Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Zip Datei entpakt, welche ein Javaskript enthält! Und nun?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 08.02.2016, 15:14   #1
SvenFeuer
 
Zip Datei entpakt, welche ein Javaskript enthält! Und nun? - Standard

Zip Datei entpakt, welche ein Javaskript enthält! Und nun?



Hallo
gestern hab ich wohl e weng Bockmist gebaut! Normalerweise öffne ich keine Mail-Anhänge, wo ich den Absender nicht kenne! Nur, den Absender der Mail von gestern abend habe ich gekannt!
Leider haben wir zu spät gemerkt, das die Email-Adresse nicht zu diesem Namen passte!
Ich habe keine Ahnung, wieso und weshalb! Jedenfalls war es wohl ein Javaskript oder so. Da ich die entpakte Datei schon einmal da hatte , haben wir sie mal mit einem Schreibprogramm geöffnet.Java1neu.pdf
Das ist die Erste Seite. Für mich schaut das aus, wie wenn sich das Programm meine Tasteneingaben merken soll!? Ich hab es dann halt mal gelöscht.
Wie kann ich jetzt raus finden, ob noch irgend was aktiv ist? Mein Avira Antivirus Pro war mit allen Funktionen immer an, eine Meldung kam aber nicht.
Dann hab ich den adwcleaner durch laufen lassen. Hier der Log:
# AdwCleaner v5.033 - Bericht erstellt am 07/02/2016 um 19:39:30
# Aktualisiert am 07/02/2016 von Xplode
# Datenbank : 2016-02-07.1 [Server]
# Betriebssystem : Windows 10 Home (x64)
# Benutzername : Sven - PCSASV
# Gestartet von : C:\Users\Sven\Downloads\adwcleaner_5.033.exe
# Option : Suchlauf
# Unterstützung : hxxp://toolslib.net/forum

***** [ Dienste ] *****

Dienst Gefunden : APNMCP

***** [ Ordner ] *****

Ordner Gefunden : C:\Program Files (x86)\AskPartnerNetwork
Ordner Gefunden : C:\Program Files (x86)\FreeRIP
Ordner Gefunden : C:\ProgramData\apn
Ordner Gefunden : C:\ProgramData\AskPartnerNetwork
Ordner Gefunden : C:\Users\Sven\AppData\Local\AskPartnerNetwork
Ordner Gefunden : C:\Users\Sven\AppData\Local\Temp\apn
Ordner Gefunden : C:\Users\Sven\AppData\Roaming\OpenCandy
Ordner Gefunden : C:\Users\Sven\AppData\Roaming\RHEng

***** [ Dateien ] *****

Datei Gefunden : C:\END
Datei Gefunden : C:\Users\Public\Desktop\eBay.lnk
Datei Gefunden : C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\kw99fd1p.default\searchplugins\conduit-search.xml
Datei Gefunden : C:\WINDOWS\SysNative\roboot64.exe

***** [ DLL ] *****


***** [ Verknüpfungen ] *****


***** [ Aufgabenplanung ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{41564952-412D-5637-4300-7A786E7484D7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{884189CF-7C10-41E8-A014-F7B2BE40AADB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BD125908-5F10-409F-9C01-F2207CA18887}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{EEA63863-87BC-4DCA-A5B5-EB97E3B04806}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-4300-7A786E7484D7}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{41564952-412D-5637-4300-7A786E7484D7}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{41564952-412D-5637-4300-7A786E7484D7}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{41564952-412D-5637-4300-7A786E7484D7}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Schlüssel Gefunden : HKCU\Software\AskPartnerNetwork
Schlüssel Gefunden : HKCU\Software\Conduit_Search_Protect
Schlüssel Gefunden : HKCU\Software\InstallCore
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : HKLM\SOFTWARE\AskPartnerNetwork
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\AskPartnerNetwork
Schlüssel Gefunden : HKU\.DEFAULT\Software\AskPartnerNetwork
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8036C72171EF4ba46856BF57969F6A36
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89BB7852687BDC34B9A81E01C7FF9173
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56c49B56F6B83E293C15
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A97C590397DCC454AA8923563BAB10E4
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B08932C78B697C244BE7BA3E6FF09B62
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA51B44D54927c4E9B7BC1D3FD1E49F
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327dc64C9A8B641A9E89646
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\158D6D9E3FE81fa428925F22ACB3A965
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6C514FEFC09f45BAFAAE1D7546ED4
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22468B0D6050b2e46B9C4B67A8F59577
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251BF05A2F606d43BB064BD63CBD87E
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3255D95681398614190EDF0A4F3F77DB
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28c944FBC7579CF4949414
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71E54748EDD3dc1468548785DC856EDA
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8d249B526503432F99D4
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Daten Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://search.conduit.com/?gd=&ctid=CT3321540&octid=EB_ORIGINAL_CTID&ISID=M10898A40-D01F-47B7-A6A3-AA5780555B42&SearchSource=55&CUI=&UM=5&UP=SPA9054BCA-38E3-4321-B073-A54BFBD156ED&SSPV=
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTBMon]

***** [ Internetbrowser ] *****


########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [7912 Bytes] ##########

Dann hab ich Spybot hinterher gejagt:
Search results from Spybot - Search & Destroy

07.02.2016 21:20:13
Scan took 00:27:02.
97 items found.

DownloadSponsor: [SBI $CC437C6B] Settings (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-3896469874-4053130608-2395046965-1001\Software\OCS\lastPID

DownloadSponsor: [SBI $980DE8E4] Settings (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-3896469874-4053130608-2395046965-1001\Software\OCS\PID

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Sven\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7W6HHUNC\admin.brightcove.com\analytics.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Sven\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7W6HHUNC\c.paypal.com\PayPalLSO.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Sven\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7W6HHUNC\cdn.deltatv.co\com.jeroenwijering.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Sven\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7W6HHUNC\chatango.com\fixed_id.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Sven\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7W6HHUNC\chatango.com\mini_login.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Sven\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7W6HHUNC\de-ipd.cdn.videoplaza.tv\com.videoplaza.adplayer.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Sven\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7W6HHUNC\de-ipd.cdn.videoplaza.tv\com.videoplaza.bootloader.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Sven\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7W6HHUNC\de-ipd.cdn.videoplaza.tv\se.videoplaza.kit.adplayer.adplayer.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Sven\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7W6HHUNC\gadcreatives.mode.com\movad.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Sven\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7W6HHUNC\live.gtcaster.com\com.jeroenwijering.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Sven\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7W6HHUNC\members.bet365.com\FCE.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Sven\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7W6HHUNC\mpsnare.iesnare.com\stm.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Sven\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7W6HHUNC\p.jwpcdn.com\com.longtailvideo.jwplayer.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Sven\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7W6HHUNC\static-cdn1.ustream.tv\flash.viewer.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Sven\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7W6HHUNC\www.aadvertismentt.com\com.jeroenwijering.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Sven\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7W6HHUNC\www.bet365.com\b365lipcs.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Sven\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7W6HHUNC\www.bet365.com\b365push.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Sven\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7W6HHUNC\www.bet365.com\bet365faves.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Sven\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7W6HHUNC\www.bet365.com\betslip365.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Sven\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7W6HHUNC\www.bet365.com\htrGgjy810GbjgGzynqGa1uwjkjwjshjx.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Sven\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7W6HHUNC\www.bet365.com\htrGgjy810GbjgGzynqGgjyhfqquwjkjwjshjx.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Sven\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7W6HHUNC\www.bet365.com\htrGgjy810GhjsyjwutirtizqjGifyfGhjsyjwutihttpnj.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Sven\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7W6HHUNC\www.paypalobjects.com\PayPalLSO.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Sven\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7W6HHUNC\www.paypalobjects.com\ppLsoTest.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Sven\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7W6HHUNC\www1.belboon.de\000013279.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Sven\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7W6HHUNC\www1.belboon.de\000016724.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\Sven\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7W6HHUNC\www.jsctool.com\d.swf\d.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\Sven\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7W6HHUNC\www.perfektdamen.com\#kernelteam\preferences.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\Sven\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7W6HHUNC\cdn.livestream.com\swf\LSPlayer.swf\LSPlayer.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\Sven\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7W6HHUNC\cdn2.dashbida.com\prod\vpaid2-dbfp.swf\dbStore.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

MediaPlex: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_PUBLIC (default)) (Browser: Cookie, nothing done)


DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_PUBLIC (default)) (Browser: Cookie, nothing done)


DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_PUBLIC (default)) (Browser: Cookie, nothing done)


DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_PUBLIC (default)) (Browser: Cookie, nothing done)


DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_PUBLIC (default)) (Browser: Cookie, nothing done)


DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_PUBLIC (default)) (Browser: Cookie, nothing done)


DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_PUBLIC (default)) (Browser: Cookie, nothing done)


Tradedoubler: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_PUBLIC (default)) (Browser: Cookie, nothing done)


Tradedoubler: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_PUBLIC (default)) (Browser: Cookie, nothing done)


MediaPlex: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_PUBLIC (default)) (Browser: Cookie, nothing done)


DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_PUBLIC (default)) (Browser: Cookie, nothing done)


Tradedoubler: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_PUBLIC (default)) (Browser: Cookie, nothing done)


FastClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_PUBLIC (default)) (Browser: Cookie, nothing done)


Statcounter: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_PUBLIC (default)) (Browser: Cookie, nothing done)


DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_PUBLIC (default)) (Browser: Cookie, nothing done)


MediaPlex: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_PUBLIC (default)) (Browser: Cookie, nothing done)


DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_PUBLIC (default)) (Browser: Cookie, nothing done)


BurstMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_PUBLIC (default)) (Browser: Cookie, nothing done)


Zedo: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_PUBLIC (default)) (Browser: Cookie, nothing done)


Zedo: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_PUBLIC (default)) (Browser: Cookie, nothing done)


MediaPlex: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_PUBLIC (default)) (Browser: Cookie, nothing done)


MediaPlex: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_PUBLIC (default)) (Browser: Cookie, nothing done)


MediaPlex: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_PUBLIC (default)) (Browser: Cookie, nothing done)


DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_PUBLIC (default)) (Browser: Cookie, nothing done)


Tradedoubler: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_PUBLIC (default)) (Browser: Cookie, nothing done)


Tradedoubler: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_PUBLIC (default)) (Browser: Cookie, nothing done)


Tradedoubler: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_PUBLIC (default)) (Browser: Cookie, nothing done)


DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_PUBLIC (default)) (Browser: Cookie, nothing done)


FastClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_PUBLIC (default)) (Browser: Cookie, nothing done)


BurstMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_PUBLIC (default)) (Browser: Cookie, nothing done)


WebTrends live: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_PUBLIC (default)) (Browser: Cookie, nothing done)


Zedo: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_PUBLIC (default)) (Browser: Cookie, nothing done)


Zedo: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_PUBLIC (default)) (Browser: Cookie, nothing done)


Statcounter: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_PUBLIC (default)) (Browser: Cookie, nothing done)


Statcounter: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_PUBLIC (default)) (Browser: Cookie, nothing done)


DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_PUBLIC (default)) (Browser: Cookie, nothing done)


DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_PUBLIC (default)) (Browser: Cookie, nothing done)


DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_PUBLIC (default)) (Browser: Cookie, nothing done)


CasaleMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_PUBLIC (default)) (Browser: Cookie, nothing done)


CasaleMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_PUBLIC (default)) (Browser: Cookie, nothing done)


CasaleMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_PUBLIC (default)) (Browser: Cookie, nothing done)


CasaleMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_PUBLIC (default)) (Browser: Cookie, nothing done)


CasaleMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_PUBLIC (default)) (Browser: Cookie, nothing done)


7-Zip: [SBI $12C3A52C] Folder history (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-3896469874-4053130608-2395046965-1001\Software\7-ZIP\FM\FolderHistory

7-Zip: [SBI $3D5692BD] Last used folder (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-3896469874-4053130608-2395046965-1001\Software\7-ZIP\FM\PanelPath0

Internet Explorer: [SBI $1E8157BE] Typed URL list (Registry Key, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\TypedURLs

Internet Explorer: [SBI $1E8157BE] Typed URL list (Registry Key, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\TypedURLs

Internet Explorer: [SBI $1E8157BE] Typed URL list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-3896469874-4053130608-2395046965-1001\Software\Microsoft\Internet Explorer\TypedURLs

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-3896469874-4053130608-2395046965-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

MS Management Console: [SBI $ECD50EAD] Recent command list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-3896469874-4053130608-2395046965-1001\Software\Microsoft\Microsoft Management Console\Recent File List

MS Paint: [SBI $07867C39] Recent file list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-3896469874-4053130608-2395046965-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List

Windows Explorer: [SBI $7308A845] Run history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-3896469874-4053130608-2395046965-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU

Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-3896469874-4053130608-2395046965-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-3896469874-4053130608-2395046965-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-3896469874-4053130608-2395046965-1001\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-3896469874-4053130608-2395046965-1001\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-3896469874-4053130608-2395046965-1001\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Cookie: [SBI $49804B54] Browser: Cookie (40) (Browser: Cookie, nothing done)


Cache: [SBI $49804B54] Browser: Cache (159) (Browser: Cache, nothing done)


Verlauf: [SBI $49804B54] Browser: History (108) (Browser: History, nothing done)


Cookie: [SBI $49804B54] Browser: Cookie (3747) (Browser: Cookie, nothing done)



--- Spybot - Search & Destroy version: 2.4.40.131 DLL (build: 20140425) ---

2014-06-24 blindman.exe (2.4.40.151)
2014-06-24 explorer.exe (2.4.40.181)
2014-06-24 SDBootCD.exe (2.4.40.109)
2014-06-24 SDCleaner.exe (2.4.40.110)
2014-06-24 SDDelFile.exe (2.4.40.94)
2013-06-18 SDDisableProxy.exe
2014-06-24 SDFiles.exe (2.4.40.135)
2014-06-24 SDFileScanHelper.exe (2.4.40.1)
2014-06-24 SDFSSvc.exe (2.4.40.217)
2014-06-24 SDHelp.exe (2.4.40.1)
2014-04-25 SDHookHelper.exe (2.3.39.2)
2014-04-25 SDHookInst32.exe (2.3.39.2)
2014-04-25 SDHookInst64.exe (2.3.39.2)
2014-06-24 SDImmunize.exe (2.4.40.130)
2014-06-24 SDLogReport.exe (2.4.40.107)
2014-06-24 SDOnAccess.exe (2.4.40.11)
2014-06-24 SDPESetup.exe (2.4.40.3)
2014-06-24 SDPEStart.exe (2.4.40.86)
2014-06-24 SDPhoneScan.exe (2.4.40.28)
2014-06-24 SDPRE.exe (2.4.40.22)
2014-06-24 SDPrepPos.exe (2.4.40.15)
2014-06-24 SDQuarantine.exe (2.4.40.103)
2014-06-24 SDRootAlyzer.exe (2.4.40.116)
2014-06-24 SDSBIEdit.exe (2.4.40.39)
2014-06-24 SDScan.exe (2.4.40.181)
2014-06-24 SDScript.exe (2.4.40.54)
2014-06-24 SDSettings.exe (2.4.40.139)
2014-06-24 SDShell.exe (2.4.40.2)
2014-06-24 SDShred.exe (2.4.40.108)
2014-06-24 SDSysRepair.exe (2.4.40.102)
2014-06-24 SDTools.exe (2.4.40.157)
2014-06-24 SDTray.exe (2.4.40.129)
2014-06-27 SDUpdate.exe (2.4.40.94)
2014-06-27 SDUpdSvc.exe (2.4.40.77)
2014-06-24 SDWelcome.exe (2.4.40.130)
2014-04-25 SDWSCSvc.exe (2.3.39.2)
2015-03-25 spybotsd2-install-av-update.exe (2.4.40.0)
2014-05-20 spybotsd2-install-bdcore-update.exe (2.3.39.0)
2014-07-31 spybotsd2-translation-esx.exe
2013-06-19 spybotsd2-translation-frx.exe
2015-03-25 spybotsd2-translation-hrx.exe
2014-08-25 spybotsd2-translation-hux2.exe
2014-10-01 spybotsd2-translation-nlx2.exe
2014-11-05 spybotsd2-translation-ukx.exe
2015-07-28 spybotsd2-windows-upgrade-installer.exe (1.4.0.0)
2016-02-07 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2014-04-25 NotificationSpreader.dll
2014-06-24 SDAdvancedCheckLibrary.dll (2.4.40.98)
2015-03-25 SDAV.dll
2014-06-24 SDECon32.dll (2.4.40.114)
2014-06-24 SDECon64.dll (2.3.39.113)
2014-06-24 SDEvents.dll (2.4.40.2)
2014-06-24 SDFileScanLibrary.dll (2.4.40.14)
2014-04-25 SDHook32.dll (2.3.39.2)
2014-04-25 SDHook64.dll (2.3.39.2)
2014-06-24 SDImmunizeLibrary.dll (2.4.40.2)
2014-06-24 SDLicense.dll (2.4.40.0)
2014-06-24 SDLists.dll (2.4.40.4)
2014-06-24 SDResources.dll (2.4.40.7)
2014-06-24 SDScanLibrary.dll (2.4.40.131)
2014-06-24 SDTasks.dll (2.4.40.15)
2014-06-24 SDWinLogon.dll (2.4.40.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2014-06-24 Tools.dll (2.4.40.36)
2015-04-22 Includes\Adware-000.sbi (*)
2015-08-05 Includes\Adware-001.sbi (*)
2016-02-03 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-11-14 Includes\Dialer-000.sbi (*)
2014-11-14 Includes\Dialer-001.sbi (*)
2015-07-29 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2014-01-09 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2014-01-09 Includes\Fraud-003.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2014-11-14 Includes\Hijackers-000.sbi (*)
2014-11-14 Includes\Hijackers-001.sbi (*)
2015-12-23 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-11-14 Includes\Keyloggers-000.sbi (*)
2014-09-24 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2015-06-25 Includes\Malware-000.sbi (*)
2014-11-14 Includes\Malware-001.sbi (*)
2014-11-14 Includes\Malware-002.sbi (*)
2015-11-19 Includes\Malware-003.sbi (*)
2014-11-14 Includes\Malware-004.sbi (*)
2014-11-14 Includes\Malware-005.sbi (*)
2014-02-26 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2016-02-03 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2013-12-23 Includes\MalwareC.sbi (*)
2014-11-14 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2016-01-20 Includes\PUPS-C.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2014-01-07 Includes\PUPSC.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2015-12-02 Includes\Security-C.sbi (*)
2014-01-21 Includes\Security.sbi (*)
2014-01-21 Includes\SecurityC.sbi (*)
2015-11-11 Includes\Spyware-000.sbi (*)
2015-05-06 Includes\Spyware-001.sbi (*)
2015-08-12 Includes\Spyware-C.sbi (*)
2014-01-21 Includes\Spyware.sbi (*)
2014-01-21 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2014-01-15 Includes\Trojans-000.sbi (*)
2014-01-15 Includes\Trojans-001.sbi (*)
2014-11-14 Includes\Trojans-002.sbi (*)
2016-01-20 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-03-19 Includes\Trojans-005.sbi (*)
2015-03-31 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-07-09 Includes\Trojans-008.sbi (*)
2014-07-09 Includes\Trojans-009.sbi (*)
2016-02-03 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2016-02-03 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-16 Includes\TrojansC-01.sbi (*)
2014-01-16 Includes\TrojansC-02.sbi (*)
2014-01-16 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-16 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)

Was die 2 Programme gefunden haben, hab ich gelöscht. Kann ich sonst noch irgend was machen?

Mein Avira Antivirus läuft gerade auch durch.

Ach ja, Betriebsprogramm ist Windows 10...

Vielen Dank für eure Hilfe.

Sven

Alt 08.02.2016, 17:58   #2
M-K-D-B
/// TB-Ausbilder
 
Zip Datei entpakt, welche ein Javaskript enthält! Und nun? - Standard

Zip Datei entpakt, welche ein Javaskript enthält! Und nun?






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort als Administrator zu starten!



Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:
So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!




Zur ersten Analyse bitte FRST und TDSS-Killer ausführen:



Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)






Schritt 2
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.







Bitte poste mit deiner nächsten Antwort
  • die Logdatei von TDSS-Killer,
  • die beiden neuen Logdateien von FRST.
__________________


Alt 08.02.2016, 18:39   #3
SvenFeuer
 
Zip Datei entpakt, welche ein Javaskript enthält! Und nun? - Standard

Zip Datei entpakt, welche ein Javaskript enthält! Und nun?



