573128&from=wpm0612&uid=ST500LM012XHN-M500MBB_S2RSJ9KD184972&q={searchTerms}
HKU\S-1-5-21-3492379164-3486580833-1077918532-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKU\S-1-5-21-3492379164-3486580833-1077918532-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1402328749&from=cor&uid=ST500LM012XHN-M500MBB_S2RSJ9KD184972
HKU\S-1-5-21-3492379164-3486580833-1077918532-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.delta-homes.com/web/?type=ds&ts=1402573128&from=wpm0612&uid=ST500LM012XHN-M500MBB_S2RSJ9KD184972&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_secureddownload_14_35_ie&cd=2XzuyEtN2Y1L1QzuyDtB0ByB0CtA0F0B0A0D0D0FtD0EtCyEtN0D0Tzu0SzyyCzytN1L2XzutAtFtDtFtCtDtFtAtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBzy0E0D0A0CtAzytGyEzzzz0CtG0EzzyC0EtGtCtAtA0CtGtB0CyDzy0A0FtBtDtAtBtBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByC0DyE0C0FtDzytG0E0CtDyDtGyE0F0CyDtG0B0FyDtCtGyE0B0BtDzz0CtCtB0ByE0EtA2Q&cr=427590204&ir=
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {BB8575D6-0877-4E59-AE6B-CC2063262D91} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_clickconnect_14_39_ie&cd=2XzuyEtN2Y1L1QzuyDtB0ByB0CtA0F0B0A0D0D0FtD0EtCyEtN0D0Tzu0StCtDtDtBtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2SyB0AtC0DyE0CtBtDtG0DyD0B0EtGzyyB0F0AtG0A0DtBtDtGtAtDyBtC0CtBtCyB0C0EtCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EzyyC0E0EtDyDyCtG0DzytCyEtGyE0F0CyDtGzz0D0D0DtGyCtCyDtCtAyDyB0F0Bzy0ByB2Q&cr=757127400&ir=
SearchScopes: HKLM-x32 -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1402328749&from=cor&uid=ST500LM012XHN-M500MBB_S2RSJ9KD184972&q={searchTerms}
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-3492379164-3486580833-1077918532-1001 -> DefaultScope {BB8575D6-0877-4E59-AE6B-CC2063262D91} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-3492379164-3486580833-1077918532-1001 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=4CCD52B7C3FBADDF&affID=125035&tsp=5033
SearchScopes: HKU\S-1-5-21-3492379164-3486580833-1077918532-1001 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_secureddownload_14_35_ie&cd=2XzuyEtN2Y1L1QzuyDtB0ByB0CtA0F0B0A0D0D0FtD0EtCyEtN0D0Tzu0SzyyCzytN1L2XzutAtFtDtFtCtDtFtAtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBzy0E0D0A0CtAzytGyEzzzz0CtG0EzzyC0EtGtCtAtA0CtGtB0CyDzy0A0FtBtDtAtBtBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByC0DyE0C0FtDzytG0E0CtDyDtGyE0F0CyDtG0B0FyDtCtGyE0B0BtDzz0CtCtB0ByE0EtA2Q&cr=427590204&ir=
SearchScopes: HKU\S-1-5-21-3492379164-3486580833-1077918532-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.delta-homes.com/web/?type=ds&ts=1402573128&from=wpm0612&uid=ST500LM012XHN-M500MBB_S2RSJ9KD184972&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3492379164-3486580833-1077918532-1001 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-3492379164-3486580833-1077918532-1001 -> {BB8575D6-0877-4E59-AE6B-CC2063262D91} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-08-10] (Qualcomm Atheros Commnucations)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04] (Adobe Systems Incorporated)
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\ggrvv9aj.default
FF DefaultSearchEngine: Google
FF DefaultSearchUrl: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de?hl=de&gl=de
FF Keyword.URL: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-08] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-08] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll [2014-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll [2014-05-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-04-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3492379164-3486580833-1077918532-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Claudia\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-06-18] (Citrix Online)
FF user.js: detected! => C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\ggrvv9aj.default\user.js [2014-03-14]
FF Extension: bettermarkit - C:\Program Files (x86)\bettermarkit\150.xpi [2014-03-14] [ist nicht signiert]
FF Extension: Download Protect - C:\WINDOWS\Installer\{A723393E-BDC6-417C-A8C1-6C446A3E78B6}\{761A8642-57F9-4085-B6F0-CCCF0014998F}.xpi [2014-06-29] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [{761A8642-57F9-4085-B6F0-CCCF0014998F}] - C:\WINDOWS\Installer\{A723393E-BDC6-417C-A8C1-6C446A3E78B6}\{761A8642-57F9-4085-B6F0-CCCF0014998F}.xpi
FF HKU\S-1-5-21-3492379164-3486580833-1077918532-1001\...\Firefox\Extensions: [{2828fb93-77f7-413f-a235-e897454636fa}] - C:\Program Files (x86)\bettermarkit\150.xpi
Chrome:
=======
CHR Profile: C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Store) - C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ainbkicbloikcngphmjfpjdemblcojdd [2014-07-27]
CHR Extension: (Store) - C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-15]
CHR Extension: (Google Drive) - C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-16]
CHR Extension: (YouTube) - C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-16]
CHR Extension: (Google-Suche) - C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-16]
CHR Extension: (Store) - C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jolegbmgefonkhpbjhlmocmmmhjaeijp [2014-06-30]
CHR Extension: (Store) - C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpnkngdlkfogmplnfcbphiekcjgbnckb [2014-03-28]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-14]
CHR Extension: (Store) - C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogfjmhfnldnajmfaofeiaepghjenbgjo [2014-06-12] [UpdateUrl: hxxp://www.lightningnewtab.com/newtabv3/updates.xml] <==== ACHTUNG
CHR Extension: (Store) - C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma [2014-08-13]
CHR Extension: (Google Mail) - C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-03]
CHR HKLM\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3492379164-3486580833-1077918532-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mpnkngdlkfogmplnfcbphiekcjgbnckb] - C:\Program Files (x86)\bettermarkit\150.crx [2014-03-14]
CHR HKLM-x32\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - chrome.exe
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations) [Datei ist nicht signiert]
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-09-05] (Samsung Electronics CO., LTD.)