Hallo und schon mal danke für die Hilfe!
Und los gehts:
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
durchgeführt von Sven (Administrator) auf PCSASV (08-02-2016 18:23:11)
Gestartet von C:\Users\Sven\Downloads
Geladene Profile: Sven (Verfügbare Profile: Sven)
Platform: Windows 10 Home Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2793016 2013-09-05] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [154680 2013-09-05] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [154680 2013-09-05] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-06-04] (IDT, Inc.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-08-22] (Hewlett-Packard )
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [803200 2015-12-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-19] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [455392 2015-04-10] (Sony)
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001\...\Run: [AviraSpeedup] => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup_internetsecuritysuite.exe [5395704 2014-11-24] (Avira)
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2016-01-28] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2016-01-28] (Garmin Ltd. or its subsidiaries)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{1c8f6359-ea3a-4a45-89e9-c1bec74245c9}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK14/4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK14/4
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK14/4
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPDSK14/4
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {22C7A57A-4D2D-4DAD-B778-32C842155EB9} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {22C7A57A-4D2D-4DAD-B778-32C842155EB9} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3896469874-4053130608-2395046965-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3896469874-4053130608-2395046965-1001 -> {22C7A57A-4D2D-4DAD-B778-32C842155EB9} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3896469874-4053130608-2395046965-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19] (Hewlett-Packard Company)
Toolbar: HKLM - Kein Name - {41564952-412D-5637-4300-7A786E7484D7} -  Keine Datei
Toolbar: HKLM-x32 - Kein Name - {41564952-412D-5637-4300-7A786E7484D7} -  Keine Datei

FireFox:
========
FF ProfilePath: C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\kw99fd1p.default
FF Homepage: hxxps://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-23] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-23] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-08-13] (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3896469874-4053130608-2395046965-1001: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2015-05-29] (Sony Network Entertainment International LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files (x86)\Sony\Media Go\MediaGoDetector.crx" <nicht gefunden>

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-11-04] (Advanced Micro Devices, Inc.)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [948392 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [466408 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [466408 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1418560 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-09-05] () [Datei ist nicht signiert]
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink)
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [803856 2016-01-28] (Garmin Ltd. or its subsidiaries)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-09-05] (Softex Inc.) [Datei ist nicht signiert]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) [Datei ist nicht signiert]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [333824 2013-06-04] (IDT, Inc.) [Datei ist nicht signiert]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [135880 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [146696 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [73032 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-08] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402136 2016-01-18] (Realsil Semiconductor Corporation)
U5 usbfilter; C:\Windows\System32\Drivers\usbfilter.sys [58536 2012-08-29] (Advanced Micro Devices)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 RSUSBSTOR; \SystemRoot\System32\Drivers\RtsUStor.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-02-08 18:23 - 2016-02-08 18:23 - 00017038 _____ C:\Users\Sven\Downloads\FRST.txt
2016-02-08 18:22 - 2016-02-08 18:23 - 00000000 ____D C:\FRST
2016-02-08 18:21 - 2016-02-08 18:22 - 02370560 _____ (Farbar) C:\Users\Sven\Downloads\FRST64.exe
2016-02-08 18:18 - 2016-02-08 18:18 - 00000000 ___HD C:\OneDriveTemp
2016-02-08 17:42 - 2016-02-08 17:42 - 00001993 _____ C:\Malwarebyte scan.txt
2016-02-08 17:29 - 2016-02-08 18:18 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-02-08 17:28 - 2016-02-08 17:28 - 00001182 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-02-08 17:28 - 2016-02-08 17:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-02-08 17:28 - 2016-02-08 17:28 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-02-08 17:28 - 2016-02-08 17:28 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2016-02-08 17:28 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-02-08 17:28 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-02-08 17:28 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-02-08 17:27 - 2016-02-08 17:27 - 01466656 _____ C:\Users\Sven\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2016-02-07 21:23 - 2016-02-07 21:24 - 01508352 _____ C:\Users\Sven\Downloads\adwcleaner_5.033(1).exe
2016-02-07 20:08 - 2016-02-07 20:08 - 00000000 ____D C:\Program Files\Common Files\AV
2016-02-07 20:08 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2016-02-07 20:07 - 2016-02-07 21:17 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-02-07 20:07 - 2016-02-07 20:08 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-02-07 20:07 - 2016-02-07 20:07 - 00001471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-02-07 20:07 - 2016-02-07 20:07 - 00001459 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-02-07 20:07 - 2016-02-07 20:07 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2016-02-07 20:07 - 2016-02-07 20:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-02-07 20:07 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2016-02-07 20:05 - 2016-02-07 20:06 - 01466656 _____ C:\Users\Sven\Downloads\SpyBot Search Destroy - CHIP-Installer.exe
2016-02-07 19:52 - 2016-02-07 19:53 - 00246532 _____ C:\WINDOWS\Minidump\020716-31531-01.dmp
2016-02-07 19:52 - 2016-02-07 19:52 - 976396273 _____ C:\WINDOWS\MEMORY.DMP
2016-02-07 19:52 - 2016-02-07 19:52 - 00000000 ____D C:\WINDOWS\Minidump
2016-02-07 19:39 - 2016-02-07 21:26 - 00000000 ____D C:\AdwCleaner
2016-02-07 19:38 - 2016-02-07 19:39 - 01508352 _____ C:\Users\Sven\Downloads\adwcleaner_5.033.exe
2016-02-07 18:56 - 2016-02-07 18:57 - 00464924 _____ C:\Users\Sven\Downloads\JavaRa.def
2016-02-07 18:56 - 2016-02-07 18:56 - 00002250 _____ C:\Users\Sven\Desktop\JavaRa - CHIP Downloader.lnk
2016-02-07 18:54 - 2016-02-07 18:54 - 00184620 _____ C:\Users\Sven\Downloads\JavaRa-2.6.1.zip
2016-02-07 18:53 - 2016-02-07 18:53 - 01466656 _____ C:\Users\Sven\Downloads\JavaRa - CHIP-Installer.exe
2016-02-04 17:46 - 2015-09-22 09:46 - 00072286 _____ C:\Users\Sven\Downloads\WT_2015_Bewertungsbogen.pdf
2016-02-04 17:46 - 2015-06-24 11:48 - 03664019 _____ C:\Users\Sven\Downloads\WT_2015_Folien.pdf
2016-02-04 17:45 - 2015-09-22 09:30 - 00179339 _____ C:\Users\Sven\Downloads\WT 2015_Termine.pdf
2016-02-04 17:45 - 2015-09-22 09:23 - 00177113 _____ C:\Users\Sven\Downloads\WT 2015_Anschreiben Jugendwarte.pdf
2016-02-04 17:45 - 2015-06-24 11:46 - 01306973 _____ C:\Users\Sven\Downloads\WT_2015_Beihefter.pdf
2016-01-28 20:29 - 2016-01-28 20:29 - 00000000 ____D C:\WINDOWS\PCHEALTH
2016-01-28 20:27 - 2016-01-16 07:36 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-28 20:27 - 2016-01-16 07:36 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-28 20:27 - 2016-01-16 07:34 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-28 20:27 - 2016-01-16 07:24 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2016-01-28 20:27 - 2016-01-16 07:23 - 08728920 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-01-28 20:27 - 2016-01-16 07:23 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-28 20:27 - 2016-01-16 07:23 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-28 20:27 - 2016-01-16 07:23 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-01-28 20:27 - 2016-01-16 07:23 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-01-28 20:27 - 2016-01-16 07:21 - 22572624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-01-28 20:27 - 2016-01-16 07:21 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2016-01-28 20:27 - 2016-01-16 07:20 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-01-28 20:27 - 2016-01-16 07:20 - 06600904 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-01-28 20:27 - 2016-01-16 07:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-28 20:27 - 2016-01-16 07:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2016-01-28 20:27 - 2016-01-16 07:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-28 20:27 - 2016-01-16 07:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-01-28 20:27 - 2016-01-16 07:17 - 21125400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-01-28 20:27 - 2016-01-16 07:16 - 05238360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-01-28 20:27 - 2016-01-16 07:13 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-01-28 20:27 - 2016-01-16 07:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-01-28 20:27 - 2016-01-16 07:12 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-01-28 20:27 - 2016-01-16 07:09 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-01-28 20:27 - 2016-01-16 07:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-01-28 20:27 - 2016-01-16 07:08 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-01-28 20:27 - 2016-01-16 06:45 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-28 20:27 - 2016-01-16 06:44 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-01-28 20:27 - 2016-01-16 06:40 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-01-28 20:27 - 2016-01-16 06:38 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-01-28 20:27 - 2016-01-16 06:38 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
2016-01-28 20:27 - 2016-01-16 06:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-01-28 20:27 - 2016-01-16 06:37 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-01-28 20:27 - 2016-01-16 06:36 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-28 20:27 - 2016-01-16 06:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-01-28 20:27 - 2016-01-16 06:36 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
2016-01-28 20:27 - 2016-01-16 06:35 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-01-28 20:27 - 2016-01-16 06:35 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-01-28 20:27 - 2016-01-16 06:34 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-01-28 20:27 - 2016-01-16 06:34 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2016-01-28 20:27 - 2016-01-16 06:34 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-01-28 20:27 - 2016-01-16 06:33 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2016-01-28 20:27 - 2016-01-16 06:32 - 24602624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-01-28 20:27 - 2016-01-16 06:32 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-01-28 20:27 - 2016-01-16 06:31 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-01-28 20:27 - 2016-01-16 06:31 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-01-28 20:27 - 2016-01-16 06:31 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-01-28 20:27 - 2016-01-16 06:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-01-28 20:27 - 2016-01-16 06:30 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-01-28 20:27 - 2016-01-16 06:30 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-01-28 20:27 - 2016-01-16 06:30 - 01053696 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-01-28 20:27 - 2016-01-16 06:30 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-01-28 20:27 - 2016-01-16 06:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll
2016-01-28 20:27 - 2016-01-16 06:29 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-01-28 20:27 - 2016-01-16 06:29 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-01-28 20:27 - 2016-01-16 06:28 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-01-28 20:27 - 2016-01-16 06:28 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-01-28 20:27 - 2016-01-16 06:28 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-01-28 20:27 - 2016-01-16 06:28 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2016-01-28 20:27 - 2016-01-16 06:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll
2016-01-28 20:27 - 2016-01-16 06:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-01-28 20:27 - 2016-01-16 06:26 - 19338752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-01-28 20:27 - 2016-01-16 06:26 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-01-28 20:27 - 2016-01-16 06:26 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll
2016-01-28 20:27 - 2016-01-16 06:25 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-01-28 20:27 - 2016-01-16 06:24 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-01-28 20:27 - 2016-01-16 06:24 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-01-28 20:27 - 2016-01-16 06:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-01-28 20:27 - 2016-01-16 06:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-01-28 20:27 - 2016-01-16 06:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-01-28 20:27 - 2016-01-16 06:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-01-28 20:27 - 2016-01-16 06:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-01-28 20:27 - 2016-01-16 06:21 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-01-28 20:27 - 2016-01-16 06:20 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-01-28 20:27 - 2016-01-16 06:20 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-01-28 20:27 - 2016-01-16 06:20 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-01-28 20:27 - 2016-01-16 06:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2016-01-28 20:27 - 2016-01-16 06:19 - 12126208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-01-28 20:27 - 2016-01-16 06:19 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-01-28 20:27 - 2016-01-16 06:19 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-01-28 20:27 - 2016-01-16 06:18 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-28 20:27 - 2016-01-16 06:17 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-01-28 20:27 - 2016-01-16 06:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-01-28 20:27 - 2016-01-16 06:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-28 20:27 - 2016-01-16 06:15 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-01-28 20:27 - 2016-01-16 06:14 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-01-28 20:27 - 2016-01-16 06:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-01-28 20:27 - 2016-01-05 03:51 - 07477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-01-28 20:27 - 2016-01-05 03:50 - 00671472 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-28 20:27 - 2016-01-05 03:48 - 00499432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-28 20:27 - 2016-01-05 03:45 - 02587696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-01-28 20:27 - 2016-01-05 03:42 - 02026736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-01-28 20:27 - 2016-01-05 03:37 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-01-28 20:27 - 2016-01-05 03:37 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-01-28 20:27 - 2016-01-05 03:37 - 00858952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-01-28 20:27 - 2016-01-05 03:37 - 00245840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-01-28 20:27 - 2016-01-05 03:37 - 00234504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2016-01-28 20:27 - 2016-01-05 03:36 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-01-28 20:27 - 2016-01-05 03:33 - 02180128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-28 20:27 - 2016-01-05 03:33 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-28 20:27 - 2016-01-05 03:33 - 00701384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-28 20:27 - 2016-01-05 03:33 - 00208176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2016-01-28 20:27 - 2016-01-05 03:33 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-01-28 20:27 - 2016-01-05 03:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-01-28 20:27 - 2016-01-05 03:27 - 01594408 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-28 20:27 - 2016-01-05 03:24 - 00796352 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-01-28 20:27 - 2016-01-05 03:23 - 01804664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-01-28 20:27 - 2016-01-05 03:23 - 01309376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-01-28 20:27 - 2016-01-05 03:23 - 00786696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-01-28 20:27 - 2016-01-05 03:21 - 01371792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-28 20:27 - 2016-01-05 03:17 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-28 20:27 - 2016-01-05 02:54 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-01-28 20:27 - 2016-01-05 02:53 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2016-01-28 20:27 - 2016-01-05 02:50 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-01-28 20:27 - 2016-01-05 02:50 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-01-28 20:27 - 2016-01-05 02:49 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-01-28 20:27 - 2016-01-05 02:49 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2016-01-28 20:27 - 2016-01-05 02:49 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommon.dll
2016-01-28 20:27 - 2016-01-05 02:48 - 01009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-01-28 20:27 - 2016-01-05 02:48 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-01-28 20:27 - 2016-01-05 02:47 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-01-28 20:27 - 2016-01-05 02:47 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-01-28 20:27 - 2016-01-05 02:45 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-01-28 20:27 - 2016-01-05 02:45 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-01-28 20:27 - 2016-01-05 02:44 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2016-01-28 20:27 - 2016-01-05 02:43 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-01-28 20:27 - 2016-01-05 02:43 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-01-28 20:27 - 2016-01-05 02:41 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-28 20:27 - 2016-01-05 02:41 - 00558592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-01-28 20:27 - 2016-01-05 02:40 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-28 20:27 - 2016-01-05 02:40 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll
2016-01-28 20:27 - 2016-01-05 02:39 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-01-28 20:27 - 2016-01-05 02:39 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-28 20:27 - 2016-01-05 02:39 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-01-28 20:27 - 2016-01-05 02:38 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-28 20:27 - 2016-01-05 02:36 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-01-28 20:27 - 2016-01-05 02:30 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-01-28 20:27 - 2016-01-05 02:30 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-01-28 20:27 - 2016-01-05 02:29 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-01-28 20:27 - 2016-01-05 02:28 - 07826432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-01-28 20:27 - 2016-01-05 02:28 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-01-28 20:27 - 2016-01-05 02:25 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-01-28 20:26 - 2016-01-16 07:37 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-01-28 20:26 - 2016-01-16 07:23 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-01-28 20:26 - 2016-01-16 07:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-01-28 20:26 - 2016-01-16 06:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-01-28 20:26 - 2016-01-16 06:44 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-01-28 20:26 - 2016-01-16 06:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
2016-01-28 20:26 - 2016-01-16 06:44 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2016-01-28 20:26 - 2016-01-16 06:43 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
2016-01-28 20:26 - 2016-01-16 06:42 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-01-28 20:26 - 2016-01-16 06:42 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
2016-01-28 20:26 - 2016-01-16 06:41 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-01-28 20:26 - 2016-01-16 06:40 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2016-01-28 20:26 - 2016-01-16 06:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2016-01-28 20:26 - 2016-01-16 06:40 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
2016-01-28 20:26 - 2016-01-16 06:39 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2016-01-28 20:26 - 2016-01-16 06:38 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-01-28 20:26 - 2016-01-16 06:38 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
2016-01-28 20:26 - 2016-01-16 06:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-01-28 20:26 - 2016-01-16 06:37 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-01-28 20:26 - 2016-01-16 06:36 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2016-01-28 20:26 - 2016-01-16 06:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2016-01-28 20:26 - 2016-01-16 06:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll
2016-01-28 20:26 - 2016-01-16 06:34 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-01-28 20:26 - 2016-01-16 06:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
2016-01-28 20:26 - 2016-01-16 06:33 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2016-01-28 20:26 - 2016-01-16 06:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-01-28 20:26 - 2016-01-16 06:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2016-01-28 20:26 - 2016-01-16 06:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe
2016-01-28 20:26 - 2016-01-16 06:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll
2016-01-28 20:26 - 2016-01-16 06:26 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-01-28 20:26 - 2016-01-16 06:26 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-01-28 20:26 - 2016-01-16 06:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2016-01-28 20:26 - 2016-01-16 06:25 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-01-28 20:26 - 2016-01-16 06:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-01-28 20:26 - 2016-01-16 06:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-01-28 20:26 - 2016-01-16 06:18 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-01-28 20:26 - 2016-01-16 06:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-01-28 20:26 - 2016-01-16 06:09 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-01-28 20:26 - 2016-01-05 03:51 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-01-28 20:26 - 2016-01-05 03:51 - 01141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-01-28 20:26 - 2016-01-05 03:23 - 00119320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-01-28 20:26 - 2016-01-05 03:16 - 00100160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-28 20:26 - 2016-01-05 02:57 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMSRoamingSecurity.dll
2016-01-28 20:26 - 2016-01-05 02:57 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
2016-01-28 20:26 - 2016-01-05 02:56 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-01-28 20:26 - 2016-01-05 02:52 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-01-28 20:26 - 2016-01-05 02:51 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-01-28 20:26 - 2016-01-05 02:51 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-01-28 20:26 - 2016-01-05 02:49 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-01-28 20:26 - 2016-01-05 02:49 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-01-28 20:26 - 2016-01-05 02:48 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll
2016-01-28 20:26 - 2016-01-05 02:47 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-01-28 20:26 - 2016-01-05 02:43 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-01-28 20:26 - 2016-01-05 02:42 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-01-28 20:26 - 2016-01-05 02:39 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-28 20:26 - 2016-01-05 02:36 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-01-27 20:43 - 2016-01-31 13:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-23 16:25 - 2016-01-23 16:25 - 00003860 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-01-23 16:24 - 2016-02-08 17:17 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-19 06:18 - 2016-01-19 06:18 - 00023098 _____ C:\Users\Sven\Downloads\LbsGeschichte.odt
2016-01-18 16:01 - 2016-01-18 16:01 - 00000000 ____D C:\Program Files (x86)\Realtek
2016-01-18 16:01 - 2016-01-18 16:00 - 09890008 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RsCRIcon.dll
2016-01-18 16:01 - 2016-01-18 16:00 - 00402136 _____ (Realsil Semiconductor Corporation) C:\WINDOWS\system32\Drivers\RtsUer.sys
2016-01-18 16:01 - 2016-01-18 16:00 - 00083160 _____ (Realtek Semiconductor.) C:\WINDOWS\system32\RtCRX64.dll

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-02-08 18:20 - 2015-12-16 13:05 - 02003182 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-08 18:20 - 2015-10-30 19:35 - 00852510 _____ C:\WINDOWS\system32\perfh007.dat
2016-02-08 18:20 - 2015-10-30 19:35 - 00187736 _____ C:\WINDOWS\system32\perfc007.dat
2016-02-08 18:20 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2016-02-08 18:18 - 2014-03-01 12:51 - 00000000 __RDO C:\Users\Sven\SkyDrive
2016-02-08 17:44 - 2015-12-16 13:31 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-08 17:43 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\L2Schemas
2016-02-08 17:43 - 2015-10-30 07:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-02-08 15:23 - 2014-03-14 08:53 - 00003608 _____ C:\WINDOWS\System32\Tasks\FileAdvisorCheck
2016-02-08 15:23 - 2014-03-14 08:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Type Advisor
2016-02-08 15:23 - 2014-03-14 08:53 - 00000000 ____D C:\Program Files (x86)\File Type Advisor
2016-02-08 14:08 - 2014-03-01 13:00 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B7B440A6-BB0D-44B9-BB3E-0513485A3D83}
2016-02-07 21:28 - 2015-10-30 07:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-02-07 19:00 - 2014-03-22 08:53 - 00000000 ____D C:\Users\Sven\AppData\Roaming\FileAdvisor
2016-02-06 18:44 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-05 13:36 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\rescache
2016-02-05 12:38 - 2015-12-27 18:42 - 00003230 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForSven
2016-02-05 12:38 - 2015-12-27 18:42 - 00000342 _____ C:\WINDOWS\Tasks\HPCeeScheduleForSven.job
2016-02-05 11:34 - 2014-06-10 19:14 - 00000000 ____D C:\Users\Sven\Documents\Feuerwehrverein
2016-02-05 11:26 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-02 20:10 - 2014-10-12 15:12 - 00000000 ____D C:\Users\Sven\AppData\Roaming\vlc
2016-02-02 15:49 - 2015-12-16 13:02 - 00000000 ____D C:\ProgramData\Package Cache
2016-02-02 15:48 - 2015-05-13 06:56 - 00003624 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask
2016-02-02 15:48 - 2015-05-13 06:56 - 00001970 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2016-02-02 15:48 - 2015-05-13 06:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2016-02-02 15:48 - 2015-05-13 06:56 - 00000000 ____D C:\Program Files (x86)\Garmin
2016-01-31 15:06 - 2014-03-01 14:57 - 00000000 ____D C:\Users\Sven\AppData\Roaming\XnView
2016-01-31 13:18 - 2014-03-01 12:36 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-01-31 13:17 - 2014-03-01 13:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-30 22:09 - 2015-10-30 08:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-01-30 22:09 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-01-30 22:09 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-01-30 22:09 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-01-30 22:09 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-01-30 22:09 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-30 22:09 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-01-30 18:04 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-29 15:44 - 2014-03-03 14:47 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-28 20:31 - 2014-03-03 14:47 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-01-23 16:25 - 2014-03-01 18:31 - 00000000 ____D C:\Users\Sven\AppData\Local\Adobe
2016-01-18 16:01 - 2014-02-05 07:00 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2016-01-18 16:00 - 2013-09-03 05:57 - 00000000 ____D C:\SWSETUP
2016-01-15 13:44 - 2016-01-01 13:01 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-15 13:44 - 2014-12-26 16:21 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-10-04 12:55 - 2014-10-11 14:58 - 0005120 _____ () C:\Users\Sven\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-03 12:33 - 2014-05-03 12:33 - 0009046 _____ () C:\Users\Sven\AppData\Local\recently-used.xbel
2014-03-14 09:02 - 2014-03-14 09:02 - 0001534 _____ () C:\ProgramData\ss.ini

Einige Dateien in TEMP:
====================
C:\Users\Sven\AppData\Local\Temp\avgnt.exe
C:\Users\Sven\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-01-30 18:01

==================== Ende von FRST.txt ============================
         
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:07-02-2016
durchgeführt von Sven (2016-02-08 18:24:12)
Gestartet von C:\Users\Sven\Downloads
Windows 10 Home (X64) (2015-12-16 12:56:03)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3896469874-4053130608-2395046965-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3896469874-4053130608-2395046965-503 - Limited - Disabled)
Gast (S-1-5-21-3896469874-4053130608-2395046965-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3896469874-4053130608-2395046965-1003 - Limited - Enabled)
Sven (S-1-5-21-3896469874-4053130608-2395046965-1001 - Administrator - Enabled) => C:\Users\Sven

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\AmUStor) (Version: 20.21.3317.03861 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver  (x32 Version: 20.21.3317.03861 - Alcor Micro Corp.) Hidden
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{DCDB976F-A83A-BFFB-59A1-B742F8300486}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.15.129 - Avira Operations GmbH & Co. KG)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite DCP-195C (HKLM-x32\...\{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
Crystal Reports XI Runtime Library (HKLM-x32\...\{C87EF9DB-603B-4EC2-8539-7575770AD5A8}) (Version: 3.1.2 - MP-SOFT-4-U)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6805 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3103 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3.4323 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3215 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3215 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3212 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.80 - DivX, LLC)
Elevated Installer (x32 Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden
EsR 1.0 (HKLM-x32\...\EsR) (Version: 1.0 - bhv Software GmbH & Co. KG)
File Type Advisor 1.2 (HKLM-x32\...\File Type Advisor_is1) (Version:  - filetypeadvisor.com)
FormatFactory 3.3.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.5.0 - Format Factory)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Garmin Express (HKLM-x32\...\{0733d53f-b41d-47cc-b336-d95751c4b2cb}) (Version: 4.1.16.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-3896469874-4053130608-2395046965-1001\...\HPConnectedMusic) (Version: 1.1 (build 128) hp - Meridian Audio Ltd)
HP Documentation (HKLM-x32\...\{06600E94-1C34-40E2-AB09-D30AECF78172}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7045.4591 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.51 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.1.40.3 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{B1AD4FFB-DD17-43EC-8C30-B9E71EAD9132}) (Version: 12.0.30.219 - Hewlett-Packard Company)
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6482.0 - IDT)
Inst5675 (Version: 8.00.51 - Softex Inc.) Hidden
Inst5676 (Version: 8.00.51 - Softex Inc.) Hidden
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Media Go (HKLM-x32\...\{1CBCA994-0290-49AD-98D3-9013A0F102E6}) (Version: 2.9.406 - Sony)
Media Go Network Downloader (HKLM-x32\...\{C52148B9-19E0-433A-9422-3451B1BEE20F}) (Version: 1.6.01.0 - Sony)
Media Go Video Playback Engine 2.16.103.12020 (HKLM-x32\...\{C38180CE-9165-E800-FAD3-F1AC427836B9}) (Version: 2.16.103.12020 - Sony)
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 5.1.6 - CEWE Stiftung u Co. KGaA)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 44.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 44.0 (x86 de)) (Version: 44.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.0.5866 - Mozilla)
MP-FEUER 2014 - Jugend (HKLM-x32\...\{D5ECEF53-157F-4B55-A774-162B399E3536}) (Version: 3.6.1 - MP-SOFT-4-U)
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 7.1.32.69 - )
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.7001 - CyberLink Corp.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Sony PC Companion 2.10.259 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.259 - Sony)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steuersparer 2014 (HKLM-x32\...\{485DBEA2-58E9-4136-9E6C-6C3022B02349}) (Version: 21.00.8480 - Buhl Data Service GmbH)
tax 2015 (HKLM-x32\...\{4CF96070-DEE5-43B5-B6A7-23AC07BC0C77}) (Version: 22.02.8861 - Buhl Data Service GmbH)
tax 2016 (HKLM-x32\...\{30E85B0C-57D8-4ECE-814B-264550A92FAB}) (Version: 23.00.1146 - Buhl Data Service GmbH)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-3896469874-4053130608-2395046965-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Sven\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {019CBC89-1D8E-46D3-931C-A2C5FAFD864C} - System32\Tasks\FileAdvisorCheck => C:\Program Files (x86)\File Type Advisor\file-type-advisor.exe [2013-08-14] (filetypeadvisor.com                                         )
Task: {09457ED8-88E5-4448-8D3A-7FE99E5939DD} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {0E585D37-9C39-46EA-A58E-E67BC39945C4} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {152CDF23-8A87-48F4-94DF-562C47309197} - System32\Tasks\AviraSpeedup => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [2014-12-09] (Avira Operations GmbH & Co. KG)
Task: {1A852541-1C78-4FF9-8562-EEA33D432BB7} - System32\Tasks\FileAdvisorUpdate => C:\Program Files (x86)\File Type Advisor\fileadvisor.exe [2013-08-14] (File Type Advisor)
Task: {27710FE8-04B5-47DD-B72A-DD4E56F1BDB7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-01-06] (Hewlett-Packard)
Task: {27E0E55C-10EB-45F2-8FED-B0C7505A34C3} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {3F19281D-6B48-4C11-99AD-EE0AF77A5C6B} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {413A63F3-CA1E-4B85-B830-CED4EEC12ED5} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {48F16A4A-FAF6-460B-BF25-D422CCE1BC60} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {4E43793B-3DF9-43D8-8EA5-9BBF8685E350} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-01-12] (Hewlett-Packard Company)
Task: {50155064-DECD-4647-9639-5DF0D5AB2C0E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {5349EBD4-97C6-4807-BCAB-C402926FCCC7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {5476C563-D9BC-4EDC-BA41-A8BE19954FD8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {5D51C8A0-5EC0-41BD-A906-3162722FA1C6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {6211D070-99E0-4DED-A13F-52493BD719CF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {6388BAFC-0150-4432-BDF7-8B261E97E9C7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-01-20] (Hewlett-Packard)
Task: {6CBC2F47-C9B0-4040-A82E-CBEE47851BEA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {6E893CB8-7034-4B13-A5DF-0A3FF7EB5D9C} - System32\Tasks\HPCeeScheduleForSven => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {777F3E62-A613-4228-8C9B-C3E9C638E371} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {7E4E7FF3-E523-4AB8-91A1-6E863A7E8178} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {7EC75E1F-EEFA-40A1-B4D2-038724FE2F67} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {7EED3EF5-0E3B-4F27-801D-655D45628A3A} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {95276190-3CCB-4196-B6C2-E759FD73C2D1} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-01-28] (Microsoft Corporation)
Task: {9BC28C3C-3161-4095-A131-C9ACF14681EB} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {ACF97461-4287-42AC-8A1C-DA4EC345EFB9} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {BF0D8677-DDF7-48F9-B3E6-48691E3E7553} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-01-28] ()
Task: {DBED7EAD-2721-4E36-A73F-4A511FD36546} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {ED20387E-4EEC-4A2B-B131-A70898FCC4BC} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-23] (Adobe Systems Incorporated)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForSven.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2013-09-05 12:22 - 2013-09-05 12:22 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
2013-09-05 12:24 - 2013-09-05 12:24 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2013-09-05 12:24 - 2013-09-05 12:24 - 02540544 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-09-05 12:21 - 2013-09-05 12:21 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-09-05 12:21 - 2013-09-05 12:21 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-09-05 12:21 - 2013-09-05 12:21 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-09-05 12:36 - 2013-09-05 12:36 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-09-05 12:36 - 2013-09-05 12:36 - 01298832 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-16 12:53 - 2015-12-16 12:53 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-16 12:53 - 2015-12-16 12:53 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-01-22 12:17 - 2016-01-22 12:17 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-01-28 20:27 - 2016-01-05 02:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-18 12:57 - 2015-12-07 05:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-18 12:57 - 2015-12-07 05:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-28 20:27 - 2016-01-05 02:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-28 20:27 - 2016-01-05 02:24 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-01-28 20:27 - 2016-01-16 06:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-28 20:27 - 2016-01-16 06:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2013-09-05 12:31 - 2013-09-05 12:31 - 00064000 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2014-01-10 06:26 - 2014-01-10 06:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2013-08-09 18:11 - 2013-08-09 18:11 - 00607744 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\JobCapsA.DLL
2016-02-07 20:07 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-02-07 20:07 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-02-07 20:07 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-02-07 20:07 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-02-07 20:07 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2016-01-22 12:17 - 2016-01-22 12:17 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-22 12:17 - 2016-01-22 12:17 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2014-01-10 06:28 - 2014-01-10 06:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-02-05 07:02 - 2013-08-05 08:49 - 00627672 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-06 00:48 - 2013-08-06 00:48 - 00016856 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3896469874-4053130608-2395046965-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Sven\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\rs3267_2014zrteam297bluepresse.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\...\StartupApproved\Run32: => "ApnTBMon"
HKLM\...\StartupApproved\Run32: => "BrMfcWnd"
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001\...\StartupApproved\Run: => "Sony PC Companion"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{02AD2C58-092B-4DFD-B1B0-E4FCEB82C374}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1E83930C-6F68-40A1-8997-92DBA568B38F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{F4BFFE7C-0A7C-46A0-9294-E8C474452702}C:\program files (x86)\xider\esr\game.exe] => (Allow) C:\program files (x86)\xider\esr\game.exe
FirewallRules: [TCP Query User{98A1FDCD-CF24-4720-9F79-076FD617A201}C:\program files (x86)\xider\esr\game.exe] => (Allow) C:\program files (x86)\xider\esr\game.exe
FirewallRules: [{CF98AF81-AF0F-416D-934A-BF7450165545}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3C4817AD-98BE-4D11-8999-FD0000761E4F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2BCFC008-9902-467C-8420-2165A6FBBA22}] => (Allow) LPort=1900
FirewallRules: [{1DB9A553-C6A2-4FEE-B78A-90278036CF44}] => (Allow) LPort=2869
FirewallRules: [{482499AD-7FE3-4135-8514-013A8160D7A9}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{453E056A-4726-43DF-ABC4-6A4AA631C8B6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AD8835D1-973E-49FC-B6DD-4B342599466A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EB1185B0-31B7-4B56-BF59-6BE1F5DB9E2F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{81EF1E91-0F55-4CEE-B7BA-230979FEDB47}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{569C8DDD-2DB0-415E-A842-5563AA6281EF}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{CA14A7EB-BA25-469B-8251-5208C87AC061}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{49FA6AA0-7C84-4359-A4C9-59E94B61E5C9}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{30599DBD-7D5D-457E-A3D5-3035932D89F1}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{63DB04AA-0E95-4681-BC31-3F830D09D4ED}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{88CD4720-0781-438F-81B3-5C00CB4AF90E}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{B7654C57-EB09-4B44-85F7-DCC0671D99FD}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{CDFB26C4-9CDB-48EA-86D5-DDD8DC01427A}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{6CA10F33-0A06-44BD-B896-D59EF4CF9837}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{F9150134-08C6-4B61-8B02-40718027197E}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{8F5A0E16-51D6-48E6-AD6A-F939AC46F01C}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Wiederherstellungspunkte =========================

07-02-2016 19:01:25 Removed Java 8 Update 45

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: AMD Radeon HD 7660D
Description: AMD Radeon HD 7660D
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: Advanced Micro Devices, Inc.
Service: amdkmdap
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 

Name: AMD Radeon HD 7660D + R7 240 Dual Graphics
Description: AMD Radeon HD 7660D + R7 240 Dual Graphics
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: Advanced Micro Devices, Inc.
Service: amdkmdap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (02/08/2016 06:18:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MOM.exe, Version: 4.5.0.0, Zeitstempel: 0x53ad0e3f
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.10586.0, Zeitstempel: 0x5632d1de
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000071f08
ID des fehlerhaften Prozesses: 0x20c8
Startzeit der fehlerhaften Anwendung: 0xMOM.exe0
Pfad der fehlerhaften Anwendung: MOM.exe1
Pfad des fehlerhaften Moduls: MOM.exe2
Berichtskennung: MOM.exe3
Vollständiger Name des fehlerhaften Pakets: MOM.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MOM.exe5

Error: (02/08/2016 06:18:34 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: MOM.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.IO.FileLoadException
   bei ATI.ACE.MOM.Implementation.MOM.Main(System.String[])

Ausnahmeinformationen: System.Reflection.TargetInvocationException
   bei System.RuntimeMethodHandle.InvokeMethod(System.Object, System.Object[], System.Signature, Boolean)
   bei System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(System.Object, System.Object[], System.Object[])
   bei System.Reflection.RuntimeMethodInfo.Invoke(System.Object, System.Reflection.BindingFlags, System.Reflection.Binder, System.Object[], System.Globalization.CultureInfo)
   bei System.RuntimeType.InvokeMember(System.String, System.Reflection.BindingFlags, System.Reflection.Binder, System.Object, System.Object[], System.Reflection.ParameterModifier[], System.Globalization.CultureInfo, System.String[])
   bei System.Type.InvokeMember(System.String, System.Reflection.BindingFlags, System.Reflection.Binder, System.Object, System.Object[])
   bei ATI.ACE.MOM.EXE.MOM.Main(System.String[])

Error: (02/08/2016 05:47:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: atieclxx.exe, Version: 6.14.11.1199, Zeitstempel: 0x563a76a9
Name des fehlerhaften Moduls: atieclxx.exe, Version: 6.14.11.1199, Zeitstempel: 0x563a76a9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000425c6
ID des fehlerhaften Prozesses: 0x708
Startzeit der fehlerhaften Anwendung: 0xatieclxx.exe0
Pfad der fehlerhaften Anwendung: atieclxx.exe1
Pfad des fehlerhaften Moduls: atieclxx.exe2
Berichtskennung: atieclxx.exe3
Vollständiger Name des fehlerhaften Pakets: atieclxx.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: atieclxx.exe5

Error: (02/08/2016 05:45:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MOM.exe, Version: 4.5.0.0, Zeitstempel: 0x53ad0e3f
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.10586.0, Zeitstempel: 0x5632d1de
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000071f08
ID des fehlerhaften Prozesses: 0x18b4
Startzeit der fehlerhaften Anwendung: 0xMOM.exe0
Pfad der fehlerhaften Anwendung: MOM.exe1
Pfad des fehlerhaften Moduls: MOM.exe2
Berichtskennung: MOM.exe3
Vollständiger Name des fehlerhaften Pakets: MOM.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MOM.exe5

Error: (02/08/2016 05:45:15 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: MOM.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.IO.FileLoadException
   bei ATI.ACE.MOM.Implementation.MOM.Main(System.String[])

Ausnahmeinformationen: System.Reflection.TargetInvocationException
   bei System.RuntimeMethodHandle.InvokeMethod(System.Object, System.Object[], System.Signature, Boolean)
   bei System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(System.Object, System.Object[], System.Object[])
   bei System.Reflection.RuntimeMethodInfo.Invoke(System.Object, System.Reflection.BindingFlags, System.Reflection.Binder, System.Object[], System.Globalization.CultureInfo)
   bei System.RuntimeType.InvokeMember(System.String, System.Reflection.BindingFlags, System.Reflection.Binder, System.Object, System.Object[], System.Reflection.ParameterModifier[], System.Globalization.CultureInfo, System.String[])
   bei System.Type.InvokeMember(System.String, System.Reflection.BindingFlags, System.Reflection.Binder, System.Object, System.Object[])
   bei ATI.ACE.MOM.EXE.MOM.Main(System.String[])

Error: (02/08/2016 05:42:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: atieclxx.exe, Version: 6.14.11.1199, Zeitstempel: 0x563a76a9
Name des fehlerhaften Moduls: atieclxx.exe, Version: 6.14.11.1199, Zeitstempel: 0x563a76a9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000425c6
ID des fehlerhaften Prozesses: 0x1df8
Startzeit der fehlerhaften Anwendung: 0xatieclxx.exe0
Pfad der fehlerhaften Anwendung: atieclxx.exe1
Pfad des fehlerhaften Moduls: atieclxx.exe2
Berichtskennung: atieclxx.exe3
Vollständiger Name des fehlerhaften Pakets: atieclxx.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: atieclxx.exe5

Error: (02/08/2016 02:19:43 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: CTLCN BrtCTLCN: [2016/02/08 14:19:43.449]: [00008384]: brccFCtl.dll: ### ERROR ### Brother OCR not installed

Error: (02/08/2016 02:06:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MOM.exe, Version: 4.5.0.0, Zeitstempel: 0x53ad0e3f
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.10586.0, Zeitstempel: 0x5632d1de
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000071f08
ID des fehlerhaften Prozesses: 0x23e8
Startzeit der fehlerhaften Anwendung: 0xMOM.exe0
Pfad der fehlerhaften Anwendung: MOM.exe1
Pfad des fehlerhaften Moduls: MOM.exe2
Berichtskennung: MOM.exe3
Vollständiger Name des fehlerhaften Pakets: MOM.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MOM.exe5

Error: (02/08/2016 02:06:06 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: MOM.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.IO.FileLoadException
   bei ATI.ACE.MOM.Implementation.MOM.Main(System.String[])

Ausnahmeinformationen: System.Reflection.TargetInvocationException
   bei System.RuntimeMethodHandle.InvokeMethod(System.Object, System.Object[], System.Signature, Boolean)
   bei System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(System.Object, System.Object[], System.Object[])
   bei System.Reflection.RuntimeMethodInfo.Invoke(System.Object, System.Reflection.BindingFlags, System.Reflection.Binder, System.Object[], System.Globalization.CultureInfo)
   bei System.RuntimeType.InvokeMember(System.String, System.Reflection.BindingFlags, System.Reflection.Binder, System.Object, System.Object[], System.Reflection.ParameterModifier[], System.Globalization.CultureInfo, System.String[])
   bei System.Type.InvokeMember(System.String, System.Reflection.BindingFlags, System.Reflection.Binder, System.Object, System.Object[])
   bei ATI.ACE.MOM.EXE.MOM.Main(System.String[])

Error: (02/07/2016 09:58:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: atieclxx.exe, Version: 6.14.11.1199, Zeitstempel: 0x563a76a9
Name des fehlerhaften Moduls: atieclxx.exe, Version: 6.14.11.1199, Zeitstempel: 0x563a76a9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000425c6
ID des fehlerhaften Prozesses: 0x62c
Startzeit der fehlerhaften Anwendung: 0xatieclxx.exe0
Pfad der fehlerhaften Anwendung: atieclxx.exe1
Pfad des fehlerhaften Moduls: atieclxx.exe2
Berichtskennung: atieclxx.exe3
Vollständiger Name des fehlerhaften Pakets: atieclxx.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: atieclxx.exe5


Systemfehler:
=============
Error: (02/08/2016 05:47:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CyberLink PowerDVD 12 Media Server Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/08/2016 05:47:51 PM) (Source: DCOM) (EventID: 10010) (User: PCSASV)
Description: {260EB9DE-5CBE-4BFF-A99A-3710AF55BF1E}

Error: (02/08/2016 05:47:50 PM) (Source: DCOM) (EventID: 10010) (User: PCSASV)
Description: {260EB9DE-5CBE-4BFF-A99A-3710AF55BF1E}

Error: (02/08/2016 05:47:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenzugriff_4d49c" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/08/2016 05:47:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenspeicher _4d49c" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/08/2016 05:47:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Kontaktdaten_4d49c" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/08/2016 05:47:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Synchronisierungshost_4d49c" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/08/2016 05:47:46 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (02/08/2016 05:46:28 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{3185A766-B338-11E4-A71E-12E3F512A338}{7006698D-2974-4091-A424-85DD0B909E23}NT-AUTORITÄTNetzwerkdienstS-1-5-20LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (02/08/2016 05:46:26 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{3185A766-B338-11E4-A71E-12E3F512A338}{7006698D-2974-4091-A424-85DD0B909E23}NT-AUTORITÄTNetzwerkdienstS-1-5-20LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar


CodeIntegrity:
===================================
  Date: 2016-01-31 13:21:46.897
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-07 11:36:50.478
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-03 16:05:34.294
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-31 16:30:27.386
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-23 17:19:04.107
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-18 13:17:27.488
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-17 12:55:14.277
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-16 13:29:31.394
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-16 12:59:28.218
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Speicherinformationen =========================== 

Prozessor: AMD A10-5700 APU with Radeon(tm) HD Graphics 
Prozentuale Nutzung des RAM: 20%
Installierter physikalischer RAM: 11461.12 MB
Verfügbarer physikalischer RAM: 9136.15 MB
Summe virtueller Speicher: 13189.12 MB
Verfügbarer virtueller Speicher: 10890.86 MB

==================== Laufwerke ================================

Drive c: (Windows) (Fixed) (Total:919.25 GB) (Free:834.99 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (Recovery Image) (Fixed) (Total:10.34 GB) (Free:1.26 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive h: (SVEN) (Removable) (Total:28.88 GB) (Free:27.05 GB) FAT32

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 7256B80C)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 28.9 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=28.9 GB) - (Type=0C)

==================== Ende von Addition.txt ============================
         
__________________

Alt 08.02.2016, 18:50   #4
SvenFeuer
 
Zip Datei entpakt, welche ein Javaskript enthält! Und nun? - Standard

Zip Datei entpakt, welche ein Javaskript enthält! Und nun?