S2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [704112 2014-05-08] () [Datei ist nicht signiert]
R2 IntelliMemory; C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe [55720 2012-12-21] (Condusiv Technologies)
S3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe [149160 2015-11-04] (Mozilla Foundation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2007048 2015-08-14] (Electronic Arts)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [2956336 2013-05-15] (Samsung Electronics CO., LTD.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros) [Datei ist nicht signiert]
S2 Update ResultsAlpha; "C:\Program Files (x86)\ResultsAlpha\updateResultsAlpha.exe" [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-10] (Advanced Micro Devices, Inc.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices)
S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-22] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-18] (Advanced Micro Devices)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 intmfs; C:\Windows\System32\DRIVERS\intmfs.sys [29096 2012-12-21] (Condusiv Technologies)
R0 intmsd; C:\Windows\System32\DRIVERS\intmsd.sys [104872 2012-12-21] (Condusiv Technologies)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2013-02-21] (Windows (R) 2003 DDK 3790 provider)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S1 ttnfd; system32\drivers\ttnfd.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-12-28 14:07 - 2015-12-28 14:07 - 00024253 _____ C:\Users\Claudia\Downloads\FRST.txt
2015-12-28 14:06 - 2015-12-28 14:07 - 00000000 ____D C:\FRST
2015-12-28 14:05 - 2015-12-28 14:05 - 02370560 _____ (Farbar) C:\Users\Claudia\Downloads\FRST64 (1).exe
2015-12-28 14:04 - 2015-12-28 14:05 - 02370560 _____ (Farbar) C:\Users\Claudia\Downloads\FRST64.exe
2015-12-28 14:03 - 2015-12-28 14:03 - 01721856 _____ (Farbar) C:\Users\Claudia\Downloads\FRST.exe
2015-12-28 13:59 - 2015-12-28 13:59 - 00000000 ___RD C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-12-16 17:04 - 2015-12-16 17:04 - 00059114 _____ C:\Users\Claudia\Downloads\Konto_6010179392-Auszug_2015_007.PDF
2015-12-15 18:40 - 2015-12-15 18:40 - 00000000 ___SH C:\DkHyperbootSync
2015-12-11 16:25 - 2015-12-11 16:25 - 00000962 _____ C:\Users\Public\Desktop\CEWE FOTOSCHAU.lnk
2015-12-11 16:25 - 2015-12-11 16:25 - 00000947 _____ C:\Users\Public\Desktop\dm-Fotowelt.lnk
2015-12-11 16:25 - 2015-12-11 16:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\dm-Fotowelt
2015-12-11 16:19 - 2015-12-11 16:19 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\hps-install
2015-12-08 20:46 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll
2015-12-08 20:46 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL
2015-12-08 20:46 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL
2015-12-08 20:46 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL
2015-12-08 20:46 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll
2015-12-08 20:46 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL
2015-12-08 20:46 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL
2015-12-08 20:46 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL
2015-12-08 20:46 - 2015-10-22 17:21 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-12-08 20:46 - 2015-10-22 17:21 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-12-08 20:46 - 2015-10-22 16:58 - 00868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-12-08 20:46 - 2015-10-22 16:58 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-12-08 20:46 - 2015-10-22 15:08 - 00513456 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-12-08 20:46 - 2015-10-22 15:08 - 00513456 _____ C:\WINDOWS\system32\locale.nls
2015-12-08 20:46 - 2015-10-11 07:34 - 00468824 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-12-08 20:46 - 2015-10-11 07:34 - 00462168 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-12-08 20:46 - 2015-10-11 07:34 - 00443224 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2015-12-08 20:46 - 2015-10-11 07:34 - 00092504 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2015-12-08 20:46 - 2015-10-11 07:34 - 00027992 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2015-12-08 20:46 - 2015-10-10 19:41 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2015-12-08 20:46 - 2015-10-10 19:41 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbohci.sys
2015-12-08 20:46 - 2015-10-08 17:11 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2015-12-08 20:46 - 2015-10-08 16:50 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2015-12-08 20:45 - 2015-11-11 17:21 - 25837568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-08 20:45 - 2015-11-11 17:00 - 12856832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-08 20:45 - 2015-11-11 16:44 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-12-08 20:45 - 2015-11-11 16:44 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-12-08 20:45 - 2015-11-11 16:41 - 20366848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-08 20:45 - 2015-11-11 16:12 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-12-08 20:45 - 2015-11-10 01:13 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-12-08 20:45 - 2015-11-10 01:11 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-12-08 20:45 - 2015-11-10 01:08 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-08 20:45 - 2015-11-10 01:04 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-12-08 20:45 - 2015-11-10 01:02 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-12-08 20:45 - 2015-11-10 00:46 - 04514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-12-08 20:45 - 2015-11-10 00:41 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-12-08 20:45 - 2015-11-10 00:37 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-12-08 20:45 - 2015-11-10 00:36 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-12-08 20:45 - 2015-11-10 00:36 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-12-08 20:45 - 2015-11-10 00:36 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-12-08 20:45 - 2015-11-10 00:25 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-12-08 20:45 - 2015-11-10 00:17 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-12-08 20:45 - 2015-11-10 00:14 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-12-08 20:45 - 2015-11-10 00:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-12-08 