Farbar recovery:
Code:
ATTFilter
18:33:56.0148 0x238c  TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
18:33:56.0148 0x238c  UEFI system
18:34:46.0312 0x238c  ============================================================
18:34:46.0312 0x238c  Current date / time: 2016/02/08 18:34:46.0312
18:34:46.0312 0x238c  SystemInfo:
18:34:46.0327 0x238c  
18:34:46.0327 0x238c  OS Version: 10.0.10586 ServicePack: 0.0
18:34:46.0327 0x238c  Product type: Workstation
18:34:46.0327 0x238c  ComputerName: PCSASV
18:34:46.0327 0x238c  UserName: Sven
18:34:46.0327 0x238c  Windows directory: C:\WINDOWS
18:34:46.0327 0x238c  System windows directory: C:\WINDOWS
18:34:46.0327 0x238c  Running under WOW64
18:34:46.0327 0x238c  Processor architecture: Intel x64
18:34:46.0327 0x238c  Number of processors: 4
18:34:46.0327 0x238c  Page size: 0x1000
18:34:46.0327 0x238c  Boot type: Normal boot
18:34:46.0327 0x238c  ============================================================
18:34:46.0649 0x238c  KLMD registered as C:\WINDOWS\system32\drivers\33141729.sys
18:34:47.0171 0x238c  System UUID: {2F4AC754-3E9D-9272-F6B8-F605FBD77ED5}
18:34:48.0189 0x238c  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:34:48.0197 0x238c  Drive \Device\Harddisk1\DR1 - Size: 0x739800000 ( 28.90 Gb ), SectorSize: 0x200, Cylinders: 0xEBC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:34:48.0276 0x238c  Drive \Device\Harddisk3\DR3 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:34:48.0289 0x238c  ============================================================
18:34:48.0289 0x238c  \Device\Harddisk0\DR0:
18:34:48.0290 0x238c  GPT partitions:
18:34:48.0314 0x238c  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {63818925-0AED-4F90-920C-080EE5E01927}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x1FF800
18:34:48.0314 0x238c  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {FEB207DC-04F2-4F36-8490-94FCA7835058}, Name: EFI system partition, StartLBA 0x200000, BlocksNum 0xB4000
18:34:48.0314 0x238c  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {7D42F40A-3578-4A55-AA0B-6144CA6CB6DE}, Name: Microsoft reserved partition, StartLBA 0x2B4000, BlocksNum 0x40000
18:34:48.0314 0x238c  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {A3815483-DE5F-4C04-AED9-7F52279BD732}, Name: Basic data partition, StartLBA 0x2F4000, BlocksNum 0x72E82800
18:34:48.0314 0x238c  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {6D161EE8-FBD7-476C-B4E9-45CF7B4E0CD2}, Name: , StartLBA 0x73176800, BlocksNum 0xE1000
18:34:48.0314 0x238c  \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {F1C65DDB-B95F-4E5A-B880-996A6B3224EF}, Name: Basic data partition, StartLBA 0x73257800, BlocksNum 0x14AC800
18:34:48.0314 0x238c  MBR partitions:
18:34:48.0314 0x238c  \Device\Harddisk1\DR1:
18:34:48.0315 0x238c  MBR partitions:
18:34:48.0315 0x238c  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x39CA080
18:34:48.0315 0x238c  \Device\Harddisk3\DR3:
18:34:48.0316 0x238c  MBR partitions:
18:34:48.0316 0x238c  \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x747051C1
18:34:48.0316 0x238c  ============================================================
18:34:48.0332 0x238c  C: <-> \Device\Harddisk0\DR0\Partition4
18:34:48.0368 0x238c  D: <-> \Device\Harddisk0\DR0\Partition6
18:34:48.0703 0x238c  G: <-> \Device\Harddisk3\DR3\Partition1
18:34:48.0703 0x238c  ============================================================
18:34:48.0703 0x238c  Initialize success
18:34:48.0703 0x238c  ============================================================
18:35:44.0144 0x1e84  ============================================================
18:35:44.0144 0x1e84  Scan started
18:35:44.0144 0x1e84  Mode: Manual; SigCheck; TDLFS; 
18:35:44.0144 0x1e84  ============================================================
18:35:44.0144 0x1e84  KSN ping started
18:35:46.0576 0x1e84  KSN ping finished: true
18:35:49.0070 0x1e84  ================ Scan system memory ========================
18:35:49.0070 0x1e84  System memory - ok
18:35:49.0071 0x1e84  ================ Scan services =============================
18:35:49.0202 0x1e84  1394ohci - ok
18:35:49.0210 0x1e84  3ware - ok
18:35:49.0219 0x1e84  ACPI - ok
18:35:49.0225 0x1e84  acpiex - ok
18:35:49.0232 0x1e84  acpipagr - ok
18:35:49.0245 0x1e84  AcpiPmi - ok
18:35:49.0250 0x1e84  acpitime - ok
18:35:49.0341 0x1e84  [ F2CEEE9ABBCEF207ACB103215AC28BC2, F8F8B8AF6317926D7AC0CA2CA23628B2C69327A2792D58D3328443C5ED9514E9 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:35:49.0402 0x1e84  AdobeARMservice - ok
18:35:49.0504 0x1e84  [ 295A5BFCE8D225D014DB4E6E69336279, F786F06F0EE3253FA936FA5D73FD9AC704FAB19BE76C60C65AEAD399DC93F9C5 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:35:49.0526 0x1e84  AdobeFlashPlayerUpdateSvc - ok
18:35:49.0534 0x1e84  ADP80XX - ok
18:35:49.0554 0x1e84  AFD - ok
18:35:49.0558 0x1e84  agp440 - ok
18:35:49.0562 0x1e84  ahcache - ok
18:35:49.0568 0x1e84  AJRouter - ok
18:35:49.0581 0x1e84  ALG - ok
18:35:49.0611 0x1e84  [ BBADD85854BFB5D43C60B7AC8EEA3DBA, 968C043ABEA46F5C79525863B3FE2681AC0FA4202036C9EFD20B408DECF407E2 ] AMD External Events Utility C:\WINDOWS\system32\atiesrxx.exe
18:35:49.0631 0x1e84  AMD External Events Utility - ok
18:35:49.0752 0x1e84  [ DE51F5BB5C05D4C831ECB6E1A70E1B5E, 465834210ACE469481F75EDBB8532386029BD5277C41D084134E9E71B9BD8371 ] AMD FUEL Service C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
18:35:49.0782 0x1e84  AMD FUEL Service - ok
18:35:49.0788 0x1e84  AmdK8 - ok
18:35:49.0798 0x1e84  [ F2FF8C1B41B3784EDBD5C6D5397F403C, 104873700D2BDF4812DC48200B4609F46A63E7A50594A0599100EF1438863708 ] amdkmafd        C:\WINDOWS\system32\drivers\amdkmafd.sys
18:35:49.0807 0x1e84  amdkmafd - ok
18:35:49.0812 0x1e84  amdkmdag - ok
18:35:49.0843 0x1e84  [ 17BA5C907E14947574CBB788F4CEB85F, EAA3DBF436637C58666A91905E388287FC54334EBB2589A00727EB09AC4870E3 ] amdkmdap        C:\WINDOWS\system32\DRIVERS\atikmpag.sys
18:35:49.0871 0x1e84  amdkmdap - ok
18:35:49.0877 0x1e84  AmdPPM - ok
18:35:49.0881 0x1e84  amdsata - ok
18:35:49.0886 0x1e84  amdsbs - ok
18:35:49.0891 0x1e84  amdxata - ok
18:35:49.0913 0x1e84  [ E5F36F2FF6E8BC2E9E51655489EA753D, 83A7BA29D411C039511A9306C0136099572EE8E306E1C87207F3E721568C0136 ] AmUStor         C:\WINDOWS\system32\drivers\AmUStor.SYS
18:35:49.0923 0x1e84  AmUStor - ok
18:35:49.0983 0x1e84  [ 81E02299B534F61E104C1235519C37B3, B389458C13A0E0717365B7CE371A6B768EB2F98C4CDBAA6DCBBBDE3A2B1D8B14 ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
18:35:50.0012 0x1e84  AntiVirMailService - ok
18:35:50.0036 0x1e84  [ 3CBE5047BB08BD363420D68364F9E829, 7A6C59E9B98C1A50CB5FB895050127C5A433BA825D3832FC6DDA2A41AE986543 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
18:35:50.0056 0x1e84  AntiVirSchedulerService - ok
18:35:50.0077 0x1e84  [ 3CBE5047BB08BD363420D68364F9E829, 7A6C59E9B98C1A50CB5FB895050127C5A433BA825D3832FC6DDA2A41AE986543 ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
18:35:50.0094 0x1e84  AntiVirService - ok
18:35:50.0137 0x1e84  [ CAA9D66CA6D21AF0AE7DA01D5AC6CC2F, 827400CFB53026757B3D75B6C5AC7BBECE7E62B335160C18CBF6A41047F4A400 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
18:35:50.0176 0x1e84  AntiVirWebService - ok
18:35:50.0191 0x1e84  [ C3D487827E48CC5EC17994FEC5BDFF87, 5FCEA3EEA583755D0C9F6005ED3032E9DFECB57F504DC67701AE7D2D2631C30E ] AODDriver4.3    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
18:35:50.0198 0x1e84  AODDriver4.3 - ok
18:35:50.0238 0x1e84  AppHostSvc - ok
18:35:50.0243 0x1e84  AppID - ok
18:35:50.0254 0x1e84  AppIDSvc - ok
18:35:50.0263 0x1e84  Appinfo - ok
18:35:50.0273 0x1e84  AppReadiness - ok
18:35:50.0278 0x1e84  AppXSvc - ok
18:35:50.0283 0x1e84  arcsas - ok
18:35:50.0349 0x1e84  aspnet_state - ok
18:35:50.0358 0x1e84  AsyncMac - ok
18:35:50.0366 0x1e84  atapi - ok
18:35:50.0387 0x1e84  [ 0966FD5BAB1F9BE200875E9EED0A0A13, F4BE70C0581B51ED6DAE6412A5FF74AE310BF88DE89C5A5E5880BEED543B01D7 ] AtiHDAudioService C:\WINDOWS\system32\drivers\AtihdWT6.sys
18:35:50.0414 0x1e84  AtiHDAudioService - ok
18:35:50.0428 0x1e84  AudioEndpointBuilder - ok
18:35:50.0432 0x1e84  Audiosrv - ok
18:35:50.0458 0x1e84  [ CF233C89DEFF6BCA1F65BE3DA0C1A306, B718A59CFC0E3A9ED4E8C690390F54C96828C5A4C2790C2E98075DB4484240D6 ] avgntflt        C:\WINDOWS\system32\DRIVERS\avgntflt.sys
18:35:50.0469 0x1e84  avgntflt - ok
18:35:50.0490 0x1e84  [ 4764D299855174D6B5C7DA853B490029, 6E2C8E25DC3C38EEAAA1221E515AC06C2EDC0A71CF2F7762E8DFCC55938D59B3 ] avipbb          C:\WINDOWS\system32\DRIVERS\avipbb.sys
18:35:50.0500 0x1e84  avipbb - ok
18:35:50.0516 0x1e84  [ 79F7741A773FF194EEC64A8161AE26D5, 3DDEA5FBDCB74A2BACC895A44C8C2A947F09E2649ED61D781E99DD61DBFACA5D ] avkmgr          C:\WINDOWS\system32\DRIVERS\avkmgr.sys
18:35:50.0524 0x1e84  avkmgr - ok
18:35:50.0546 0x1e84  [ E477AF94ACCCF99A0E56D71D450DCCCB, C97756A4E82EC7EF8268967B10DEBAAEDB746B2846CA2BFD68E1B7DBBAE7901A ] avnetflt        C:\WINDOWS\system32\DRIVERS\avnetflt.sys
18:35:50.0555 0x1e84  avnetflt - ok
18:35:50.0560 0x1e84  AxInstSV - ok
18:35:50.0564 0x1e84  b06bdrv - ok
18:35:50.0568 0x1e84  BasicDisplay - ok
18:35:50.0573 0x1e84  BasicRender - ok
18:35:50.0580 0x1e84  bcmfn - ok
18:35:50.0584 0x1e84  bcmfn2 - ok
18:35:50.0588 0x1e84  BDESVC - ok
18:35:50.0593 0x1e84  Beep - ok
18:35:50.0617 0x1e84  BFE - ok
18:35:50.0624 0x1e84  BITS - ok
18:35:50.0670 0x1e84  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:35:50.0688 0x1e84  Bonjour Service - ok
18:35:50.0693 0x1e84  bowser - ok
18:35:50.0697 0x1e84  BrokerInfrastructure - ok
18:35:50.0702 0x1e84  Browser - ok
18:35:50.0707 0x1e84  BthAvrcpTg - ok
18:35:50.0711 0x1e84  BthHFEnum - ok
18:35:50.0717 0x1e84  bthhfhid - ok
18:35:50.0721 0x1e84  BthHFSrv - ok
18:35:50.0726 0x1e84  BTHMODEM - ok
18:35:50.0732 0x1e84  bthserv - ok
18:35:50.0737 0x1e84  buttonconverter - ok
18:35:50.0778 0x1e84  [ 112FDF0466ACFC33A240965F13963F06, A16D318F0CC83E5B92D6104B4E6F4A78829F8F5EC65E018908810C6C8B4156CE ] Cachedrv server C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
18:35:50.0787 0x1e84  Cachedrv server - detected UnsignedFile.Multi.Generic ( 1 )
18:35:53.0265 0x1e84  Detect skipped due to KSN trusted
18:35:53.0265 0x1e84  Cachedrv server - ok
18:35:53.0288 0x1e84  CapImg - ok
18:35:53.0296 0x1e84  cdfs - ok
18:35:53.0305 0x1e84  CDPSvc - ok
18:35:53.0313 0x1e84  cdrom - ok
18:35:53.0322 0x1e84  CertPropSvc - ok
18:35:53.0331 0x1e84  circlass - ok
18:35:53.0336 0x1e84  CLFS - ok
18:35:53.0341 0x1e84  ClipSVC - ok
18:35:53.0376 0x1e84  [ 3E76A1547F2448BCEE3D2F4AE3931AB5, 31B41723FAA4210A86B1AE02D6C052BD8B738C4B89FB0177C1AE997D24BA5B8C ] CLVirtualDrive  C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys
18:35:53.0386 0x1e84  CLVirtualDrive - ok
18:35:53.0390 0x1e84  CmBatt - ok
18:35:53.0395 0x1e84  CNG - ok
18:35:53.0400 0x1e84  cnghwassist - ok
18:35:53.0443 0x1e84  CompositeBus - ok
18:35:53.0448 0x1e84  COMSysApp - ok
18:35:53.0453 0x1e84  condrv - ok
18:35:53.0458 0x1e84  CoreMessagingRegistrar - ok
18:35:53.0468 0x1e84  CryptSvc - ok
18:35:53.0525 0x1e84  [ 045754058F795DFE189688CEF5F76527, 47D69E2D86290CF448C252A8D8286E1D1A2BCE781B9AB0922A52D212F75D9821 ] CyberLink PowerDVD 12 Media Server Monitor Service c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
18:35:53.0533 0x1e84  CyberLink PowerDVD 12 Media Server Monitor Service - ok
18:35:53.0542 0x1e84  [ F1E67A27BF26C2C82C4E4390DF7E14CC, 0EA04D1E2C8B2DC3DAA222BFBB4A59F45F1D759AC2AEC96DFC53EFBEB2D8D263 ] CyberLink PowerDVD 12 Media Server Service c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
18:35:53.0557 0x1e84  CyberLink PowerDVD 12 Media Server Service - ok
18:35:53.0562 0x1e84  dam - ok
18:35:53.0569 0x1e84  DcomLaunch - ok
18:35:53.0575 0x1e84  DcpSvc - ok
18:35:53.0579 0x1e84  defragsvc - ok
18:35:53.0584 0x1e84  DeviceAssociationService - ok
18:35:53.0606 0x1e84  DeviceInstall - ok
18:35:53.0610 0x1e84  DevQueryBroker - ok
18:35:53.0615 0x1e84  Dfsc - ok
18:35:53.0654 0x1e84  [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus      C:\WINDOWS\system32\DRIVERS\ssudbus.sys
18:35:53.0664 0x1e84  dg_ssudbus - ok
18:35:53.0669 0x1e84  Dhcp - ok
18:35:53.0708 0x1e84  diagnosticshub.standardcollector.service - ok
18:35:53.0712 0x1e84  DiagTrack - ok
18:35:53.0718 0x1e84  disk - ok
18:35:53.0730 0x1e84  DmEnrollmentSvc - ok
18:35:53.0735 0x1e84  dmvsc - ok
18:35:53.0740 0x1e84  dmwappushservice - ok
18:35:53.0745 0x1e84  Dnscache - ok
18:35:53.0753 0x1e84  dot3svc - ok
18:35:53.0758 0x1e84  DPS - ok
18:35:53.0798 0x1e84  drmkaud - ok
18:35:53.0802 0x1e84  DsmSvc - ok
18:35:53.0807 0x1e84  DsSvc - ok
18:35:53.0812 0x1e84  DXGKrnl - ok
18:35:53.0816 0x1e84  Eaphost - ok
18:35:53.0821 0x1e84  ebdrv - ok
18:35:53.0827 0x1e84  EFS - ok
18:35:53.0832 0x1e84  EhStorClass - ok
18:35:53.0837 0x1e84  EhStorTcgDrv - ok
18:35:53.0843 0x1e84  embeddedmode - ok
18:35:53.0848 0x1e84  EntAppSvc - ok
18:35:53.0853 0x1e84  ErrDev - ok
18:35:53.0880 0x1e84  EventSystem - ok
18:35:53.0885 0x1e84  exfat - ok
18:35:53.0889 0x1e84  fastfat - ok
18:35:53.0895 0x1e84  Fax - ok
18:35:53.0899 0x1e84  fdc - ok
18:35:53.0904 0x1e84  fdPHost - ok
18:35:53.0909 0x1e84  FDResPub - ok
18:35:53.0914 0x1e84  fhsvc - ok
18:35:53.0920 0x1e84  FileCrypt - ok
18:35:53.0926 0x1e84  FileInfo - ok
18:35:53.0930 0x1e84  Filetrace - ok
18:35:53.0935 0x1e84  flpydisk - ok
18:35:53.0941 0x1e84  FltMgr - ok
18:35:53.0946 0x1e84  FontCache - ok
18:35:54.0003 0x1e84  FontCache3.0.0.0 - ok
18:35:54.0007 0x1e84  FsDepends - ok
18:35:54.0012 0x1e84  Fs_Rec - ok
18:35:54.0017 0x1e84  fvevol - ok
18:35:54.0022 0x1e84  gagp30kx - ok
18:35:54.0095 0x1e84  [ 8C0A6229A1256930DEF4D79B2C0BA25C, 2C4EA836494F148E7C83FC81593305E986C8E2D801A35903CF603FC86D925DCE ] Garmin Device Interaction Service C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
18:35:54.0121 0x1e84  Garmin Device Interaction Service - ok
18:35:54.0127 0x1e84  gencounter - ok
18:35:54.0131 0x1e84  genericusbfn - ok
18:35:54.0135 0x1e84  GPIOClx0101 - ok
18:35:54.0139 0x1e84  gpsvc - ok
18:35:54.0144 0x1e84  GpuEnergyDrv - ok
18:35:54.0149 0x1e84  HDAudBus - ok
18:35:54.0153 0x1e84  HidBatt - ok
18:35:54.0157 0x1e84  HidBth - ok
18:35:54.0162 0x1e84  hidi2c - ok
18:35:54.0167 0x1e84  hidinterrupt - ok
18:35:54.0171 0x1e84  HidIr - ok
18:35:54.0175 0x1e84  hidserv - ok
18:35:54.0180 0x1e84  HidUsb - ok
18:35:54.0201 0x1e84  HomeGroupListener - ok
18:35:54.0215 0x1e84  HomeGroupProvider - ok
18:35:54.0291 0x1e84  [ 7B7DE6B3DC30F3246958F42C67A6F7BB, 4B66B90CFEC2231B905B21DECC4EC7C6500E546F080A452EF67E724EDF37ADD9 ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
18:35:54.0326 0x1e84  hpqwmiex - ok
18:35:54.0333 0x1e84  HpSAMD - ok
18:35:54.0350 0x1e84  [ CB5A8B34FA37AE53053F2D3DF05AC1E6, 2C7357079A66AE609F49900181B013E735B4A01C45DA316CD1E8698F93DE6EA8 ] HPSupportSolutionsFrameworkService C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
18:35:54.0363 0x1e84  HPSupportSolutionsFrameworkService - ok
18:35:54.0368 0x1e84  HTTP - ok
18:35:54.0373 0x1e84  hwpolicy - ok
18:35:54.0379 0x1e84  hyperkbd - ok
18:35:54.0384 0x1e84  i8042prt - ok
18:35:54.0391 0x1e84  iai2c - ok
18:35:54.0395 0x1e84  iaLPSS2i_I2C - ok
18:35:54.0399 0x1e84  iaLPSSi_GPIO - ok
18:35:54.0405 0x1e84  iaLPSSi_I2C - ok
18:35:54.0410 0x1e84  iaStorAV - ok
18:35:54.0416 0x1e84  iaStorV - ok
18:35:54.0420 0x1e84  ibbus - ok
18:35:54.0426 0x1e84  icssvc - ok
18:35:54.0431 0x1e84  IEEtwCollectorService - ok
18:35:54.0437 0x1e84  IKEEXT - ok
18:35:54.0447 0x1e84  intelide - ok
18:35:54.0453 0x1e84  intelpep - ok
18:35:54.0459 0x1e84  intelppm - ok
18:35:54.0464 0x1e84  IoQos - ok
18:35:54.0469 0x1e84  IpFilterDriver - ok
18:35:54.0490 0x1e84  iphlpsvc - ok
18:35:54.0495 0x1e84  IPMIDRV - ok
18:35:54.0500 0x1e84  IPNAT - ok
18:35:54.0506 0x1e84  IRENUM - ok
18:35:54.0511 0x1e84  isapnp - ok
18:35:54.0517 0x1e84  iScsiPrt - ok
18:35:54.0523 0x1e84  kbdclass - ok
18:35:54.0528 0x1e84  kbdhid - ok
18:35:54.0534 0x1e84  kdnic - ok
18:35:54.0538 0x1e84  KeyIso - ok
18:35:54.0542 0x1e84  KSecDD - ok
18:35:54.0547 0x1e84  KSecPkg - ok
18:35:54.0554 0x1e84  ksthunk - ok
18:35:54.0559 0x1e84  KtmRm - ok
18:35:54.0564 0x1e84  L1C - ok
18:35:54.0572 0x1e84  LanmanServer - ok
18:35:54.0576 0x1e84  LanmanWorkstation - ok
18:35:54.0584 0x1e84  lfsvc - ok
18:35:54.0589 0x1e84  LicenseManager - ok
18:35:54.0595 0x1e84  lltdio - ok
18:35:54.0600 0x1e84  lltdsvc - ok
18:35:54.0605 0x1e84  lmhosts - ok
18:35:54.0613 0x1e84  LSI_SAS - ok
18:35:54.0617 0x1e84  LSI_SAS2i - ok
18:35:54.0621 0x1e84  LSI_SAS3i - ok
18:35:54.0625 0x1e84  LSI_SSS - ok
18:35:54.0630 0x1e84  LSM - ok
18:35:54.0634 0x1e84  luafv - ok
18:35:54.0660 0x1e84  MapsBroker - ok
18:35:54.0677 0x1e84  [ CFBC6C6D8A492697CABD1D353EE64933, DDAA844908324740C891EB8F08E2A8BB00457063B31C4A762745C1C2415FC12D ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
18:35:54.0685 0x1e84  MBAMProtector - ok
18:35:54.0751 0x1e84  [ AB176B9E59C0435499D83047D84EDD59, 85B826A3972CE9AD885313B69B9C60328B850257667D0EB65DDE890D0BB06361 ] MBAMScheduler   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
18:35:54.0791 0x1e84  MBAMScheduler - ok
18:35:54.0831 0x1e84  [ 40C126CB15FAB7D6C66490DCA9C1AED2, B32CEE2D2409232C245427D5E9647FDF59AF1D8AB5E8A98EE2D1F1314599FD14 ] MBAMService     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
18:35:54.0863 0x1e84  MBAMService - ok
18:35:54.0902 0x1e84  [ 78488AF2AB2111D67B3C4044707A519B, 7AA71B9C4C7949A1A21F60EF7CCEDE0079794990696B60557B5DC86F4D47223A ] MBAMSwissArmy   C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
18:35:54.0913 0x1e84  MBAMSwissArmy - ok
18:35:54.0926 0x1e84  [ 08DECFCB9BA97786165A69AB1015BC30, EDC8C8447B57BD412E2DEBCA9B5B1B58C19D40105DC7CE9520DE214081696B05 ] MBAMWebAccessControl C:\WINDOWS\system32\drivers\mwac.sys
18:35:54.0935 0x1e84  MBAMWebAccessControl - ok
18:35:54.0939 0x1e84  megasas - ok
18:35:54.0944 0x1e84  megasr - ok
18:35:54.0948 0x1e84  MessagingService - ok
18:35:54.0975 0x1e84  mlx4_bus - ok
18:35:54.0980 0x1e84  MMCSS - ok
18:35:54.0985 0x1e84  Modem - ok
18:35:54.0989 0x1e84  monitor - ok
18:35:54.0993 0x1e84  mouclass - ok
18:35:54.0997 0x1e84  mouhid - ok
18:35:55.0002 0x1e84  mountmgr - ok
18:35:55.0025 0x1e84  [ 4DA42FB0A8294C9FBD52B0EF2EA9EE07, 4C327BC4DCE86CE5DFDD57F2CF09DD9EF52E3E1D0D74BB5825808975FFA7B0FD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:35:55.0037 0x1e84  MozillaMaintenance - ok
18:35:55.0042 0x1e84  mpsdrv - ok
18:35:55.0047 0x1e84  MpsSvc - ok
18:35:55.0051 0x1e84  MRxDAV - ok
18:35:55.0055 0x1e84  mrxsmb - ok
18:35:55.0060 0x1e84  mrxsmb10 - ok
18:35:55.0064 0x1e84  mrxsmb20 - ok
18:35:55.0069 0x1e84  MsBridge - ok
18:35:55.0092 0x1e84  MSDTC - ok
18:35:55.0100 0x1e84  Msfs - ok
18:35:55.0104 0x1e84  msgpiowin32 - ok
18:35:55.0109 0x1e84  mshidkmdf - ok
18:35:55.0114 0x1e84  mshidumdf - ok
18:35:55.0118 0x1e84  msisadrv - ok
18:35:55.0122 0x1e84  MSiSCSI - ok
18:35:55.0127 0x1e84  msiserver - ok
18:35:55.0131 0x1e84  MSKSSRV - ok
18:35:55.0136 0x1e84  MsLldp - ok
18:35:55.0141 0x1e84  MSPCLOCK - ok
18:35:55.0145 0x1e84  MSPQM - ok
18:35:55.0150 0x1e84  MsRPC - ok
18:35:55.0157 0x1e84  mssmbios - ok
18:35:55.0161 0x1e84  MSTEE - ok
18:35:55.0166 0x1e84  MTConfig - ok
18:35:55.0170 0x1e84  Mup - ok
18:35:55.0175 0x1e84  mvumis - ok
18:35:55.0181 0x1e84  NativeWifiP - ok
18:35:55.0185 0x1e84  NcaSvc - ok
18:35:55.0190 0x1e84  NcbService - ok
18:35:55.0194 0x1e84  NcdAutoSetup - ok
18:35:55.0198 0x1e84  ndfltr - ok
18:35:55.0203 0x1e84  NDIS - ok
18:35:55.0207 0x1e84  NdisCap - ok
18:35:55.0212 0x1e84  NdisImPlatform - ok
18:35:55.0216 0x1e84  NdisTapi - ok
18:35:55.0221 0x1e84  Ndisuio - ok
18:35:55.0225 0x1e84  NdisVirtualBus - ok
18:35:55.0229 0x1e84  NdisWan - ok
18:35:55.0234 0x1e84  ndiswanlegacy - ok
18:35:55.0239 0x1e84  ndproxy - ok
18:35:55.0243 0x1e84  Ndu - ok
18:35:55.0248 0x1e84  NetBIOS - ok
18:35:55.0255 0x1e84  NetBT - ok
18:35:55.0259 0x1e84  Netlogon - ok
18:35:55.0264 0x1e84  Netman - ok
18:35:55.0269 0x1e84  netprofm - ok
18:35:55.0276 0x1e84  NetSetupSvc - ok
18:35:55.0297 0x1e84  NetTcpPortSharing - ok
18:35:55.0304 0x1e84  NgcCtnrSvc - ok
18:35:55.0308 0x1e84  NgcSvc - ok
18:35:55.0312 0x1e84  NlaSvc - ok
18:35:55.0339 0x1e84  [ 907B5E1E4A592E5EDC5E4CCBDE4863C2, 7A3FA5B779CBBED46CA81328951B71352E4FC60153A91965877834EC7C6F0074 ] nmwcd           C:\WINDOWS\system32\drivers\ccdcmbx64.sys
18:35:55.0360 0x1e84  nmwcd - ok
18:35:55.0383 0x1e84  [ 41C1AC1F3613435EB32D67BCB80A5FA5, 93A313BC4A7FA2FC3372CFBF2D76F417007B4A82455092724D3B0B6FA5A88F23 ] nmwcdc          C:\WINDOWS\system32\drivers\ccdcmbox64.sys
18:35:55.0404 0x1e84  nmwcdc - ok
18:35:55.0408 0x1e84  Npfs - ok
18:35:55.0413 0x1e84  npsvctrig - ok
18:35:55.0418 0x1e84  nsi - ok
18:35:55.0422 0x1e84  nsiproxy - ok
18:35:55.0429 0x1e84  NTFS - ok
18:35:55.0433 0x1e84  Null - ok
18:35:55.0437 0x1e84  nvraid - ok
18:35:55.0442 0x1e84  nvstor - ok
18:35:55.0447 0x1e84  nv_agp - ok
18:35:55.0505 0x1e84  [ 34DAD38382A487D977573018D76193E7, 3367BA5374A98ED03D9D88299D84C81953233E55C84ABC0722AA251BD269BBD8 ] omniserv        C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
18:35:55.0523 0x1e84  omniserv - detected UnsignedFile.Multi.Generic ( 1 )
18:35:58.0016 0x1e84  Detect skipped due to KSN trusted
18:35:58.0016 0x1e84  omniserv - ok
18:35:58.0028 0x1e84  OneSyncSvc - ok
18:35:58.0085 0x1e84  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:35:58.0099 0x1e84  ose - ok
18:35:58.0244 0x1e84  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:35:58.0362 0x1e84  osppsvc - ok
18:35:58.0376 0x1e84  p2pimsvc - ok
18:35:58.0381 0x1e84  p2psvc - ok
18:35:58.0386 0x1e84  Parport - ok
18:35:58.0390 0x1e84  partmgr - ok
18:35:58.0396 0x1e84  PcaSvc - ok
18:35:58.0400 0x1e84  pci - ok
18:35:58.0407 0x1e84  pciide - ok
18:35:58.0412 0x1e84  pcmcia - ok
18:35:58.0417 0x1e84  pcw - ok
18:35:58.0423 0x1e84  pdc - ok
18:35:58.0428 0x1e84  PEAUTH - ok
18:35:58.0453 0x1e84  percsas2i - ok
18:35:58.0457 0x1e84  percsas3i - ok
18:35:58.0504 0x1e84  PerfHost - ok
18:35:58.0527 0x1e84  PhoneSvc - ok
18:35:58.0532 0x1e84  PimIndexMaintenanceSvc - ok
18:35:58.0540 0x1e84  pla - ok
18:35:58.0563 0x1e84  PlugPlay - ok
18:35:58.0567 0x1e84  PNRPAutoReg - ok
18:35:58.0571 0x1e84  PNRPsvc - ok
18:35:58.0575 0x1e84  PolicyAgent - ok
18:35:58.0582 0x1e84  Power - ok
18:35:58.0586 0x1e84  PptpMiniport - ok