20:45 - 2015-11-08 23:15 - 02887168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-08 20:45 - 2015-11-08 23:15 - 00571392 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-12-08 20:45 - 2015-11-08 23:04 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-12-08 20:45 - 2015-11-08 23:02 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-12-08 20:45 - 2015-11-08 23:01 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-12-08 20:45 - 2015-11-08 22:32 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-12-08 20:45 - 2015-11-08 22:32 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-12-08 20:45 - 2015-11-08 22:25 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-12-08 20:45 - 2015-11-08 22:18 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-12-08 20:45 - 2015-11-08 22:16 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-12-08 20:45 - 2015-11-08 22:15 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-12-08 20:45 - 2015-11-08 22:15 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-12-08 20:45 - 2015-11-08 22:14 - 14456832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-08 20:45 - 2015-11-08 22:13 - 02123264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-12-08 20:45 - 2015-11-08 21:53 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-12-08 20:45 - 2015-11-08 21:53 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-12-08 20:45 - 2015-11-08 21:41 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-12-08 20:45 - 2015-11-08 21:30 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-12-08 20:45 - 2015-10-10 18:20 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-12-08 20:45 - 2015-10-05 19:28 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2015-12-08 20:45 - 2015-10-05 19:25 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-12-08 20:45 - 2015-10-03 20:41 - 01385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-12-08 20:45 - 2015-10-03 20:41 - 01124384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-12-08 20:40 - 2015-11-05 09:59 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-08 20:35 - 2015-11-22 07:59 - 07455064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-12-08 20:35 - 2015-11-22 07:59 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-08 20:35 - 2015-11-22 07:59 - 01659568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-12-08 20:35 - 2015-11-22 07:59 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-12-08 20:35 - 2015-11-22 07:59 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-12-08 20:35 - 2015-11-22 07:59 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-12-08 20:35 - 2015-11-22 07:58 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-12-08 20:35 - 2015-11-21 19:32 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-12-08 20:35 - 2015-11-21 18:50 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-12-08 20:35 - 2015-11-21 17:59 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-08 20:35 - 2015-11-21 17:49 - 01344000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-08 20:35 - 2015-11-21 17:47 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-08 20:35 - 2015-11-21 17:40 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-08 20:34 - 2015-11-09 01:41 - 01540728 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-08 20:34 - 2015-11-08 23:30 - 04176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-12-08 20:34 - 2015-11-08 22:23 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-12-08 20:34 - 2015-11-08 22:13 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-12-08 20:34 - 2015-11-08 22:01 - 01753600 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-08 20:34 - 2015-11-08 21:52 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-12-08 20:34 - 2015-11-08 21:48 - 01376256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-08 20:34 - 2015-11-08 21:42 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-08 20:31 - 2015-11-20 23:47 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-12-08 20:31 - 2015-11-20 19:18 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-12-08 20:31 - 2015-11-20 17:58 - 03706880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-12-08 20:31 - 2015-11-20 17:47 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-12-08 20:31 - 2015-11-20 17:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-12-08 20:31 - 2015-11-20 17:44 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-12-08 20:31 - 2015-11-20 17:44 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-12-08 20:31 - 2015-11-20 17:43 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-12-08 20:31 - 2015-11-20 17:42 - 02243584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-12-08 20:31 - 2015-11-20 17:30 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-12-08 20:31 - 2015-11-20 17:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-12-08 20:31 - 2015-11-20 17:28 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-12-08 20:31 - 2015-11-20 17:27 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-12-08 20:30 - 2015-10-28 16:49 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-08 20:30 - 2015-10-28 16:29 - 02462720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-12-28 14:08 - 2014-01-31 16:43 - 00001120 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-28 14:06 - 2013-08-22 14:36 - 00000000 ____D C:\Windows
2015-12-28 14:04 - 2012-10-23 01:29 - 00000360 _____ C:\WINDOWS\Tasks\Xerox PhotoCafe Communicator.job
2015-12-28 14:03 - 2013-06-25 22:30 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3492379164-3486580833-1077918532-1001
2015-12-28 14:02 - 2012-10-23 01:29 - 00000000 ____D C:\ProgramData\WinClon
2015-12-28 14:01 - 2014-03-14 07:04 - 00000402 _____ C:\WINDOWS\Tasks\bettermarkit Update.job
2015-12-28 14:00 - 2013-11-18 20:36 - 00000000 __RDO C:\Users\Claudia\SkyDrive
2015-12-28 13:58 - 2014-01-31 16:43 - 00001116 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-28 13:58 - 2013-09-21 18:40 - 00000000 ____D C:\Program Files (x86)\Steam
2015-12-28 11:46 - 2014-06-09 16:45 - 00000308 _____ C:\WINDOWS\Tasks\AppCloudUpdater.job
2015-12-28 11:30 - 2014-06-26 20:11 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-28 11:25 - 2015-06-18 14:19 - 00000582 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3492379164-3486580833-1077918532-1001.job
2015-12-28 10:54 - 2013-10-21 17:28 - 00003918 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C3D59626-3FB9-4921-B023-2A0F54846A30}
2015-12-27 14:43 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-27 14:43 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-27 14:43 - 2012-07-26 08:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-27 14:18 - 2015-09-18 17:37 - 00000678 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3492379164-3486580833-1077918532-1001.job
2015-12-21 18:53 - 2015-09-18 17:37 - 00003672 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-3492379164-3486580833-1077918532-1001
2015-12-21 18:53 - 2015-06-18 14:19 - 00003576 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-3492379164-3486580833-1077918532-1001
2015-12-16 08:28 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2015-12-15 18:39 - 2015-09-07 17:58 - 00000000 ____D C:\Users\Claudia\Documents\Praktikum 3
2015-12-14 22:16 - 2013-12-06 16:37 - 00000000 ____D C:\ProgramData\tmp
2015-12-14 18:22 - 2013-09-30 05:14 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-14 18:22 - 2013-09-30 04:56 - 00765582 _____ C:\WINDOWS\system32\perfh007.dat
2015-12-14 18:22 - 2013-09-30 04:56 - 00159366 _____ C:\WINDOWS\system32\perfc007.dat
2015-12-14 18:22 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf
2015-12-12 18:19 - 2015-05-25 09:40 - 00000000 ___RD C:\Users\Claudia\OneDrive
2015-12-12 18:19 - 2014-09-28 19:47 - 00003090 _____ C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3492379164-3486580833-1077918532-1001
2015-12-12 18:09 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-12 18:09 - 2013-08-22 15:44 - 00486936 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-12 18:07 - 2015-11-19 20:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-12 18:06 - 2013-08-22 14:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-12-09 04:39 - 2013-10-26 15:40 - 00301728 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-12-08 22:08 - 2013-08-02 09:06 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-08 22:02 - 2013-06-26 10:29 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-08 20:30 - 2014-06-26 20:11 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-12-01 18:19 - 2015-03-14 13:41 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-12-01 18:19 - 2015-03-14 13:41 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2013-06-25 22:20 - 2013-07-14 19:22 - 0004745 _____ () C:\Users\Claudia\AppData\Roaming\AbsoluteReminder.xml
2014-09-28 19:27 - 2014-09-28 19:27 - 0000045 _____ () C:\Users\Claudia\AppData\Roaming\WB.CFG
2013-11-04 19:40 - 2014-12-05 07:47 - 0005120 _____ () C:\Users\Claudia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-18 20:45 - 2013-11-18 20:45 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-01-31 16:42 - 2014-01-31 16:42 - 0012800 _____ () C:\ProgramData\dlprotect.exe
2013-06-26 09:30 - 2013-02-21 15:59 - 2063240 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe
2013-06-26 09:30 - 2013-01-12 22:51 - 0003004 _____ () C:\ProgramData\MakeMarkerFile.xml
Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\ProgramData\dlprotect.exe
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-12-18 20:29
==================== Ende von FRST.txt ============================ Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:27-12-2015
durchgeführt von Claudia (2015-12-28 14:08:56)
Gestartet von C:\Users\Claudia\Downloads
Windows 8.1 (X64) (2013-10-20 21:15:27)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3492379164-3486580833-1077918532-500 - Administrator - Disabled)
Claudia (S-1-5-21-3492379164-3486580833-1077918532-1001 - Administrator - Enabled) => C:\Users\Claudia
Gast (S-1-5-21-3492379164-3486580833-1077918532-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3492379164-3486580833-1077918532-1005 - Limited - Enabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.1.0.8 - Absolute Software)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Adobe Flash Player Packages (HKU\S-1-5-21-3492379164-3486580833-1077918532-1001\...\Adobe Flash Player Packages) (Version: - ) <==== ACHTUNG
Adobe Reader X (10.1.3) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-3492379164-3486580833-1077918532-1001\...\Amazon Amazon Music) (Version: 3.10.0.928 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{C81A2726-7169-75AF-62C4-250BBB638924}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
AMD VISION Engine Control Center (HKLM-x32\...\{8B1A559A-FB9D-42F5-A8A7-2F132CF28414}) (Version: 1.00.0000 - )
Anna - Extended Edition (HKLM-x32\...\Steam App 217690) (Version: - Dreampainters)
AppCloudUpdater (HKU\S-1-5-21-3492379164-3486580833-1077918532-1001\...\AppCloudUpdater) (Version: - AppCloudUpdater) <==== ACHTUNG
Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
bettermarkit (HKLM-x32\...\a207c8e9-8b5d-4b7f-9763-8986c6ca8939) (Version: - bettermarkitnet Soft) <==== ACHTUNG
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Citrix Online Launcher (HKLM-x32\...\{6740FE60-43C1-4D15-8C4A-001624134B14}) (Version: 1.0.312 - Citrix)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1912 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.55.4 - Electronic Arts)
Die Sims™ 3 Einfach tierisch (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
Die Sims™ 3 Jahreszeiten (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
dm-Fotowelt (HKLM-x32\...\dm-Fotowelt) (Version: 6.1.2 - CEWE Stiftung u Co. KGaA)
Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.4 - Samsung Electronics CO.,LTD.)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
ETDWare PS/2-X64 11.7.2.1_WHQL (HKLM\...\Elantech) (Version: 11.7.2.1 - ELAN Microelectronic Corp.)
Extended Update (HKU\S-1-5-21-3492379164-3486580833-1077918532-1001\...\UpdaterEX) (Version: - ) <==== ACHTUNG
FormatFactory 3.5.0.0 (HKLM-x32\...\FormatFactory) (Version: 3.5.0.0 - Format Factory)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
GoToMeeting 7.8.0.4151 (HKU\S-1-5-21-3492379164-3486580833-1077918532-1001\...\GoToMeeting) (Version: 7.8.0.4151 - CitrixOnline)
Harry Potter und die Heiligtümer des Todes(TM) - Teil 2 (HKLM-x32\...\{F0C9E8E9-C54B-48C1-9192-F5D49633AB5D}) (Version: 1.0.0.0 - Electronic Arts)
Help Desk (HKLM\...\{18BB06D9-8518-48E5-88F7-5AE1DF02546B}) (Version: 1.0.6 - Samsung Electronics CO., LTD.)