18:35:58.0753 0x1e84  [ 959F94AD1255BC749884EDDD14EC29C4, 2CD6DA9778EA36FA0B4080F6DB1C634712238E014E47546403CD3CDB35A1DCA8 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
18:35:58.0880 0x1e84  PrintNotify - ok
18:35:58.0893 0x1e84  Processor - ok
18:35:58.0898 0x1e84  ProfSvc - ok
18:35:58.0902 0x1e84  Psched - ok
18:35:58.0924 0x1e84  QWAVE - ok
18:35:58.0928 0x1e84  QWAVEdrv - ok
18:35:58.0947 0x1e84  RasAcd - ok
18:35:58.0951 0x1e84  RasAgileVpn - ok
18:35:58.0959 0x1e84  RasAuto - ok
18:35:58.0963 0x1e84  Rasl2tp - ok
18:35:58.0967 0x1e84  RasMan - ok
18:35:58.0971 0x1e84  RasPppoe - ok
18:35:58.0976 0x1e84  RasSstp - ok
18:35:58.0980 0x1e84  rdbss - ok
18:35:58.0986 0x1e84  rdpbus - ok
18:35:58.0991 0x1e84  RDPDR - ok
18:35:58.0999 0x1e84  RdpVideoMiniport - ok
18:35:59.0003 0x1e84  rdyboost - ok
18:35:59.0016 0x1e84  ReFSv1 - ok
18:35:59.0021 0x1e84  RemoteAccess - ok
18:35:59.0026 0x1e84  RemoteRegistry - ok
18:35:59.0030 0x1e84  RetailDemo - ok
18:35:59.0035 0x1e84  RpcEptMapper - ok
18:35:59.0058 0x1e84  RpcLocator - ok
18:35:59.0062 0x1e84  RpcSs - ok
18:35:59.0066 0x1e84  rspndr - ok
18:35:59.0071 0x1e84  RSUSBSTOR - ok
18:35:59.0107 0x1e84  [ AB959F26FBB851A9D31E2F229DB3FA1A, 35961B761C83B48DBB9960C6DEC89806F3BC9FA0F450E566333ABE3F22E42AA9 ] RTSUER          C:\WINDOWS\system32\Drivers\RtsUer.sys
18:35:59.0123 0x1e84  RTSUER - ok
18:35:59.0128 0x1e84  s3cap - ok
18:35:59.0132 0x1e84  SamSs - ok
18:35:59.0136 0x1e84  sbp2port - ok
18:35:59.0140 0x1e84  SCardSvr - ok
18:35:59.0144 0x1e84  ScDeviceEnum - ok
18:35:59.0149 0x1e84  scfilter - ok
18:35:59.0153 0x1e84  Schedule - ok
18:35:59.0157 0x1e84  SCPolicySvc - ok
18:35:59.0162 0x1e84  sdbus - ok
18:35:59.0167 0x1e84  SDRSVC - ok
18:35:59.0229 0x1e84  [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
18:35:59.0274 0x1e84  SDScannerService - ok
18:35:59.0296 0x1e84  sdstor - ok
18:35:59.0374 0x1e84  [ 68D6C7F99BC73B88954D844FCCBEB2A0, F746861B103C8BE8EA234B9FCFBBDD2412C79FB65F2F1E0F5E6EBC0B34905FF1 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
18:35:59.0427 0x1e84  SDUpdateService - ok
18:35:59.0440 0x1e84  [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
18:35:59.0452 0x1e84  SDWSCService - ok
18:35:59.0457 0x1e84  seclogon - ok
18:35:59.0462 0x1e84  SENS - ok
18:35:59.0468 0x1e84  SensorDataService - ok
18:35:59.0491 0x1e84  SensorService - ok
18:35:59.0495 0x1e84  SensrSvc - ok
18:35:59.0500 0x1e84  SerCx - ok
18:35:59.0505 0x1e84  SerCx2 - ok
18:35:59.0509 0x1e84  Serenum - ok
18:35:59.0513 0x1e84  Serial - ok
18:35:59.0518 0x1e84  sermouse - ok
18:35:59.0528 0x1e84  SessionEnv - ok
18:35:59.0532 0x1e84  sfloppy - ok
18:35:59.0537 0x1e84  SharedAccess - ok
18:35:59.0542 0x1e84  ShellHWDetection - ok
18:35:59.0546 0x1e84  SiSRaid2 - ok
18:35:59.0551 0x1e84  SiSRaid4 - ok
18:35:59.0556 0x1e84  smphost - ok
18:35:59.0560 0x1e84  SmsRouter - ok
18:35:59.0569 0x1e84  SNMPTRAP - ok
18:35:59.0613 0x1e84  [ 3A4F2C0BB87A0895ABEBA341AA1E341B, 4DADEEF3C5D181502D6F4A00FBBF3B001FA626E49569FB330D7AE2955CC7DE08 ] Sony PC Companion C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
18:35:59.0625 0x1e84  Sony PC Companion - detected UnsignedFile.Multi.Generic ( 1 )
18:35:59.0918 0x0264  Object required for P2P: [ 295A5BFCE8D225D014DB4E6E69336279 ] AdobeFlashPlayerUpdateSvc
18:36:02.0199 0x1e84  Detect skipped due to KSN trusted
18:36:02.0199 0x1e84  Sony PC Companion - ok
18:36:02.0208 0x1e84  spaceport - ok
18:36:02.0215 0x1e84  SpbCx - ok
18:36:02.0221 0x1e84  Spooler - ok
18:36:02.0226 0x1e84  sppsvc - ok
18:36:02.0232 0x1e84  srv - ok
18:36:02.0238 0x1e84  srv2 - ok
18:36:02.0243 0x1e84  srvnet - ok
18:36:02.0248 0x1e84  SSDPSRV - ok
18:36:02.0271 0x1e84  SstpSvc - ok
18:36:02.0303 0x1e84  [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm         C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
18:36:02.0314 0x1e84  ssudmdm - ok
18:36:02.0374 0x1e84  [ 1BCCBF911C437AF26A752128D47AF511, 94115AC2925601D24ECF2E86757893D5844B13EEFD8E1095610385EBAAA8672E ] STacSV          C:\Program Files\IDT\WDM\STacSV64.exe
18:36:02.0390 0x1e84  STacSV - detected UnsignedFile.Multi.Generic ( 1 )
18:36:02.0408 0x0264  Object send P2P result: true
18:36:02.0409 0x0264  Object required for P2P: [ 81E02299B534F61E104C1235519C37B3 ] AntiVirMailService
18:36:04.0824 0x0264  Object send P2P result: true
18:36:04.0824 0x0264  Object required for P2P: [ 3CBE5047BB08BD363420D68364F9E829 ] AntiVirSchedulerService
18:36:04.0909 0x1e84  Detect skipped due to KSN trusted
18:36:04.0909 0x1e84  STacSV - ok
18:36:04.0938 0x1e84  StateRepository - ok
18:36:04.0945 0x1e84  stexstor - ok
18:36:04.0991 0x1e84  [ 71CB3BB20F08BB724769DAAAFD5AB26E, FC4B2BD03037EC07F4443BBE13A28859035F7229CA06D4E42AFB42ABF1A89F09 ] STHDA           C:\WINDOWS\system32\DRIVERS\stwrt64.sys
18:36:05.0028 0x1e84  STHDA - ok
18:36:05.0053 0x1e84  stisvc - ok
18:36:05.0056 0x1e84  storahci - ok
18:36:05.0061 0x1e84  storflt - ok
18:36:05.0065 0x1e84  stornvme - ok
18:36:05.0069 0x1e84  storqosflt - ok
18:36:05.0074 0x1e84  StorSvc - ok
18:36:05.0079 0x1e84  storufs - ok
18:36:05.0083 0x1e84  storvsc - ok
18:36:05.0087 0x1e84  svsvc - ok
18:36:05.0091 0x1e84  swenum - ok
18:36:05.0096 0x1e84  swprv - ok
18:36:05.0100 0x1e84  Synth3dVsc - ok
18:36:05.0105 0x1e84  SysMain - ok
18:36:05.0114 0x1e84  SystemEventsBroker - ok
18:36:05.0124 0x1e84  TabletInputService - ok
18:36:05.0128 0x1e84  TapiSrv - ok
18:36:05.0133 0x1e84  Tcpip - ok
18:36:05.0137 0x1e84  Tcpip6 - ok
18:36:05.0143 0x1e84  tcpipreg - ok
18:36:05.0150 0x1e84  tdx - ok
18:36:05.0154 0x1e84  terminpt - ok
18:36:05.0159 0x1e84  TermService - ok
18:36:05.0164 0x1e84  Themes - ok
18:36:05.0168 0x1e84  TieringEngineService - ok
18:36:05.0173 0x1e84  tiledatamodelsvc - ok
18:36:05.0177 0x1e84  TimeBroker - ok
18:36:05.0181 0x1e84  TPM - ok
18:36:05.0186 0x1e84  TrkWks - ok
18:36:05.0233 0x1e84  TrustedInstaller - ok
18:36:05.0239 0x1e84  tsusbflt - ok
18:36:05.0243 0x1e84  TsUsbGD - ok
18:36:05.0248 0x1e84  tunnel - ok
18:36:05.0255 0x1e84  tzautoupdate - ok
18:36:05.0259 0x1e84  uagp35 - ok
18:36:05.0263 0x1e84  UASPStor - ok
18:36:05.0268 0x1e84  UcmCx0101 - ok
18:36:05.0272 0x1e84  UcmUcsi - ok
18:36:05.0276 0x1e84  Ucx01000 - ok
18:36:05.0281 0x1e84  UdeCx - ok
18:36:05.0286 0x1e84  udfs - ok
18:36:05.0291 0x1e84  UEFI - ok
18:36:05.0295 0x1e84  Ufx01000 - ok
18:36:05.0299 0x1e84  UfxChipidea - ok
18:36:05.0304 0x1e84  ufxsynopsys - ok
18:36:05.0312 0x1e84  UI0Detect - ok
18:36:05.0317 0x1e84  uliagpkx - ok
18:36:05.0321 0x1e84  umbus - ok
18:36:05.0325 0x1e84  UmPass - ok
18:36:05.0329 0x1e84  UmRdpService - ok
18:36:05.0335 0x1e84  UnistoreSvc - ok
18:36:05.0362 0x1e84  upnphost - ok
18:36:05.0390 0x1e84  [ 4E93C8496359E97830C75AC36393654D, D0482257B019512D77484D92E4DEFEFE4FED53CB440ACB7AA879D6FD0574FA9A ] upperdev        C:\WINDOWS\system32\DRIVERS\usbser_lowerfltx64.sys
18:36:05.0410 0x1e84  upperdev - ok
18:36:05.0415 0x1e84  UrsChipidea - ok
18:36:05.0419 0x1e84  UrsCx01000 - ok
18:36:05.0423 0x1e84  UrsSynopsys - ok
18:36:05.0428 0x1e84  usbccgp - ok
18:36:05.0432 0x1e84  usbcir - ok
18:36:05.0436 0x1e84  usbehci - ok
18:36:05.0442 0x1e84  usbhub - ok
18:36:05.0447 0x1e84  USBHUB3 - ok
18:36:05.0451 0x1e84  usbohci - ok
18:36:05.0455 0x1e84  usbprint - ok
18:36:05.0465 0x1e84  [ D67B6A4A6FB99D29444C2DBA2B636799, 62BC778D60593B2AB0DA13C4DB3EA5971895AE09DA06E8AB2D03973C940C890C ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:36:05.0480 0x1e84  usbscan - ok
18:36:05.0484 0x1e84  usbser - ok
18:36:05.0506 0x1e84  [ 8844CB19A37B65E27049D4A7786726A9, 4D772174A320F02E2F87BDF8C6EBBFDE04C9763D3C21FE9557DE938521508A59 ] UsbserFilt      C:\WINDOWS\system32\DRIVERS\usbser_lowerfltjx64.sys
18:36:05.0527 0x1e84  UsbserFilt - ok
18:36:05.0531 0x1e84  USBSTOR - ok
18:36:05.0535 0x1e84  usbuhci - ok
18:36:05.0539 0x1e84  USBXHCI - ok
18:36:05.0544 0x1e84  UserDataSvc - ok
18:36:05.0557 0x1e84  UserManager - ok
18:36:05.0562 0x1e84  UsoSvc - ok
18:36:05.0565 0x1e84  VaultSvc - ok
18:36:05.0570 0x1e84  vdrvroot - ok
18:36:05.0575 0x1e84  vds - ok
18:36:05.0579 0x1e84  VerifierExt - ok
18:36:05.0584 0x1e84  vhdmp - ok
18:36:05.0588 0x1e84  vhf - ok
18:36:05.0593 0x1e84  vmbus - ok
18:36:05.0597 0x1e84  VMBusHID - ok
18:36:05.0621 0x1e84  vmicguestinterface - ok
18:36:05.0625 0x1e84  vmicheartbeat - ok
18:36:05.0629 0x1e84  vmickvpexchange - ok
18:36:05.0634 0x1e84  vmicrdv - ok
18:36:05.0638 0x1e84  vmicshutdown - ok
18:36:05.0642 0x1e84  vmictimesync - ok
18:36:05.0646 0x1e84  vmicvmsession - ok
18:36:05.0650 0x1e84  vmicvss - ok
18:36:05.0655 0x1e84  volmgr - ok
18:36:05.0659 0x1e84  volmgrx - ok
18:36:05.0663 0x1e84  volsnap - ok
18:36:05.0668 0x1e84  vpci - ok
18:36:05.0672 0x1e84  vsmraid - ok
18:36:05.0677 0x1e84  VSS - ok
18:36:05.0681 0x1e84  VSTXRAID - ok
18:36:05.0686 0x1e84  vwifibus - ok
18:36:05.0690 0x1e84  vwififlt - ok
18:36:05.0696 0x1e84  W32Time - ok
18:36:05.0745 0x1e84  w3logsvc - ok
18:36:05.0749 0x1e84  WacomPen - ok
18:36:05.0754 0x1e84  WalletService - ok
18:36:05.0758 0x1e84  wanarp - ok
18:36:05.0762 0x1e84  wanarpv6 - ok
18:36:05.0767 0x1e84  WAS - ok
18:36:05.0771 0x1e84  wbengine - ok
18:36:05.0776 0x1e84  WbioSrvc - ok
18:36:05.0787 0x1e84  Wcmsvc - ok
18:36:05.0791 0x1e84  wcncsvc - ok
18:36:05.0795 0x1e84  WcsPlugInService - ok
18:36:05.0818 0x1e84  WdBoot - ok
18:36:05.0822 0x1e84  Wdf01000 - ok
18:36:05.0827 0x1e84  WdFilter - ok
18:36:05.0832 0x1e84  WdiServiceHost - ok
18:36:05.0836 0x1e84  WdiSystemHost - ok
18:36:05.0841 0x1e84  wdiwifi - ok
18:36:05.0846 0x1e84  WdNisDrv - ok
18:36:05.0863 0x1e84  WdNisSvc - ok
18:36:05.0868 0x1e84  WebClient - ok
18:36:05.0872 0x1e84  Wecsvc - ok
18:36:05.0877 0x1e84  WEPHOSTSVC - ok
18:36:05.0881 0x1e84  wercplsupport - ok
18:36:05.0886 0x1e84  WerSvc - ok
18:36:05.0890 0x1e84  WFPLWFS - ok
18:36:05.0895 0x1e84  WiaRpc - ok
18:36:05.0900 0x1e84  WIMMount - ok
18:36:05.0904 0x1e84  WinDefend - ok
18:36:05.0914 0x1e84  WindowsTrustedRT - ok
18:36:05.0918 0x1e84  WindowsTrustedRTProxy - ok
18:36:05.0922 0x1e84  WinHttpAutoProxySvc - ok
18:36:05.0928 0x1e84  WinMad - ok
18:36:05.0953 0x1e84  Winmgmt - ok
18:36:05.0958 0x1e84  WinRM - ok
18:36:05.0967 0x1e84  WINUSB - ok
18:36:05.0971 0x1e84  WinVerbs - ok
18:36:05.0976 0x1e84  WlanSvc - ok
18:36:05.0980 0x1e84  wlidsvc - ok
18:36:05.0984 0x1e84  WmiAcpi - ok
18:36:05.0991 0x1e84  wmiApSrv - ok
18:36:05.0996 0x1e84  WMPNetworkSvc - ok
18:36:06.0007 0x1e84  [ 2A9650FCC696DB28E45EA8B33B99B8E6, FBEBC6C05D50F578C6EEE0A7285EBE1DEADB08DD21FA3232630FD8D5A68FC3FB ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
18:36:06.0024 0x1e84  Wof - ok
18:36:06.0031 0x1e84  workfolderssvc - ok
18:36:06.0036 0x1e84  wpcfltr - ok
18:36:06.0041 0x1e84  WPDBusEnum - ok
18:36:06.0045 0x1e84  WpdUpFltr - ok
18:36:06.0049 0x1e84  WpnService - ok
18:36:06.0054 0x1e84  ws2ifsl - ok
18:36:06.0059 0x1e84  wscsvc - ok
18:36:06.0063 0x1e84  WSearch - ok
18:36:06.0070 0x1e84  WSService - ok
18:36:06.0082 0x1e84  wuauserv - ok
18:36:06.0086 0x1e84  WudfPf - ok
18:36:06.0091 0x1e84  WUDFRd - ok
18:36:06.0095 0x1e84  wudfsvc - ok
18:36:06.0100 0x1e84  WUDFWpdFs - ok
18:36:06.0105 0x1e84  WUDFWpdMtp - ok
18:36:06.0110 0x1e84  WwanSvc - ok
18:36:06.0114 0x1e84  XblAuthManager - ok
18:36:06.0119 0x1e84  XblGameSave - ok
18:36:06.0124 0x1e84  xboxgip - ok
18:36:06.0144 0x1e84  XboxNetApiSvc - ok
18:36:06.0150 0x1e84  xinputhid - ok
18:36:06.0153 0x1e84  ================ Scan global ===============================
18:36:06.0176 0x1e84  [ Global ] - ok
18:36:06.0177 0x1e84  ================ Scan MBR ==================================
18:36:06.0216 0x1e84  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
18:36:06.0298 0x1e84  \Device\Harddisk0\DR0 - ok
18:36:06.0307 0x1e84  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
18:36:06.0622 0x1e84  \Device\Harddisk1\DR1 - ok
18:36:06.0629 0x1e84  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk3\DR3
18:36:07.0068 0x1e84  \Device\Harddisk3\DR3 - ok
18:36:07.0069 0x1e84  ================ Scan VBR ==================================
18:36:07.0072 0x1e84  [ 376E633C7587F79F458060B1C368FAB2 ] \Device\Harddisk0\DR0\Partition1
18:36:07.0117 0x1e84  \Device\Harddisk0\DR0\Partition1 - ok
18:36:07.0136 0x1e84  [ B2C1A1CBC7605CDD520F5124BC8D3DD9 ] \Device\Harddisk0\DR0\Partition2
18:36:07.0198 0x1e84  \Device\Harddisk0\DR0\Partition2 - ok
18:36:07.0209 0x1e84  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
18:36:07.0210 0x1e84  \Device\Harddisk0\DR0\Partition3 - ok
18:36:07.0224 0x1e84  [ 00B01F33346403C41B8E61D345A1D345 ] \Device\Harddisk0\DR0\Partition4
18:36:07.0240 0x0264  Object send P2P result: true
18:36:07.0241 0x0264  Object required for P2P: [ 3CBE5047BB08BD363420D68364F9E829 ] AntiVirService
18:36:07.0283 0x1e84  \Device\Harddisk0\DR0\Partition4 - ok
18:36:07.0311 0x1e84  [ 1C49EACFA80D391DBE70A2B0F3ADCC7D ] \Device\Harddisk0\DR0\Partition5
18:36:07.0314 0x1e84  \Device\Harddisk0\DR0\Partition5 - ok
18:36:07.0327 0x1e84  [ BC70E874EB20C267009999F09C8D7145 ] \Device\Harddisk0\DR0\Partition6
18:36:07.0328 0x1e84  \Device\Harddisk0\DR0\Partition6 - ok
18:36:07.0343 0x1e84  [ 281D66DAD453D91353865A991D054281 ] \Device\Harddisk1\DR1\Partition1
18:36:07.0345 0x1e84  \Device\Harddisk1\DR1\Partition1 - ok
18:36:07.0351 0x1e84  [ 9553C1432C76C2A34DAA350BCCB3664C ] \Device\Harddisk3\DR3\Partition1
18:36:07.0398 0x1e84  \Device\Harddisk3\DR3\Partition1 - ok
18:36:07.0399 0x1e84  ================ Scan generic autorun ======================
18:36:07.0534 0x1e84  [ 25EB77F5D9382ED9D3F5C199CFCA8C3A, E26AE59650724481014C8F3253BA26B032F15A351EA93C340E9CBEBDF5361F21 ] C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
18:36:07.0602 0x1e84  SimplePass - ok
18:36:07.0613 0x1e84  [ CAD4EDFE6FB6EF55F0F106A68A062644, 566EBB7DA53A814FB310D29593F8AF386FD6D0B288058A4210D799454D4CC9EB ] C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
18:36:07.0622 0x1e84  OPBHOBroker - ok
18:36:07.0628 0x1e84  [ A4F6EEE70B4F6F82E6EA72372B37BCCC, 375E2FB20D379B7DB32C76A42EE9F3A29CA3D356EA8016E041C69D31C167212F ] C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
18:36:07.0637 0x1e84  OPBHOBrokerDesktop - ok
18:36:07.0690 0x1e84  [ 1489DDEF9CAE011AFE25F78268780ADA, EFE8ED200ED9615DAD6D6D545D384D645B5272A3E4BFAFF3CB78DF329AD56CDC ] C:\Program Files\IDT\WDM\sttray64.exe
18:36:07.0759 0x1e84  SysTrayApp - detected UnsignedFile.Multi.Generic ( 1 )
18:36:10.0272 0x1e84  Detect skipped due to KSN trusted
18:36:10.0272 0x1e84  SysTrayApp - ok
18:36:10.0296 0x1e84  [ 96A1D93D16F959C6F5A63E749A9F2EF7, 9EDD4EEC5C625ECF4A1C82318ED6B74404E63A3D43312B53E4F627D76D47658C ] C:\Program Files\IDT\WDM\beats64.exe
18:36:10.0323 0x1e84  BeatsOSDApp - detected UnsignedFile.Multi.Generic ( 1 )
18:36:12.0842 0x1e84  Detect skipped due to KSN trusted
18:36:12.0842 0x1e84  BeatsOSDApp - ok
18:36:13.0005 0x1e84  [ 4C6AAABB264526A9C845A39AEBB79B69, B27F869E8B44CC5F1F9ADCA53AA848C16D706587ED9C7F995AE59BF9B0426523 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe
18:36:13.0032 0x1e84  StartCCC - ok
18:36:13.0069 0x1e84  [ 5668994A6AE925189C7D7F03BFE19C66, 269146783422D06BE2BA5D358D22B03339C102D0D5970894625C9C03BFCCB773 ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
18:36:13.0113 0x1e84  avgnt - ok
18:36:13.0152 0x1e84  [ 112067B1E0C808FD01AB4E4E1FF32E95, 9445BC48E49BB04750869E21AA2E55F2A8D4184B936CDA5B0C82323F1DAD4731 ] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
18:36:13.0169 0x1e84  DivXMediaServer - ok
18:36:13.0264 0x1e84  [ 16AFB34618E1286FF856DC600AC49C79, 431EC110507685A0F4472EAE35383B4C1E3DC0B56E01CDECFB18F753181DC995 ] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
18:36:13.0311 0x1e84  DivXUpdate - ok
18:36:13.0401 0x1e84  [ 57C635C41750117D206C90DA9C599777, D5291ED79FC08217758FB526FC8CCC9D374B65B49446104D271C36B0C1298446 ] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
18:36:13.0480 0x1e84  BrMfcWnd - detected UnsignedFile.Multi.Generic ( 1 )
18:36:14.0751 0x0264  Object send P2P result: true
18:36:14.0752 0x0264  Object required for P2P: [ CAA9D66CA6D21AF0AE7DA01D5AC6CC2F ] AntiVirWebService
18:36:16.0096 0x1e84  BrMfcWnd ( UnsignedFile.Multi.Generic ) - warning
18:36:17.0170 0x0264  Object send P2P result: true
18:36:17.0171 0x0264  Object required for P2P: [ 4764D299855174D6B5C7DA853B490029 ] avipbb
18:36:18.0534 0x1e84  [ 4DE3EF07E0854547309C6B40235A9D44, F73D8E6D98583865D1C8DB728058D83C72A3908E21E04EF313FCB829C040A1EC ] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe
18:36:18.0553 0x1e84  ControlCenter3 - detected UnsignedFile.Multi.Generic ( 1 )
18:36:19.0583 0x0264  Object send P2P result: true
18:36:19.0583 0x0264  Object required for P2P: [ E477AF94ACCCF99A0E56D71D450DCCCB ] avnetflt
18:36:21.0084 0x1e84  Detect skipped due to KSN trusted
18:36:21.0084 0x1e84  ControlCenter3 - ok
18:36:21.0232 0x1e84  [ 7EE68A122ED08E4AAD8DA551E34D2515, B3C9AB270AF595D3DBAFBF4A312B96CBF00C16F0A03CCC86BE56825CD1EB7143 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
18:36:21.0336 0x1e84  SDTray - ok
18:36:21.0391 0x1e84  OneDriveSetup - ok
18:36:21.0394 0x1e84  OneDriveSetup - ok
18:36:21.0460 0x1e84  [ 4170EF4E0FB4408F1BDBCBDB75656FD8, A3D600DA2CAB7F1C9121E7FEDAF89D30F6E6FBA237B361C1C67B37EEB85773B0 ] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
18:36:21.0497 0x1e84  Sony PC Companion - detected UnsignedFile.Multi.Generic ( 1 )
18:36:21.0998 0x0264  Object send P2P result: true
18:36:24.0020 0x1e84  Detect skipped due to KSN trusted
18:36:24.0020 0x1e84  Sony PC Companion - ok
18:36:24.0175 0x1e84  [ 9C87F68F116A84078BFAE07E2BADCBEF, 1B50EA6FF8E3CAF6277A7D2CBD1BDFA9E2B6F8CB1DBD914F42F752C813DD977A ] C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup_internetsecuritysuite.exe
18:36:24.0286 0x1e84  AviraSpeedup - ok
18:36:24.0397 0x1e84  [ DC36DEA4261E179B7AB63160AD000AD1, EB5071B81E0076D67A7A71E64BED8F3300363832EA39282CD396A0FAB3D3CE84 ] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
18:36:24.0436 0x1e84  GarminExpressTrayApp - ok
18:36:24.0591 0x1e84  [ 2010CA459E5EC8F9D5FC8B000D130294, 058FF215A3AAD04F2A4CF23B2CC62A5EA28F5A705EFA689DCE9126720CF33229 ] C:\Users\Sven\AppData\Local\Microsoft\OneDrive\OneDrive.exe
18:36:24.0618 0x1e84  OneDrive - ok
18:36:24.0676 0x1e84  [ F51BB12D8977D26C1A4CDA348770D9F1, DDA35CD8F8A6591B83821B5180D457740E0B820CCE000BC7FB1B78FB4AEAD3BA ] C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe
18:36:24.0715 0x1e84  SpybotPostWindows10UpgradeReInstall - detected UnsignedFile.Multi.Generic ( 1 )
18:36:27.0234 0x1e84  SpybotPostWindows10UpgradeReInstall ( UnsignedFile.Multi.Generic ) - warning
18:36:27.0234 0x1e84  Force sending object to P2P due to detect: C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe
18:36:29.0667 0x1e84  Object send P2P result: true
18:36:29.0921 0x1988  Object required for P2P: [ 2010CA459E5EC8F9D5FC8B000D130294 ] C:\Users\Sven\AppData\Local\Microsoft\OneDrive\OneDrive.exe
18:36:32.0013 0x1e84  Waiting for KSN requests completion. In queue: 1
18:36:32.0339 0x1988  Object send P2P result: true
18:36:33.0053 0x1e84  AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 15.0.15.106 ), 0x41000 ( enabled : updated )
18:36:33.0071 0x1e84  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.9.10586.0 ), 0x60100 ( disabled : updated )
18:36:33.0078 0x1e84  Win FW state via NFP2: enabled ( trusted )
18:36:35.0419 0x1e84  ============================================================
18:36:35.0419 0x1e84  Scan finished
18:36:35.0419 0x1e84  ============================================================
18:36:35.0439 0x0d00  Detected object count: 2
18:36:35.0439 0x0d00  Actual detected object count: 2
18:38:24.0587 0x0d00  BrMfcWnd ( UnsignedFile.Multi.Generic ) - skipped by user
18:38:24.0587 0x0d00  BrMfcWnd ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:38:24.0589 0x0d00  SpybotPostWindows10UpgradeReInstall ( UnsignedFile.Multi.Generic ) - skipped by user
18:38:24.0589 0x0d00  SpybotPostWindows10UpgradeReInstall ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
So, und hier der TDSSKiller nach dem Neustart
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
durchgeführt von Sven (Administrator) auf PCSASV (08-02-2016 18:45:23)
Gestartet von C:\Users\Sven\Downloads
Geladene Profile: Sven (Verfügbare Profile: Sven)
Platform: Windows 10 Home Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\PlacesServer.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.0_none_95e4f9a171a1ad95\TiWorker.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2793016 2013-09-05] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [154680 2013-09-05] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [154680 2013-09-05] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-06-04] (IDT, Inc.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-08-22] (Hewlett-Packard )
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [803200 2015-12-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-19] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [455392 2015-04-10] (Sony)
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001\...\Run: [AviraSpeedup] => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup_internetsecuritysuite.exe [5395704 2014-11-24] (Avira)
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2016-01-28] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2016-01-28] (Garmin Ltd. or its subsidiaries)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{1c8f6359-ea3a-4a45-89e9-c1bec74245c9}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK14/4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK14/4
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK14/4
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPDSK14/4
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {22C7A57A-4D2D-4DAD-B778-32C842155EB9} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {22C7A57A-4D2D-4DAD-B778-32C842155EB9} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3896469874-4053130608-2395046965-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3896469874-4053130608-2395046965-1001 -> {22C7A57A-4D2D-4DAD-B778-32C842155EB9} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3896469874-4053130608-2395046965-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19] (Hewlett-Packard Company)
Toolbar: HKLM - Kein Name - {41564952-412D-5637-4300-7A786E7484D7} -  Keine Datei
Toolbar: HKLM-x32 - Kein Name - {41564952-412D-5637-4300-7A786E7484D7} -  Keine Datei