HP Officejet 6700 - Grundlegende Software für das Gerät (HKLM\...\{9086D601-50B7-491D-A143-28193DADE36B}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6700 Hilfe (HKLM-x32\...\{E1AE0CB7-1333-4728-8520-CB3F88A252B4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IntelliMemory (HKLM\...\{40320F22-7D70-49DB-9D66-B6FAE5F36B47}) (Version: 1.0.32.0 - Condusiv Technologies)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 5.1.3 - CEWE Stiftung u Co. KGaA)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3492379164-3486580833-1077918532-1001\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0407-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3 - Mozilla)
Origin (HKLM-x32\...\Origin) (Version: 9.0.14.2148 - Electronic Arts, Inc.)
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version: - PopCap Games)
Plus-HD-3.8 (HKLM-x32\...\Plus-HD-3.8) (Version: 1.34.2.13 - Plus HD) <==== ACHTUNG
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6699 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.6.5 - Samsung Electronics CO., LTD.)
ResultsAlpha (HKLM\...\ResultsAlpha) (Version: 2014.03.14.013617 - ResultsAlpha) <==== ACHTUNG
S Agent (Version: 1.1.41 - Samsung Electronics CO., LTD.) Hidden
Settings (HKLM-x32\...\{52E5DE60-C96B-42CC-9A37-FE04725940AE}) (Version: 2.0.0 - Samsung Electronics CO., LTD.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Studie zur Verbesserung von HP Officejet 6700 Produkten (HKLM\...\{4EE2A4CB-47B0-4412-808C-D556E3940598}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Support Center (HKLM\...\{73280CF7-9471-4FB6-B018-E5FD7A09F1AF}) (Version: 2.0.13 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.5 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{411B07C7-9307-4AA7-932E-CB506E4CF3A3}) (Version: 2.1.15 - Samsung Electronics CO., LTD.)
TubeBox (HKLM-x32\...\{7a0bc01c-1d8a-4ec9-a3e2-da0d7ac5b1de}) (Version: 4.5.0.0 - Freetec)
TubeBox (x32 Version: 4.5.0.0 - Freetec) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
User Guide (HKLM-x32\...\{426BC106-F501-4D57-B908-4E550BD197F0}) (Version: 1.3.00 - Samsung Electronics CO., LTD.)
VIS (HKLM-x32\...\VIS) (Version: - ) <==== ACHTUNG
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Wildlife Park 2 (HKLM-x32\...\{151FFC5F-ADE2-4CC3-AB0B-D9F8EB3FBF7A}) (Version: 1.25 - Deep Silver)
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (07/27/2012 20.57.1.735) (HKLM\...\9F04C462DAB591BDCCE784F77E4D4F1736010B92) (Version: 07/27/2012 20.57.1.735 - Samsung Electronics Co. Ltd.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Movie Maker Packages (HKU\S-1-5-21-3492379164-3486580833-1077918532-1001\...\Windows Movie Maker Packages) (Version: - ) <==== ACHTUNG
Xerox PhotoCafe (HKLM-x32\...\Xerox PhotoCafe) (Version: 1.0.0.6162 - Xerox)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-3492379164-3486580833-1077918532-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Claudia\AppData\Local\Citrix\GoToMeeting\3499\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {07F7D437-3261-4942-851D-0F24544A24EB} - System32\Tasks\{F6FD28D2-2960-4384-AFB8-D6DC1065CDBB} => pcalua.exe -a C:\Users\Claudia\AppData\Roaming\sweet-page\UninstallManager.exe -c -ptid=cor
Task: {0BC722B4-F96A-41DF-A1F5-1ABE1D0124D5} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-09-05] (Samsung Electronics CO., LTD.)
Task: {1C15D38D-01A2-4517-9E2E-A396A604622B} - System32\Tasks\{F6FA14FC-E4B6-42CE-B088-520439DACEF1} => pcalua.exe -a "C:\Program Files (x86)\Windows Live\Installer\wlarp.exe"
Task: {21E4F08F-232B-4AE5-A941-181580E808AF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-08] (Microsoft Corporation)
Task: {2E095969-025A-498B-B4EE-143261CEA7C4} - System32\Tasks\G2MUploadTask-S-1-5-21-3492379164-3486580833-1077918532-1001 => C:\Users\Claudia\AppData\Local\Citrix\GoToMeeting\4151\g2mupload.exe [2015-12-21] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {3342EDFE-1BA7-4211-909C-FD50F11FCC69} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2013-05-08] (Samsung Electronics CO., LTD.)
Task: {3DAD3B33-E7C1-41E5-BD36-4A9156460B58} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-08] (Adobe Systems Incorporated)
Task: {3F0DE5B7-69C9-41F7-99FE-9EF273A9A87F} - System32\Tasks\HPCustParticipation HP Officejet 6700 => C:\Program Files\HP\HP Officejet 6700\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {440D75DD-9090-41B9-9E61-70099D7247B4} - System32\Tasks\HP AR Program Upload - 0308b3dcf0264a4bbbcc27aaccc031e8d3c6265b02544225aed8e71cfc5a89b0 => C:\Program Files\HP\HP Officejet 6700\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {449FA761-1F4D-4825-AEB0-E9634F3280CE} - System32\Tasks\Xerox PhotoCafe Communicator => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe [2011-10-26] ()
Task: {5218FE77-FB66-430B-BE26-CCA6C60C161C} - System32\Tasks\ScanToPCActivationApp.exe_{A7D3B9B5-897C-428C-9AA4-6C89C755AFDB} => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {6AC47ABA-33FA-4F5A-9694-C115C3A0A34B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6EBC775B-4121-4C53-83BC-FCA2C4248EC5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {756C7194-E8BA-4608-BF3B-3D796D0E535E} - System32\Tasks\HP AR Program Upload - 3bbb7dac9ccf47fcb72b9a50326fdccf61ffe225bcb94b09994bb763765d34d3 => C:\Program Files\HP\HP Officejet 6700\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {7C008DA4-210F-4D70-9E35-04CE8B52F9F3} - System32\Tasks\HP AR Program Upload - 1f0f4f121dce439ba5a09697ca6fe6c8b3e18ae7392b45bca8a8b8cd20504996 => C:\Program Files\HP\HP Officejet 6700\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {831E8A90-BEDC-4A9D-B0E3-EBAEBFA29D6E} - System32\Tasks\G2MUpdateTask-S-1-5-21-3492379164-3486580833-1077918532-1001 => C:\Users\Claudia\AppData\Local\Citrix\GoToMeeting\4151\g2mupdate.exe [2015-12-21] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {880EEFB3-A955-404D-A9C8-015A375C16D9} - System32\Tasks\HP AR Program Upload - cd8a7025d0a942a2aa686ce60f04f7d59ad86e38d28c4ed19a6600c9d3ab5432 => C:\Program Files\HP\HP Officejet 6700\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {8A5EEB5D-D8D8-4408-84E3-ABBA30756804} - System32\Tasks\bettermarkit Update => C:\Program Files (x86)\bettermarkit\markitup.exe [2014-03-14] () <==== ACHTUNG
Task: {8BD2416F-C0E8-4DFC-AAEB-842E68DD1B10} - System32\Tasks\HP AR Program Upload - 36a94d5a191f4a9c94fbdb36ecd0fe7b13c2278fe45d48d699f5fa5325984772 => C:\Program Files\HP\HP Officejet 6700\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {9289ABF0-0FA2-4AEE-BDF3-647A5D4D315F} - System32\Tasks\AppCloudUpdater => C:\Users\Claudia\AppData\Roaming\AppCloudUpdater\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ACHTUNG
Task: {94F978BF-5881-4DFF-AAC1-60A799AA60B9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {9D83200B-CB9D-4D37-9606-F6D2C82EF282} - System32\Tasks\AppSafe => C:\Program Files (x86)\AppSafe\AppSafe.exe <==== ACHTUNG
Task: {9DC2B761-EE4A-4AF6-B285-FCB9FD706D09} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3492379164-3486580833-1077918532-1001 => C:\Users\Claudia\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2015-12-12] (Microsoft Corporation)
Task: {B36CC9BA-C1CB-473B-A661-FCB2EBCC6DE0} - \CreateChoiceProcessTask -> Keine Datei <==== ACHTUNG
Task: {BCD860F0-2168-450E-9587-8D717404D6C3} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe
Task: {BDB17082-EC4B-4908-8D93-874BC7FDCB6D} - System32\Tasks\{68B19980-B0DF-4AEB-88B4-1FE51ECB7D59} => pcalua.exe -a "C:\Users\Claudia\AppData\Roaming\0C1I1L1R1J0C1F1G1G1P1R2Z\Windows Movie Maker Packages\uninstaller.exe" -c /Uninstall /NM="Windows Movie Maker Packages" /AN="0C1I1L1R1J0C1F1G1G1P1R2Z" /MBN="Windows Movie Maker Packages"
Task: {BE8D7DB9-4400-4F85-B40F-4CE5F01AD424} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2012-09-17] (SEC)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppCloudUpdater.job => C:\Users\Claudia\AppData\Roaming\APPCLO~1\UPDATE~1\UPDATE~1.EXE <==== ACHTUNG
Task: C:\WINDOWS\Tasks\AppSafe.job => C:\Program Files (x86)\AppSafe\AppSafe.exe <==== ACHTUNG
Task: C:\WINDOWS\Tasks\bettermarkit Update.job => C:\Program Files (x86)\bettermarkit\markitup.exe <==== ACHTUNG
Task: C:\WINDOWS\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe <==== ACHTUNG
Task: C:\WINDOWS\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe <==== ACHTUNG
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3492379164-3486580833-1077918532-1001.job => C:\Users\Claudia\AppData\Local\Citrix\GoToMeeting\4151\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3492379164-3486580833-1077918532-1001.job => C:\Users\Claudia\AppData\Local\Citrix\GoToMeeting\4151\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\UpdaterEX.job => C:\Users\Claudia\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe <==== ACHTUNG
Task: C:\WINDOWS\Tasks\Xerox PhotoCafe Communicator.job => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2013-12-06 16:06 - 2013-12-06 16:06 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-02-13 03:20 - 2015-02-13 03:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 03:20 - 2015-02-13 03:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00085112 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2012-08-10 10:28 - 2012-08-10 10:28 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-08-10 10:23 - 2012-08-10 10:23 - 00020992 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\de-DE\BtTray.de-DE.dll
2014-12-31 15:24 - 2015-07-21 06:02 - 05887808 _____ () C:\Users\Claudia\AppData\Local\Amazon Music\Amazon Music Helper.exe
2013-05-08 17:47 - 2013-05-08 17:47 - 00088624 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll
2014-01-31 16:42 - 2014-01-31 16:42 - 00012800 _____ () C:\ProgramData\dlprotect.exe
2013-12-06 16:06 - 2013-12-06 16:06 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2012-10-14 16:08 - 2012-10-14 16:08 - 04237944 _____ () C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