FireFox:
========
FF ProfilePath: C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\kw99fd1p.default
FF Homepage: hxxps://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-23] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-23] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-08-13] (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3896469874-4053130608-2395046965-1001: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2015-05-29] (Sony Network Entertainment International LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files (x86)\Sony\Media Go\MediaGoDetector.crx" <nicht gefunden>

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-11-04] (Advanced Micro Devices, Inc.)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [948392 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [466408 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [466408 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1418560 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-09-05] () [Datei ist nicht signiert]
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink)
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [803856 2016-01-28] (Garmin Ltd. or its subsidiaries)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-09-05] (Softex Inc.) [Datei ist nicht signiert]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) [Datei ist nicht signiert]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [333824 2013-06-04] (IDT, Inc.) [Datei ist nicht signiert]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [135880 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [146696 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [73032 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-08] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402136 2016-01-18] (Realsil Semiconductor Corporation)
U5 usbfilter; C:\Windows\System32\Drivers\usbfilter.sys [58536 2012-08-29] (Advanced Micro Devices)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 RSUSBSTOR; \SystemRoot\System32\Drivers\RtsUStor.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-02-08 18:44 - 2016-02-08 18:44 - 00000000 ___HD C:\OneDriveTemp
2016-02-08 18:33 - 2016-02-08 18:42 - 00090344 _____ C:\TDSSKiller.3.1.0.9_08.02.2016_18.33.56_log.txt
2016-02-08 18:33 - 2016-02-08 18:33 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Sven\Downloads\tdsskiller.exe
2016-02-08 18:24 - 2016-02-08 18:24 - 00043776 _____ C:\Users\Sven\Downloads\Addition.txt
2016-02-08 18:23 - 2016-02-08 18:45 - 00017268 _____ C:\Users\Sven\Downloads\FRST.txt
2016-02-08 18:22 - 2016-02-08 18:45 - 00000000 ____D C:\FRST
2016-02-08 18:21 - 2016-02-08 18:22 - 02370560 _____ (Farbar) C:\Users\Sven\Downloads\FRST64.exe
2016-02-08 17:42 - 2016-02-08 17:42 - 00001993 _____ C:\Malwarebyte scan.txt
2016-02-08 17:29 - 2016-02-08 18:44 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-02-08 17:28 - 2016-02-08 17:28 - 00001182 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-02-08 17:28 - 2016-02-08 17:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-02-08 17:28 - 2016-02-08 17:28 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-02-08 17:28 - 2016-02-08 17:28 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2016-02-08 17:28 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-02-08 17:28 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-02-08 17:28 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-02-08 17:27 - 2016-02-08 17:27 - 01466656 _____ C:\Users\Sven\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2016-02-07 21:23 - 2016-02-07 21:24 - 01508352 _____ C:\Users\Sven\Downloads\adwcleaner_5.033(1).exe
2016-02-07 20:08 - 2016-02-07 20:08 - 00000000 ____D C:\Program Files\Common Files\AV
2016-02-07 20:08 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2016-02-07 20:07 - 2016-02-07 21:17 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-02-07 20:07 - 2016-02-07 20:08 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-02-07 20:07 - 2016-02-07 20:07 - 00001471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-02-07 20:07 - 2016-02-07 20:07 - 00001459 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-02-07 20:07 - 2016-02-07 20:07 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2016-02-07 20:07 - 2016-02-07 20:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-02-07 20:07 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2016-02-07 20:05 - 2016-02-07 20:06 - 01466656 _____ C:\Users\Sven\Downloads\SpyBot Search Destroy - CHIP-Installer.exe
2016-02-07 19:52 - 2016-02-07 19:53 - 00246532 _____ C:\WINDOWS\Minidump\020716-31531-01.dmp
2016-02-07 19:52 - 2016-02-07 19:52 - 976396273 _____ C:\WINDOWS\MEMORY.DMP
2016-02-07 19:52 - 2016-02-07 19:52 - 00000000 ____D C:\WINDOWS\Minidump
2016-02-07 19:39 - 2016-02-07 21:26 - 00000000 ____D C:\AdwCleaner
2016-02-07 19:38 - 2016-02-07 19:39 - 01508352 _____ C:\Users\Sven\Downloads\adwcleaner_5.033.exe
2016-02-07 18:56 - 2016-02-07 18:57 - 00464924 _____ C:\Users\Sven\Downloads\JavaRa.def
2016-02-07 18:56 - 2016-02-07 18:56 - 00002250 _____ C:\Users\Sven\Desktop\JavaRa - CHIP Downloader.lnk
2016-02-07 18:54 - 2016-02-07 18:54 - 00184620 _____ C:\Users\Sven\Downloads\JavaRa-2.6.1.zip
2016-02-07 18:53 - 2016-02-07 18:53 - 01466656 _____ C:\Users\Sven\Downloads\JavaRa - CHIP-Installer.exe
2016-02-04 17:46 - 2015-09-22 09:46 - 00072286 _____ C:\Users\Sven\Downloads\WT_2015_Bewertungsbogen.pdf
2016-02-04 17:46 - 2015-06-24 11:48 - 03664019 _____ C:\Users\Sven\Downloads\WT_2015_Folien.pdf
2016-02-04 17:45 - 2015-09-22 09:30 - 00179339 _____ C:\Users\Sven\Downloads\WT 2015_Termine.pdf
2016-02-04 17:45 - 2015-09-22 09:23 - 00177113 _____ C:\Users\Sven\Downloads\WT 2015_Anschreiben Jugendwarte.pdf
2016-02-04 17:45 - 2015-06-24 11:46 - 01306973 _____ C:\Users\Sven\Downloads\WT_2015_Beihefter.pdf
2016-01-28 20:29 - 2016-01-28 20:29 - 00000000 ____D C:\WINDOWS\PCHEALTH
2016-01-28 20:27 - 2016-01-16 07:36 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-28 20:27 - 2016-01-16 07:36 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-28 20:27 - 2016-01-16 07:34 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-28 20:27 - 2016-01-16 07:24 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2016-01-28 20:27 - 2016-01-16 07:23 - 08728920 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-01-28 20:27 - 2016-01-16 07:23 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-28 20:27 - 2016-01-16 07:23 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-28 20:27 - 2016-01-16 07:23 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-01-28 20:27 - 2016-01-16 07:23 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-01-28 20:27 - 2016-01-16 07:21 - 22572624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-01-28 20:27 - 2016-01-16 07:21 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2016-01-28 20:27 - 2016-01-16 07:20 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-01-28 20:27 - 2016-01-16 07:20 - 06600904 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-01-28 20:27 - 2016-01-16 07:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-28 20:27 - 2016-01-16 07:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2016-01-28 20:27 - 2016-01-16 07:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-28 20:27 - 2016-01-16 07:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-01-28 20:27 - 2016-01-16 07:17 - 21125400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-01-28 20:27 - 2016-01-16 07:16 - 05238360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-01-28 20:27 - 2016-01-16 07:13 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-01-28 20:27 - 2016-01-16 07:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-01-28 20:27 - 2016-01-16 07:12 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-01-28 20:27 - 2016-01-16 07:09 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-01-28 20:27 - 2016-01-16 07:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-01-28 20:27 - 2016-01-16 07:08 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-01-28 20:27 - 2016-01-16 06:45 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-28 20:27 - 2016-01-16 06:44 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-01-28 20:27 - 2016-01-16 06:40 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-01-28 20:27 - 2016-01-16 06:38 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-01-28 20:27 - 2016-01-16 06:38 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
2016-01-28 20:27 - 2016-01-16 06:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-01-28 20:27 - 2016-01-16 06:37 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-01-28 20:27 - 2016-01-16 06:36 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-28 20:27 - 2016-01-16 06:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-01-28 20:27 - 2016-01-16 06:36 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
2016-01-28 20:27 - 2016-01-16 06:35 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-01-28 20:27 - 2016-01-16 06:35 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-01-28 20:27 - 2016-01-16 06:34 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-01-28 20:27 - 2016-01-16 06:34 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2016-01-28 20:27 - 2016-01-16 06:34 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-01-28 20:27 - 2016-01-16 06:33 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2016-01-28 20:27 - 2016-01-16 06:32 - 24602624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-01-28 20:27 - 2016-01-16 06:32 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-01-28 20:27 - 2016-01-16 06:31 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-01-28 20:27 - 2016-01-16 06:31 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-01-28 20:27 - 2016-01-16 06:31 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-01-28 20:27 - 2016-01-16 06:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-01-28 20:27 - 2016-01-16 06:30 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-01-28 20:27 - 2016-01-16 06:30 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-01-28 20:27 - 2016-01-16 06:30 - 01053696 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-01-28 20:27 - 2016-01-16 06:30 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-01-28 20:27 - 2016-01-16 06:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll
2016-01-28 20:27 - 2016-01-16 06:29 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-01-28 20:27 - 2016-01-16 06:29 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-01-28 20:27 - 2016-01-16 06:28 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-01-28 20:27 - 2016-01-16 06:28 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-01-28 20:27 - 2016-01-16 06:28 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-01-28 20:27 - 2016-01-16 06:28 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2016-01-28 20:27 - 2016-01-16 06:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll
2016-01-28 20:27 - 2016-01-16 06:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-01-28 20:27 - 2016-01-16 06:26 - 19338752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-01-28 20:27 - 2016-01-16 06:26 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-01-28 20:27 - 2016-01-16 06:26 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll
2016-01-28 20:27 - 2016-01-16 06:25 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-01-28 20:27 - 2016-01-16 06:24 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-01-28 20:27 - 2016-01-16 06:24 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-01-28 20:27 - 2016-01-16 06:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-01-28 20:27 - 2016-01-16 06:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-01-28 20:27 - 2016-01-16 06:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-01-28 20:27 - 2016-01-16 06:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-01-28 20:27 - 2016-01-16 06:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-01-28 20:27 - 2016-01-16 06:21 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-01-28 20:27 - 2016-01-16 06:20 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-01-28 20:27 - 2016-01-16 06:20 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-01-28 20:27 - 2016-01-16 06:20 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-01-28 20:27 - 2016-01-16 06:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2016-01-28 20:27 - 2016-01-16 06:19 - 12126208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-01-28 20:27 - 2016-01-16 06:19 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-01-28 20:27 - 2016-01-16 06:19 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-01-28 20:27 - 2016-01-16 06:18 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-28 20:27 - 2016-01-16 06:17 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-01-28 20:27 - 2016-01-16 06:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-01-28 20:27 - 2016-01-16 06:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-28 20:27 - 2016-01-16 06:15 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-01-28 20:27 - 2016-01-16 06:14 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-01-28 20:27 - 2016-01-16 06:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-01-28 20:27 - 2016-01-05 03:51 - 07477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-01-28 20:27 - 2016-01-05 03:50 - 00671472 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-28 20:27 - 2016-01-05 03:48 - 00499432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-28 20:27 - 2016-01-05 03:45 - 02587696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-01-28 20:27 - 2016-01-05 03:42 - 02026736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-01-28 20:27 - 2016-01-05 03:37 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-01-28 20:27 - 2016-01-05 03:37 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-01-28 20:27 - 2016-01-05 03:37 - 00858952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-01-28 20:27 - 2016-01-05 03:37 - 00245840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-01-28 20:27 - 2016-01-05 03:37 - 00234504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2016-01-28 20:27 - 2016-01-05 03:36 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-01-28 20:27 - 2016-01-05 03:33 - 02180128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-28 20:27 - 2016-01-05 03:33 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-28 20:27 - 2016-01-05 03:33 - 00701384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-28 20:27 - 2016-01-05 03:33 - 00208176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2016-01-28 20:27 - 2016-01-05 03:33 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-01-28 20:27 - 2016-01-05 03:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-01-28 20:27 - 2016-01-05 03:27 - 01594408 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-28 20:27 - 2016-01-05 03:24 - 00796352 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-01-28 20:27 - 2016-01-05 03:23 - 01804664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-01-28 20:27 - 2016-01-05 03:23 - 01309376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-01-28 20:27 - 2016-01-05 03:23 - 00786696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-01-28 20:27 - 2016-01-05 03:21 - 01371792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-28 20:27 - 2016-01-05 03:17 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-28 20:27 - 2016-01-05 02:54 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-01-28 20:27 - 2016-01-05 02:53 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2016-01-28 20:27 - 2016-01-05 02:50 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-01-28 20:27 - 2016-01-05 02:50 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-01-28 20:27 - 2016-01-05 02:49 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-01-28 20:27 - 2016-01-05 02:49 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2016-01-28 20:27 - 2016-01-05 02:49 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommon.dll
2016-01-28 20:27 - 2016-01-05 02:48 - 01009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-01-28 20:27 - 2016-01-05 02:48 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-01-28 20:27 - 2016-01-05 02:47 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-01-28 20:27 - 2016-01-05 02:47 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-01-28 20:27 - 2016-01-05 02:45 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-01-28 20:27 - 2016-01-05 02:45 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-01-28 20:27 - 2016-01-05 02:44 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2016-01-28 20:27 - 2016-01-05 02:43 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-01-28 20:27 - 2016-01-05 02:43 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-01-28 20:27 - 2016-01-05 02:41 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-28 20:27 - 2016-01-05 02:41 - 00558592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-01-28 20:27 - 2016-01-05 02:40 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-28 20:27 - 2016-01-05 02:40 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll
2016-01-28 20:27 - 2016-01-05 02:39 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-01-28 20:27 - 2016-01-05 02:39 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-28 20:27 - 2016-01-05 02:39 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-01-28 20:27 - 2016-01-05 02:38 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-28 20:27 - 2016-01-05 02:36 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-01-28 20:27 - 2016-01-05 02:30 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-01-28 20:27 - 2016-01-05 02:30 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-01-28 20:27 - 2016-01-05 02:29 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-01-28 20:27 - 2016-01-05 02:28 - 07826432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-01-28 20:27 - 2016-01-05 02:28 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-01-28 20:27 - 2016-01-05 02:25 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-01-28 20:26 - 2016-01-16 07:37 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-01-28 20:26 - 2016-01-16 07:23 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-01-28 20:26 - 2016-01-16 07:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-01-28 20:26 - 2016-01-16 06:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-01-28 20:26 - 2016-01-16 06:44 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-01-28 20:26 - 2016-01-16 06:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
2016-01-28 20:26 - 2016-01-16 06:44 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2016-01-28 20:26 - 2016-01-16 06:43 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
2016-01-28 20:26 - 2016-01-16 06:42 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-01-28 20:26 - 2016-01-16 06:42 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
2016-01-28 20:26 - 2016-01-16 06:41 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-01-28 20:26 - 2016-01-16 06:40 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2016-01-28 20:26 - 2016-01-16 06:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2016-01-28 20:26 - 2016-01-16 06:40 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
2016-01-28 20:26 - 2016-01-16 06:39 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2016-01-28 20:26 - 2016-01-16 06:38 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-01-28 20:26 - 2016-01-16 06:38 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
2016-01-28 20:26 - 2016-01-16 06:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-01-28 20:26 - 2016-01-16 06:37 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-01-28 20:26 - 2016-01-16 06:36 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2016-01-28 20:26 - 2016-01-16 06:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2016-01-28 20:26 - 2016-01-16 06:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll
2016-01-28 20:26 - 2016-01-16 06:34 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-01-28 20:26 - 2016-01-16 06:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
2016-01-28 20:26 - 2016-01-16 06:33 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2016-01-28 20:26 - 2016-01-16 06:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-01-28 20:26 - 2016-01-16 06:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2016-01-28 20:26 - 2016-01-16 06:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe
2016-01-28 20:26 - 2016-01-16 06:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll
2016-01-28 20:26 - 2016-01-16 06:26 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-01-28 20:26 - 2016-01-16 06:26 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-01-28 20:26 - 2016-01-16 06:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2016-01-28 20:26 - 2016-01-16 06:25 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-01-28 20:26 - 2016-01-16 06:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-01-28 20:26 - 2016-01-16 06:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-01-28 20:26 - 2016-01-16 06:18 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-01-28 20:26 - 2016-01-16 06:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-01-28 20:26 - 2016-01-16 06:09 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-01-28 20:26 - 2016-01-05 03:51 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-01-28 20:26 - 2016-01-05 03:51 - 01141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-01-28 20:26 - 2016-01-05 03:23 - 00119320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-01-28 20:26 - 2016-01-05 03:16 - 00100160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-28 20:26 - 2016-01-05 02:57 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMSRoamingSecurity.dll
2016-01-28 20:26 - 2016-01-05 02:57 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
2016-01-28 20:26 - 2016-01-05 02:56 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-01-28 20:26 - 2016-01-05 02:52 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-01-28 20:26 - 2016-01-05 02:51 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-01-28 20:26 - 2016-01-05 02:51 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-01-28 20:26 - 2016-01-05 02:49 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-01-28 20:26 - 2016-01-05 02:49 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-01-28 20:26 - 2016-01-05 02:48 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll
2016-01-28 20:26 - 2016-01-05 02:47 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-01-28 20:26 - 2016-01-05 02:43 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-01-28 20:26 - 2016-01-05 02:42 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-01-28 20:26 - 2016-01-05 02:39 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-28 20:26 - 2016-01-05 02:36 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-01-27 20:43 - 2016-01-31 13:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-23 16:25 - 2016-01-23 16:25 - 00003860 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-01-23 16:24 - 2016-02-08 17:17 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-19 06:18 - 2016-01-19 06:18 - 00023098 _____ C:\Users\Sven\Downloads\LbsGeschichte.odt
2016-01-18 16:01 - 2016-01-18 16:01 - 00000000 ____D C:\Program Files (x86)\Realtek
2016-01-18 16:01 - 2016-01-18 16:00 - 09890008 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RsCRIcon.dll
2016-01-18 16:01 - 2016-01-18 16:00 - 00402136 _____ (Realsil Semiconductor Corporation) C:\WINDOWS\system32\Drivers\RtsUer.sys
2016-01-18 16:01 - 2016-01-18 16:00 - 00083160 _____ (Realtek Semiconductor.) C:\WINDOWS\system32\RtCRX64.dll

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-02-08 18:44 - 2014-03-01 12:51 - 00000000 __RDO C:\Users\Sven\SkyDrive
2016-02-08 18:43 - 2015-12-16 13:31 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-08 18:43 - 2015-10-30 07:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-02-08 18:28 - 2015-12-16 13:05 - 02003182 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-08 18:28 - 2015-10-30 19:35 - 00852510 _____ C:\WINDOWS\system32\perfh007.dat
2016-02-08 18:28 - 2015-10-30 19:35 - 00187736 _____ C:\WINDOWS\system32\perfc007.dat
2016-02-08 18:28 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2016-02-08 17:43 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\L2Schemas
2016-02-08 15:23 - 2014-03-14 08:53 - 00003608 _____ C:\WINDOWS\System32\Tasks\FileAdvisorCheck
2016-02-08 15:23 - 2014-03-14 08:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Type Advisor
2016-02-08 15:23 - 2014-03-14 08:53 - 00000000 ____D C:\Program Files (x86)\File Type Advisor
2016-02-08 14:08 - 2014-03-01 13:00 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B7B440A6-BB0D-44B9-BB3E-0513485A3D83}
2016-02-07 21:28 - 2015-10-30 07:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-02-07 19:00 - 2014-03-22 08:53 - 00000000 ____D C:\Users\Sven\AppData\Roaming\FileAdvisor
2016-02-06 18:44 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-05 13:36 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\rescache
2016-02-05 12:38 - 2015-12-27 18:42 - 00003230 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForSven
2016-02-05 12:38 - 2015-12-27 18:42 - 00000342 _____ C:\WINDOWS\Tasks\HPCeeScheduleForSven.job
2016-02-05 11:34 - 2014-06-10 19:14 - 00000000 ____D C:\Users\Sven\Documents\Feuerwehrverein
2016-02-05 11:26 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-02 20:10 - 2014-10-12 15:12 - 00000000 ____D C:\Users\Sven\AppData\Roaming\vlc
2016-02-02 15:49 - 2015-12-16 13:02 - 00000000 ____D C:\ProgramData\Package Cache
2016-02-02 15:48 - 2015-05-13 06:56 - 00003624 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask
2016-02-02 15:48 - 2015-05-13 06:56 - 00001970 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2016-02-02 15:48 - 2015-05-13 06:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2016-02-02 15:48 - 2015-05-13 06:56 - 00000000 ____D C:\Program Files (x86)\Garmin
2016-01-31 15:06 - 2014-03-01 14:57 - 00000000 ____D C:\Users\Sven\AppData\Roaming\XnView
2016-01-31 13:18 - 2014-03-01 12:36 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-01-31 13:17 - 2014-03-01 13:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-30 22:09 - 2015-10-30 08:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-01-30 22:09 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-01-30 22:09 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-01-30 22:09 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-01-30 22:09 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-01-30 22:09 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-30 22:09 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-01-30 18:04 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-29 15:44 - 2014-03-03 14:47 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-28 20:31 - 2014-03-03 14:47 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-01-23 16:25 - 2014-03-01 18:31 - 00000000 ____D C:\Users\Sven\AppData\Local\Adobe
2016-01-18 16:01 - 2014-02-05 07:00 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2016-01-18 16:00 - 2013-09-03 05:57 - 00000000 ____D C:\SWSETUP
2016-01-15 13:44 - 2016-01-01 13:01 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-15 13:44 - 2014-12-26 16:21 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-10-04 12:55 - 2014-10-11 14:58 - 0005120 _____ () C:\Users\Sven\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-03 12:33 - 2014-05-03 12:33 - 0009046 _____ () C:\Users\Sven\AppData\Local\recently-used.xbel
2014-03-14 09:02 - 2014-03-14 09:02 - 0001534 _____ () C:\ProgramData\ss.ini

Einige Dateien in TEMP:
====================
C:\Users\Sven\AppData\Local\Temp\avgnt.exe
C:\Users\Sven\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-01-30 18:01

==================== Ende von FRST.txt ============================
         

Alt 09.02.2016, 10:39   #5
M-K-D-B
/// TB-Ausbilder
 
Zip Datei entpakt, welche ein Javaskript enthält! Und nun? - Standard

Zip Datei entpakt, welche ein Javaskript enthält! Und nun?



Servus,



Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).






Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.







Schritt 3
Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)
  • Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

    Code:
    ATTFilter
    :regfind
    AskPartnerNetwork
    FreeRIP
    OpenCandy
    conduit
    ApnTBMon
             
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.







Schritt 4
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt nun zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von MBAM,
  • die Logdatei von SystemLook,
  • die beiden neuen Logdateien von FRST.


Alt 09.02.2016, 21:15   #6
SvenFeuer
 
Zip Datei entpakt, welche ein Javaskript enthält! Und nun? - Standard

Zip Datei entpakt, welche ein Javaskript enthält! Und nun?



Ok, vielen Dank schon mal! Und los geht´s, der ADWCleaner:
Code:
ATTFilter
# AdwCleaner v5.033 - Bericht erstellt am 09/02/2016 um 19:39:59
# Aktualisiert am 07/02/2016 von Xplode
# Datenbank : 2016-02-07.2 [Server]
# Betriebssystem : Windows 10 Home  (x64)
# Benutzername : Sven - PCSASV
# Gestartet von : C:\Users\Sven\Downloads\adwcleaner_5.033(2).exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum

***** [ Dienste ] *****


***** [ Ordner ] *****


***** [ Dateien ] *****


***** [ DLLs ] *****


***** [ Verknüpfungen ] *****


***** [ Aufgabenplanung ] *****


***** [ Registrierungsdatenbank ] *****

[-] Schlüssel Gelöscht : HKCU\Software\OCS
[-] Schlüssel Gelöscht : HKU\S-1-5-21-3896469874-4053130608-2395046965-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\OCS

***** [ Internetbrowser ] *****


*************************

:: "Tracing" Schlüssel gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Chrome Richtlinien gelöscht

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [978 Bytes] ##########
         
So, die mbam.txt. Rechner wurde runter gefahren! Allerdings durch Stromausfall! Shit...
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 09.02.2016
Suchlaufzeit: 19:45
Protokolldatei: mbam.txt
Administrator: Ja

Version: 2.2.0.1024
Malware-Datenbank: v2016.02.09.03
Rootkit-Datenbank: v2016.02.08.01
Lizenz: Testversion
Malware-Schutz: Aktiviert
Schutz vor bösartigen Websites: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 10
CPU: x64
Dateisystem: NTFS
Benutzer: Sven

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 371631
Abgelaufene Zeit: 8 Min., 48 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 0
(keine bösartigen Elemente erkannt)

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
         
SystemLook:
Code:
ATTFilter
SystemLook 30.07.11 by jpshortstuff
Log created at 20:36 on 09/02/2016 by Sven
Administrator - Elevation successful

========== regfind ==========

Searching for "AskPartnerNetwork"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\25946514D214736534007A857BC06200\SourceList\Net]
"2"="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\CRX\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AskPartnerNetwork\Toolbar\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AskPartnerNetwork\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7C\Updater\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7C\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AskPartnerNetwork\Toolbar\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AskPartnerNetwork\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7C\CRX\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7C\CRX\127.27\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\AVIRA-V7C\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\189F6D048E923EA48B11D15B30CDAC81]
"25946514D214736534007A857BC06200"="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ServiceLocator.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22A78C977EC431247B2ECECC374DFE13]
"25946514D214736534007A857BC06200"="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\toolbar_x64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\235CDDD4FAA2BCE4C9E578A53866F91E]
"25946514D214736534007A857BC06200"="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\tbnhlpr_x64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\25946514D214736534000850AB4748E4]
"25946514D214736534007A857BC06200"="02:\SOFTWARE\AskPartnerNetwork\Toolbar\AVIRA-V7C\Info\timeinstalled_ie"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\25946514D214736534000850AB4748E6]
"25946514D214736534007A857BC06200"="02:\SOFTWARE\AskPartnerNetwork\Toolbar\AVIRA-V7C\Info\timeinstalled"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\25946514D214736534000850AB477508]
"25946514D214736534007A857BC06200"="02:\SOFTWARE\AskPartnerNetwork\Toolbar\AVIRA-V7C\Info\lastInstallOperation"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\25946514D214736534000850AB478757]
"25946514D214736534007A857BC06200"="02:\SOFTWARE\AskPartnerNetwork\Toolbar\AVIRA-V7C\Info\Reporting_URL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\25946514D214736534000850AB47877E]
"25946514D214736534007A857BC06200"="02:\SOFTWARE\AskPartnerNetwork\Toolbar\AVIRA-V7C\Info\ProductVersion"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\25946514D214736534000850AB47C77A]
"25946514D214736534007A857BC06200"="02:\SOFTWARE\AskPartnerNetwork\Toolbar\AVIRA-V7C\Info\productguid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\25946514D214736534000850AB47F670]
"25946514D214736534007A857BC06200"="02:\SOFTWARE\AskPartnerNetwork\Toolbar\AVIRA-V7C\Info\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\25946514D214736534000850AB67CA07]
"25946514D214736534007A857BC06200"="02:\SOFTWARE\AskPartnerNetwork\Toolbar\AVIRA-V7C\Macro\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\25946514D214736534000850ABC7977A]
"25946514D214736534007A857BC06200"="C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7C\CRX\127.27\Toolbar.crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\25946514D214736534000C7608779646]
"25946514D214736534007A857BC06200"="22:\SOFTWARE\AskPartnerNetwork\Toolbar\ComStorage\{41564952-412D-5637-4300-7A786E7484D7}\PartnerName"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\25946514D214736534000C760877A6E5]
"25946514D214736534007A857BC06200"="02:\SOFTWARE\AskPartnerNetwork\Toolbar\ComStorage\{41564952-412D-5637-4300-7A786E7484D7}\PartnerName"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\25946514D214736534000C760877D47A]
"25946514D214736534007A857BC06200"="02:\SOFTWARE\AskPartnerNetwork\Toolbar\ComStorage\{41564952-412D-5637-4300-7A786E7484D7}\PartnerID"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\25946514D214736534000C7678479D46]
"25946514D214736534007A857BC06200"="22:\SOFTWARE\AskPartnerNetwork\Toolbar\ComStorage\{41564952-412D-5637-4300-7A786E7484D7}\PartnerID"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\25946514D214736534000CF64469657A]
"25946514D214736534007A857BC06200"="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\AVIRA-V7C\config.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\25946514D214736534007777D8556974]
"25946514D214736534007A857BC06200"="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\25946514D214736534007A8684D4677A]
"25946514D214736534007A857BC06200"="02:\SOFTWARE\AskPartnerNetwork\Toolbar\Updater\AVIRA-V7C\Macro\apnuguid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\25946514D214736534007B7987A75C7A]
"25946514D214736534007A857BC06200"="02:\SOFTWARE\AskPartnerNetwork\Toolbar\AVIRA-V7C\Info\Browsers"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\25946514D21473653400A75C6CAD4777]
"25946514D214736534007A857BC06200"="02:\SOFTWARE\AskPartnerNetwork\PackageService\Register\ApnSetupV6\AVIRA-V7C\CmdArgs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\25946514D21473653400A75CE8770476]
"25946514D214736534007A857BC06200"="02:\SOFTWARE\AskPartnerNetwork\PackageService\Register\ApnSetupV6\AVIRA-V7C\Version"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\25946514D21473653400A77767875D75]
"25946514D214736534007A857BC06200"="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\25946514D21473653400B8640FD798E7]
"25946514D214736534007A857BC06200"="02:\SOFTWARE\AskPartnerNetwork\Toolbar\AVIRA-V7C\Info\ProductType"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\25946514D21473653400B8640FE47477]
"25946514D214736534007A857BC06200"="02:\SOFTWARE\AskPartnerNetwork\Toolbar\AVIRA-V7C\Info\hpr_ie"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\25946514D21473653400B8640FE4A77A]
"25946514D214736534007A857BC06200"="02:\SOFTWARE\AskPartnerNetwork\Toolbar\AVIRA-V7C\Info\sa_ie"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\661134B612233374391C95E8AC373BA3]
"25946514D214736534007A857BC06200"="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Toolbar.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8886246FCDD217E41B94C055E504F1FA]
"25946514D214736534007A857BC06200"="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A08449608E3Ca1f4ABF236256A256754]
"25946514D214736534007A857BC06200"="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A431C8F3F57D7844B89242F5F7A5F62C]
"25946514D214736534007A857BC06200"="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ToolbarPS.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B448F401EF39C8346BF7BE9B8D1C7060]
"25946514D214736534007A857BC06200"="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\SO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D538E650623CB2C43AD5FBF587227D55]
"25946514D214736534007A857BC06200"="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\toolbar.dll"

Searching for "FreeRIP"
No data found.

Searching for "OpenCandy"
No data found.