2012-09-05 08:50 - 2012-09-05 08:50 - 00028792 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 01012856 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00026744 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00060536 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00103544 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2013-09-21 18:42 - 2015-10-05 17:18 - 00778752 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-23 16:17 - 2015-07-03 17:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2014-06-09 16:53 - 2015-10-14 21:56 - 02423376 _____ () C:\Program Files (x86)\Steam\video.dll
2015-01-23 16:17 - 2015-07-03 17:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-23 16:17 - 2015-07-03 17:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-09-09 18:31 - 2015-09-24 01:33 - 02549248 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-09-09 18:31 - 2015-09-24 01:33 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-09-09 18:31 - 2015-09-24 01:33 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-09-09 18:31 - 2015-09-24 01:33 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-09-09 18:31 - 2015-09-24 01:33 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-10-10 21:30 - 2015-10-14 21:56 - 00705104 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2012-10-23 01:36 - 2012-06-08 04:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 03:34 - 2012-06-08 03:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-03-30 11:13 - 2014-06-29 17:08 - 00012288 _____ () C:\Program Files (x86)\Google\Chrome\Application\WTSAPI32.dll
2014-06-11 21:11 - 2014-06-05 14:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-11 21:11 - 2014-06-05 14:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-06-11 21:12 - 2014-06-05 14:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-11 21:12 - 2014-06-05 14:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-11 21:11 - 2014-06-05 14:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-02-21 16:45 - 2015-10-08 23:20 - 45010208 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3492379164-3486580833-1077918532-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme1\img13.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{30154217-BA22-4DAC-9625-D30D2D80DCBC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Anna\Anna.exe
FirewallRules: [{93E7F371-3789-441D-8A2D-A5063B1EBEB1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Anna\Anna.exe
FirewallRules: [{C7D6B12F-19E8-48B7-8431-D7931E835A99}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{DA6BEF07-9BD5-44A1-B879-D1FDBB97E7C9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{52719B42-8966-4281-A7E6-84EB04793658}] => (Allow) C:\Windows\System32\dldwcoms.exe
FirewallRules: [{631041D4-ED46-436A-9E01-A2566A7B68D0}] => (Allow) C:\Windows\System32\dldwcoms.exe
FirewallRules: [{646A267A-810C-4675-831A-B02EDD858EC1}] => (Allow) C:\Users\Claudia\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{9934293E-EFF2-419A-8D57-11CD01F54BB0}] => (Allow) C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe
FirewallRules: [{E6EA065E-09DD-417C-BD6D-5A44A4B0E36B}] => (Allow) C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe
FirewallRules: [{981D925B-5084-4340-9FEB-199396C11BAD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{DE20D9FA-D330-48CC-8784-AC12F07464C1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{F3D64F34-A4E3-4771-BB10-985E596AD018}] => (Allow) C:\Users\Claudia\AppData\Local\Temp\7zS0D90\HPDiagnosticCoreUI.exe
FirewallRules: [{4164AF0D-6BEF-4622-BFA1-D2099A71EF89}] => (Allow) C:\Users\Claudia\AppData\Local\Temp\7zS0D90\HPDiagnosticCoreUI.exe
FirewallRules: [{19115DCE-6434-4008-9737-6EFEDCC0EDD8}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\FaxApplications.exe
FirewallRules: [{BFA8F17D-AA1B-40C0-9D54-A924618041F2}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\DigitalWizards.exe
FirewallRules: [{19468BFC-8048-413A-BA3B-825892EED2CC}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\SendAFax.exe
FirewallRules: [{2F03498F-D79E-461F-AFE5-B09F3AE25352}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\DeviceSetup.exe
FirewallRules: [{77C00289-363D-4A3D-8A7F-1D6DB0AB5271}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
FirewallRules: [{649F140D-3AEF-4E2C-99A5-2C7E7C6D0202}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{3B7FB167-8CEE-4DFC-89BD-D37048BA1993}] => (Allow) C:\Users\Claudia\AppData\Local\Temp\7zS08FC\HPDiagnosticCoreUI.exe
FirewallRules: [{2A7F5034-782D-462B-80C3-9FDB88AF7ED8}] => (Allow) C:\Users\Claudia\AppData\Local\Temp\7zS08FC\HPDiagnosticCoreUI.exe
FirewallRules: [{F9309E00-D6DA-441F-8850-44328EBA0DED}] => (Allow) C:\Users\Claudia\AppData\Local\Temp\7zS2D5E\HPDiagnosticCoreUI.exe
FirewallRules: [{C7AA54D9-6F34-4C20-8918-E8C81E8210A7}] => (Allow) C:\Users\Claudia\AppData\Local\Temp\7zS2D5E\HPDiagnosticCoreUI.exe
FirewallRules: [{E90834CE-DEEA-40EF-BB34-E9EF58C27910}] => (Allow) C:\Users\Claudia\AppData\Local\Temp\7zS7444\HPDiagnosticCoreUI.exe
FirewallRules: [{6B50D8CE-5EF3-49A5-A7DF-457058422AE8}] => (Allow) C:\Users\Claudia\AppData\Local\Temp\7zS7444\HPDiagnosticCoreUI.exe
FirewallRules: [{11698514-2BF8-4EE7-8DE4-2057391A70DB}] => (Allow) C:\Users\Claudia\AppData\Local\Temp\7zS74CD\HPDiagnosticCoreUI.exe
FirewallRules: [{40FE44D3-BC90-452B-85DD-3A32E0A76C7A}] => (Allow) C:\Users\Claudia\AppData\Local\Temp\7zS74CD\HPDiagnosticCoreUI.exe
FirewallRules: [{AA2859D1-7038-4532-AC24-27CC3A9C7891}] => (Allow) C:\Users\Claudia\AppData\Local\Temp\7zS443A\HPDiagnosticCoreUI.exe
FirewallRules: [{E9A6B88C-DFBE-4D9A-B0E6-077307849DB5}] => (Allow) C:\Users\Claudia\AppData\Local\Temp\7zS443A\HPDiagnosticCoreUI.exe
FirewallRules: [{7E23C654-4B7E-442C-A3CD-B3F62658B927}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{85C96D55-D4F0-4055-AF0D-FEA6F4DFF8CF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0C44BE24-558B-4FC3-ADB1-DF026B3E5F5E}] => (Allow) C:\Users\Claudia\AppData\Local\Temp\7zS19A2\HPDiagnosticCoreUI.exe
FirewallRules: [{7A5F422A-E695-4700-AABC-320048068F7D}] => (Allow) C:\Users\Claudia\AppData\Local\Temp\7zS19A2\HPDiagnosticCoreUI.exe
FirewallRules: [{4A9E1EF6-E4C7-41BF-B79C-B0962F32C169}] => (Allow) C:\Users\Claudia\AppData\Local\Temp\7zS1A3C\HPDiagnosticCoreUI.exe
FirewallRules: [{F668E720-CD0F-4242-8AE7-3B42E5053F1F}] => (Allow) C:\Users\Claudia\AppData\Local\Temp\7zS1A3C\HPDiagnosticCoreUI.exe
FirewallRules: [{84C90573-550C-4220-BDDB-E77656AD9015}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7BEC31CD-568E-4B7E-9ABE-E84C132D9032}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{00C507F9-BFF4-4FCD-B13B-1188E88D9C54}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{23C6C979-5A15-41B3-9DDA-F27F8B296CD9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9FE7696C-3E03-498E-8453-8C530862975B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{F18E7EAB-B28F-4A12-853C-2776FC18F1F6}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2125BB1E-9E49-4242-B1E8-90803ED83A30}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{1A3861AD-74B3-4FA1-9AAC-D1E58A1A0D38}] => (Allow) LPort=2869
FirewallRules: [{31F83040-1A2E-4E76-A8CC-DD6678D67FFB}] => (Allow) LPort=1900
FirewallRules: [{E7BD066D-92EF-4364-B9C0-F0D170083886}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{778B0AC8-D5B6-48C8-A588-D9592671D0A1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{916C68B3-50D7-4874-8A28-CD395126AE61}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F4EBA57F-814D-459E-A490-7A9FDD0C07DB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6C328FD2-4E16-4CE6-9A39-2BF900BA622C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Wiederherstellungspunkte =========================
08-12-2015 21:53:56 Windows Update
18-12-2015 20:29:15 Windows Update
27-12-2015 14:38:33 Windows Update
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (12/28/2015 11:52:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14922
Error: (12/28/2015 11:52:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14922
Error: (12/28/2015 11:52:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (12/27/2015 05:58:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11391
Error: (12/27/2015 05:58:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11391
Error: (12/27/2015 05:58:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (12/25/2015 04:57:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8969
Error: (12/25/2015 04:57:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8969
Error: (12/25/2015 04:57:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (12/25/2015 04:57:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7328
Systemfehler:
=============
Error: (12/12/2015 06:09:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Update ResultsAlpha" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (12/12/2015 06:09:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "IePlugin Services" wurde aufgrund folgenden Fehlers nicht gestartet:
%%5
Error: (12/12/2015 06:09:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AppEx Networks Accelerator LWF" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31
Error: (12/12/2015 06:09:20 PM) (Source: APXACC) (EventID: 1003) (User: )
Description: The NDIS6 LWF initialization has failed. (0xC0000001)
Error: (12/12/2015 05:57:26 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8024001e fehlgeschlagen: Definitionsupdate für Windows Defender – KB2267602 (Definition 1.211.2548.0)
Error: (12/08/2015 08:37:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "IntelliMemory" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (11/19/2015 09:07:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Update ResultsAlpha" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/19/2015 09:07:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "IePlugin Services" wurde aufgrund folgenden Fehlers nicht gestartet:
%%5
Error: (11/19/2015 09:06:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AppEx Networks Accelerator LWF" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31
Error: (11/19/2015 09:06:52 PM) (Source: APXACC) (EventID: 1003) (User: )
Description: The NDIS6 LWF initialization has failed. (0xC0000001)
CodeIntegrity:
===================================
Date: 2015-12-28 14:05:39.604
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-28 14:05:38.749
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-14 21:50:15.792
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-11-19 21:18:29.729
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-11-04 23:01:37.272
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-11-04 21:04:05.572
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-11-04 21:04:05.037
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-09-20 19:03:08.779
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-09-20 19:03:07.905
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-09-01 18:56:17.003
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Speicherinformationen ===========================
Prozessor: AMD A6-4455M APU with Radeon(tm) HD Graphics
Prozentuale Nutzung des RAM: 26%
Installierter physikalischer RAM: 7640.35 MB
Verfügbarer physikalischer RAM: 5587.03 MB
Summe virtueller Speicher: 12488.36 MB
Verfügbarer virtueller Speicher: 10265.3 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:440.91 GB) (Free:306.79 GB) NTFS
==================== MBR & Partitionstabelle ==================
==================== Ende von Addition.txt ============================ |