Searching for "conduit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"ConduitITC (OpenType)"="C:\Program Files (x86)\Xider\EsR\Fonts\IT161___.otf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"ConduitITC-Medium (OpenType)"="C:\Program Files (x86)\Xider\EsR\Fonts\IT166___.otf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"ConduitITC-Bold (OpenType)"="C:\Program Files (x86)\Xider\EsR\Fonts\IT171___.otf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"ConduitITC-Black (OpenType)"="C:\Program Files (x86)\Xider\EsR\Fonts\IT181___.otf"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Fonts]
"ConduitITC (OpenType)"="C:\Program Files (x86)\Xider\EsR\Fonts\IT161___.otf"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Fonts]
"ConduitITC-Medium (OpenType)"="C:\Program Files (x86)\Xider\EsR\Fonts\IT166___.otf"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Fonts]
"ConduitITC-Bold (OpenType)"="C:\Program Files (x86)\Xider\EsR\Fonts\IT171___.otf"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Fonts]
"ConduitITC-Black (OpenType)"="C:\Program Files (x86)\Xider\EsR\Fonts\IT181___.otf"

Searching for "ApnTBMon"
No data found.

Searching for "         "
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Converter]
"Description"="
          <p>Konvertiere Filmmaterial ganz einfach in DivX-Videos, um sie auf mehr als 1 Milliarde DivX-Geräten wiederzugeben.</p>
          <ul>
              <li>Erstelle DivX-Videos in hoher Qualität, z. B. DivX HEVC-Videos mit einer Auflösung von bis zu 4K</li>
              <li>Passe Deine Codierung mit AviSynth-Unterstützung individuell an</li>
              <li>Drehe, kombiniere und füge Untertitel und Audio zu Deinen Videos hinzu</li>
          </ul>
          <br/>
          <p><i>*DivX HEVC-Plugin erforderlich</i></p>
          "
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Player]
"Description"="
          <p>Hochwertige Wiedergabe von DivX, DivX Plus HD und DivX HEVC-Video bis zu 4K</p>
          <ul>
              <li>Optimiert für die Wiedergabe der beliebtesten Videoformate im Internet</li>
              <li>DivX Media Server streamt MKV zur PS3, Xbox und anderen Geräten</li>
              <li>Experimenteller DLNA-Controller für die Wiedergabe von DivX-Videos auf lokalen Geräten</li>
          </ul>
          <br/>
          <p><i>*DivX HEVC-Plugin erforderlich</i></p>
          "
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Setup\BundleGroups\divx.com]
"BundleGroupDescription"="
        <p>Spiele, erstelle und streame DivX-Videos in hoher Qualität, z. B. HEVC* mit einer Auflösung von bis zu 4K. Das beste DivX Video-Erlebnis erhältst Du, <i>wenn Du alle Komponenten installierst.</i></p>
		<!-- Leave the 1st <p> tag line, because it is used on other installer page. -->
		<p>Eine neue Version von DivX (10.2.3) ist verfügbar. Hierist eine vollständige Liste mit allen <a href="hxxp://go.divx.com/WhatsNew/de" target="_blank">Neuerungen</a>:</p>
          <ul>
            <li>Player unterstützt externe SAMI (.SMI)-Untertitel</li>
            <li>Player kann zwei Untertitel gleichzeitig anzeigen</li>
			<li>Problem mit auf dem Kopf stehenden Bildern, welches bei der Wiedergabe auf einigen Geräten bestand, wurde behoben</li>
            <li>Problem mit langen Ladezeiten für HEVC-Videos mit DTS-Audio wurde behoben</li>
            <li>Keine Probleme mehr bei der Unterstützung von mit FFMPEG erste
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Setup\InstallGroups\SharedLibraries]
"Description"="
          <ul>
              <li>Das DivX VOD-Plug-in sorgt für besseres Erlebnis für Kunden, die Filme von DivX VOD - Shops beziehen.</li>
          </ul>
          "
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\WebPlayer]
"Description"="
          <p>Effizientes, reibungsloses MKV-Streaming in Deinem Browser</p>
          <ul>
            <li>Adaptives Bitrate-Streaming mit experimenteller Unterstützung für DivX HEVC*-Streams</li>
            <li>Problemlose Wiedergabe des FF/RW-Formats, Abschnittsmarkierungen, Unterstützung mehrerer Untertitel und Tonspuren</li>
            <li>Weniger CPU- und Akkuverbrauch mit H.264-DXVA-Hardwarebeschleunigung</li>
          </ul>
          <br/>
          <p><i>*DivX HEVC-Plugin erforderlich</i></p>
          "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"="             <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="2" XmlRenderingType="text" Enabled="true" >                 <InitializationParameters>                     <Param Name="PSVersion" Value="5.0"/>                 </InitializationParameters>                 <Resources>                     <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true">                         <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;IU)(A;;GA;;;RM)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                         <Capability Type="Shell"/>               
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell.Workflow]
"ConfigXML"="             <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell.workflow" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="2" XmlRenderingType="text" UseSharedProcess="true" ProcessIdleTimeoutSec="1209600" RunAsUser="" RunAsPassword="" AutoRestart="false"     Enabled="true" >                 <InitializationParameters>                     <Param Name="PSVersion" Value="5.0"/>                     <Param Name="AssemblyName" Value="Microsoft.PowerShell.Workflow.ServiceCore, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL"/>                     <Param Name="PSSessionConfigurationTypeName" Value="Microsoft.PowerShell.Workflow.PSWorkflowSessionConfiguration"/>                     <Param Name="SessionConfigurationData"                          Value="                       
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32]
"ConfigXML"="<PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell32" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="2" XmlRenderingType="text" Architecture="32" Enabled="true" >                         <InitializationParameters>                             <Param Name="PSVersion" Value="5.0"/>                         </InitializationParameters>                         <Resources>                             <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" SupportsOptions="true" ExactMatch="true">                                 <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;IU)(A;;GA;;;RM)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>     
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SWD\WPDBUSENUM\_??_USBSTOR#Disk&Ven_&Prod_&Rev_8.07#13091353000096&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\SWD\WPDBUSENUM\_??_USBSTOR#Disk&Ven_&Prod_&Rev_8.07#13091353000096&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}]
"DeviceDesc"="                "

-= EOF =-
         
SystemLook:
Code:
ATTFilter
SystemLook 30.07.11 by jpshortstuff
Log created at 20:36 on 09/02/2016 by Sven
Administrator - Elevation successful

========== regfind ==========

Searching for "AskPartnerNetwork"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\25946514D214736534007A857BC06200\SourceList\Net]
"2"="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\CRX\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AskPartnerNetwork\Toolbar\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AskPartnerNetwork\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7C\Updater\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7C\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AskPartnerNetwork\Toolbar\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AskPartnerNetwork\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7C\CRX\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7C\CRX\127.27\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\AVIRA-V7C\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\189F6D048E923EA48B11D15B30CDAC81]
"25946514D214736534007A857BC06200"="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ServiceLocator.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22A78C977EC431247B2ECECC374DFE13]
"25946514D214736534007A857BC06200"="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\toolbar_x64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\235CDDD4FAA2BCE4C9E578A53866F91E]
"25946514D214736534007A857BC06200"="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\tbnhlpr_x64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\25946514D214736534000850AB4748E4]
"25946514D214736534007A857BC06200"="02:\SOFTWARE\AskPartnerNetwork\Toolbar\AVIRA-V7C\Info\timeinstalled_ie"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\25946514D214736534000850AB4748E6]
"25946514D214736534007A857BC06200"="02:\SOFTWARE\AskPartnerNetwork\Toolbar\AVIRA-V7C\Info\timeinstalled"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\25946514D214736534000850AB477508]
"25946514D214736534007A857BC06200"="02:\SOFTWARE\AskPartnerNetwork\Toolbar\AVIRA-V7C\Info\lastInstallOperation"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\25946514D214736534000850AB478757]
"25946514D214736534007A857BC06200"="02:\SOFTWARE\AskPartnerNetwork\Toolbar\AVIRA-V7C\Info\Reporting_URL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\25946514D214736534000850AB47877E]
"25946514D214736534007A857BC06200"="02:\SOFTWARE\AskPartnerNetwork\Toolbar\AVIRA-V7C\Info\ProductVersion"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\25946514D214736534000850AB47C77A]
"25946514D214736534007A857BC06200"="02:\SOFTWARE\AskPartnerNetwork\Toolbar\AVIRA-V7C\Info\productguid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\25946514D214736534000850AB47F670]
"25946514D214736534007A857BC06200"="02:\SOFTWARE\AskPartnerNetwork\Toolbar\AVIRA-V7C\Info\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\25946514D214736534000850AB67CA07]
"25946514D214736534007A857BC06200"="02:\SOFTWARE\AskPartnerNetwork\Toolbar\AVIRA-V7C\Macro\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\25946514D214736534000850ABC7977A]
"25946514D214736534007A857BC06200"="C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7C\CRX\127.27\Toolbar.crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\25946514D214736534000C7608779646]
"25946514D214736534007A857BC06200"="22:\SOFTWARE\AskPartnerNetwork\Toolbar\ComStorage\{41564952-412D-5637-4300-7A786E7484D7}\PartnerName"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\25946514D214736534000C760877A6E5]
"25946514D214736534007A857BC06200"="02:\SOFTWARE\AskPartnerNetwork\Toolbar\ComStorage\{41564952-412D-5637-4300-7A786E7484D7}\PartnerName"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\25946514D214736534000C760877D47A]
"25946514D214736534007A857BC06200"="02:\SOFTWARE\AskPartnerNetwork\Toolbar\ComStorage\{41564952-412D-5637-4300-7A786E7484D7}\PartnerID"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\25946514D214736534000C7678479D46]
"25946514D214736534007A857BC06200"="22:\SOFTWARE\AskPartnerNetwork\Toolbar\ComStorage\{41564952-412D-5637-4300-7A786E7484D7}\PartnerID"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\25946514D214736534000CF64469657A]
"25946514D214736534007A857BC06200"="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\AVIRA-V7C\config.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\25946514D214736534007777D8556974]
"25946514D214736534007A857BC06200"="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\25946514D214736534007A8684D4677A]
"25946514D214736534007A857BC06200"="02:\SOFTWARE\AskPartnerNetwork\Toolbar\Updater\AVIRA-V7C\Macro\apnuguid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\25946514D214736534007B7987A75C7A]
"25946514D214736534007A857BC06200"="02:\SOFTWARE\AskPartnerNetwork\Toolbar\AVIRA-V7C\Info\Browsers"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\25946514D21473653400A75C6CAD4777]
"25946514D214736534007A857BC06200"="02:\SOFTWARE\AskPartnerNetwork\PackageService\Register\ApnSetupV6\AVIRA-V7C\CmdArgs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\25946514D21473653400A75CE8770476]
"25946514D214736534007A857BC06200"="02:\SOFTWARE\AskPartnerNetwork\PackageService\Register\ApnSetupV6\AVIRA-V7C\Version"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\25946514D21473653400A77767875D75]
"25946514D214736534007A857BC06200"="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\25946514D21473653400B8640FD798E7]
"25946514D214736534007A857BC06200"="02:\SOFTWARE\AskPartnerNetwork\Toolbar\AVIRA-V7C\Info\ProductType"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\25946514D21473653400B8640FE47477]
"25946514D214736534007A857BC06200"="02:\SOFTWARE\AskPartnerNetwork\Toolbar\AVIRA-V7C\Info\hpr_ie"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\25946514D21473653400B8640FE4A77A]
"25946514D214736534007A857BC06200"="02:\SOFTWARE\AskPartnerNetwork\Toolbar\AVIRA-V7C\Info\sa_ie"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\661134B612233374391C95E8AC373BA3]
"25946514D214736534007A857BC06200"="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Toolbar.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8886246FCDD217E41B94C055E504F1FA]
"25946514D214736534007A857BC06200"="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A08449608E3Ca1f4ABF236256A256754]
"25946514D214736534007A857BC06200"="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A431C8F3F57D7844B89242F5F7A5F62C]
"25946514D214736534007A857BC06200"="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ToolbarPS.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B448F401EF39C8346BF7BE9B8D1C7060]
"25946514D214736534007A857BC06200"="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\SO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D538E650623CB2C43AD5FBF587227D55]
"25946514D214736534007A857BC06200"="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\toolbar.dll"

Searching for "FreeRIP"
No data found.

Searching for "OpenCandy"
No data found.

Searching for "conduit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"ConduitITC (OpenType)"="C:\Program Files (x86)\Xider\EsR\Fonts\IT161___.otf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"ConduitITC-Medium (OpenType)"="C:\Program Files (x86)\Xider\EsR\Fonts\IT166___.otf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"ConduitITC-Bold (OpenType)"="C:\Program Files (x86)\Xider\EsR\Fonts\IT171___.otf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"ConduitITC-Black (OpenType)"="C:\Program Files (x86)\Xider\EsR\Fonts\IT181___.otf"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Fonts]
"ConduitITC (OpenType)"="C:\Program Files (x86)\Xider\EsR\Fonts\IT161___.otf"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Fonts]
"ConduitITC-Medium (OpenType)"="C:\Program Files (x86)\Xider\EsR\Fonts\IT166___.otf"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Fonts]
"ConduitITC-Bold (OpenType)"="C:\Program Files (x86)\Xider\EsR\Fonts\IT171___.otf"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Fonts]
"ConduitITC-Black (OpenType)"="C:\Program Files (x86)\Xider\EsR\Fonts\IT181___.otf"

Searching for "ApnTBMon"
No data found.

Searching for "         "
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Converter]
"Description"="
          <p>Konvertiere Filmmaterial ganz einfach in DivX-Videos, um sie auf mehr als 1 Milliarde DivX-Geräten wiederzugeben.</p>
          <ul>
              <li>Erstelle DivX-Videos in hoher Qualität, z. B. DivX HEVC-Videos mit einer Auflösung von bis zu 4K</li>
              <li>Passe Deine Codierung mit AviSynth-Unterstützung individuell an</li>
              <li>Drehe, kombiniere und füge Untertitel und Audio zu Deinen Videos hinzu</li>
          </ul>
          <br/>
          <p><i>*DivX HEVC-Plugin erforderlich</i></p>
          "
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Player]
"Description"="
          <p>Hochwertige Wiedergabe von DivX, DivX Plus HD und DivX HEVC-Video bis zu 4K</p>
          <ul>
              <li>Optimiert für die Wiedergabe der beliebtesten Videoformate im Internet</li>
              <li>DivX Media Server streamt MKV zur PS3, Xbox und anderen Geräten</li>
              <li>Experimenteller DLNA-Controller für die Wiedergabe von DivX-Videos auf lokalen Geräten</li>
          </ul>
          <br/>
          <p><i>*DivX HEVC-Plugin erforderlich</i></p>
          "
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Setup\BundleGroups\divx.com]
"BundleGroupDescription"="
        <p>Spiele, erstelle und streame DivX-Videos in hoher Qualität, z. B. HEVC* mit einer Auflösung von bis zu 4K. Das beste DivX Video-Erlebnis erhältst Du, <i>wenn Du alle Komponenten installierst.</i></p>
		<!-- Leave the 1st <p> tag line, because it is used on other installer page. -->
		<p>Eine neue Version von DivX (10.2.3) ist verfügbar. Hierist eine vollständige Liste mit allen <a href="hxxp://go.divx.com/WhatsNew/de" target="_blank">Neuerungen</a>:</p>
          <ul>
            <li>Player unterstützt externe SAMI (.SMI)-Untertitel</li>
            <li>Player kann zwei Untertitel gleichzeitig anzeigen</li>
			<li>Problem mit auf dem Kopf stehenden Bildern, welches bei der Wiedergabe auf einigen Geräten bestand, wurde behoben</li>
            <li>Problem mit langen Ladezeiten für HEVC-Videos mit DTS-Audio wurde behoben</li>
            <li>Keine Probleme mehr bei der Unterstützung von mit FFMPEG erste
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Setup\InstallGroups\SharedLibraries]
"Description"="
          <ul>
              <li>Das DivX VOD-Plug-in sorgt für besseres Erlebnis für Kunden, die Filme von DivX VOD - Shops beziehen.</li>
          </ul>
          "
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\WebPlayer]
"Description"="
          <p>Effizientes, reibungsloses MKV-Streaming in Deinem Browser</p>
          <ul>
            <li>Adaptives Bitrate-Streaming mit experimenteller Unterstützung für DivX HEVC*-Streams</li>
            <li>Problemlose Wiedergabe des FF/RW-Formats, Abschnittsmarkierungen, Unterstützung mehrerer Untertitel und Tonspuren</li>
            <li>Weniger CPU- und Akkuverbrauch mit H.264-DXVA-Hardwarebeschleunigung</li>
          </ul>
          <br/>
          <p><i>*DivX HEVC-Plugin erforderlich</i></p>
          "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"="             <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="2" XmlRenderingType="text" Enabled="true" >                 <InitializationParameters>                     <Param Name="PSVersion" Value="5.0"/>                 </InitializationParameters>                 <Resources>                     <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true">                         <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;IU)(A;;GA;;;RM)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                         <Capability Type="Shell"/>               
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell.Workflow]
"ConfigXML"="             <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell.workflow" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="2" XmlRenderingType="text" UseSharedProcess="true" ProcessIdleTimeoutSec="1209600" RunAsUser="" RunAsPassword="" AutoRestart="false"     Enabled="true" >                 <InitializationParameters>                     <Param Name="PSVersion" Value="5.0"/>                     <Param Name="AssemblyName" Value="Microsoft.PowerShell.Workflow.ServiceCore, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL"/>                     <Param Name="PSSessionConfigurationTypeName" Value="Microsoft.PowerShell.Workflow.PSWorkflowSessionConfiguration"/>                     <Param Name="SessionConfigurationData"                          Value="                       
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32]
"ConfigXML"="<PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell32" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="2" XmlRenderingType="text" Architecture="32" Enabled="true" >                         <InitializationParameters>                             <Param Name="PSVersion" Value="5.0"/>                         </InitializationParameters>                         <Resources>                             <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" SupportsOptions="true" ExactMatch="true">                                 <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;IU)(A;;GA;;;RM)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>     
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SWD\WPDBUSENUM\_??_USBSTOR#Disk&Ven_&Prod_&Rev_8.07#13091353000096&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\SWD\WPDBUSENUM\_??_USBSTOR#Disk&Ven_&Prod_&Rev_8.07#13091353000096&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}]
"DeviceDesc"="                "

-= EOF =-
         

Alt 10.02.2016, 10:24   #7
M-K-D-B
/// TB-Ausbilder
 
Zip Datei entpakt, welche ein Javaskript enthält! Und nun? - Standard

Zip Datei entpakt, welche ein Javaskript enthält! Und nun?



Servus,


du hast zweimal die Logdatei von SystemLook gepostet.

Es fehlen noch die beiden Logdateien von FRST (FRST.txt und Addition.txt).

Alt 10.02.2016, 16:34   #8
SvenFeuer
 
Zip Datei entpakt, welche ein Javaskript enthält! Und nun? - Standard

Zip Datei entpakt, welche ein Javaskript enthält! Und nun?



Ja, sorry. Nach dem 3. Stromausfall gestern abend war ich dann etwas nervös. Und als der Rechner das 4. mal aus ging, hatte ich entgültig die Nase voll! Aber jetzt:
Addition
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:07-02-2016
durchgeführt von Sven (2016-02-10 16:23:15)
Gestartet von C:\Users\Sven\Downloads
Windows 10 Home (X64) (2015-12-16 12:56:03)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3896469874-4053130608-2395046965-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3896469874-4053130608-2395046965-503 - Limited - Disabled)
Gast (S-1-5-21-3896469874-4053130608-2395046965-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3896469874-4053130608-2395046965-1003 - Limited - Enabled)
Sven (S-1-5-21-3896469874-4053130608-2395046965-1001 - Administrator - Enabled) => C:\Users\Sven

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\AmUStor) (Version: 20.21.3317.03861 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver  (x32 Version: 20.21.3317.03861 - Alcor Micro Corp.) Hidden
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{DCDB976F-A83A-BFFB-59A1-B742F8300486}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.15.129 - Avira Operations GmbH & Co. KG)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite DCP-195C (HKLM-x32\...\{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
Crystal Reports XI Runtime Library (HKLM-x32\...\{C87EF9DB-603B-4EC2-8539-7575770AD5A8}) (Version: 3.1.2 - MP-SOFT-4-U)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6805 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3103 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3.4323 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3215 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3215 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3212 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.80 - DivX, LLC)
Elevated Installer (x32 Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden
EsR 1.0 (HKLM-x32\...\EsR) (Version: 1.0 - bhv Software GmbH & Co. KG)
File Type Advisor 1.2 (HKLM-x32\...\File Type Advisor_is1) (Version:  - filetypeadvisor.com)
FormatFactory 3.3.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.5.0 - Format Factory)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Garmin Express (HKLM-x32\...\{0733d53f-b41d-47cc-b336-d95751c4b2cb}) (Version: 4.1.16.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-3896469874-4053130608-2395046965-1001\...\HPConnectedMusic) (Version: 1.1 (build 128) hp - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-3896469874-4053130608-2395046965-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\HPConnectedMusic) (Version: 1.1 (build 128) hp - Meridian Audio Ltd)
HP Documentation (HKLM-x32\...\{06600E94-1C34-40E2-AB09-D30AECF78172}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7045.4591 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.51 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.1.40.3 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{B1AD4FFB-DD17-43EC-8C30-B9E71EAD9132}) (Version: 12.0.30.219 - Hewlett-Packard Company)
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6482.0 - IDT)
Inst5675 (Version: 8.00.51 - Softex Inc.) Hidden
Inst5676 (Version: 8.00.51 - Softex Inc.) Hidden
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Media Go (HKLM-x32\...\{1CBCA994-0290-49AD-98D3-9013A0F102E6}) (Version: 2.9.406 - Sony)
Media Go Network Downloader (HKLM-x32\...\{C52148B9-19E0-433A-9422-3451B1BEE20F}) (Version: 1.6.01.0 - Sony)
Media Go Video Playback Engine 2.16.103.12020 (HKLM-x32\...\{C38180CE-9165-E800-FAD3-F1AC427836B9}) (Version: 2.16.103.12020 - Sony)
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 5.1.6 - CEWE Stiftung u Co. KGaA)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 44.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 44.0 (x86 de)) (Version: 44.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.0.5866 - Mozilla)
MP-FEUER 2014 - Jugend (HKLM-x32\...\{D5ECEF53-157F-4B55-A774-162B399E3536}) (Version: 3.6.1 - MP-SOFT-4-U)
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 7.1.32.69 - )
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.7001 - CyberLink Corp.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Sony PC Companion 2.10.259 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.259 - Sony)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steuersparer 2014 (HKLM-x32\...\{485DBEA2-58E9-4136-9E6C-6C3022B02349}) (Version: 21.00.8480 - Buhl Data Service GmbH)
tax 2015 (HKLM-x32\...\{4CF96070-DEE5-43B5-B6A7-23AC07BC0C77}) (Version: 22.02.8861 - Buhl Data Service GmbH)
tax 2016 (HKLM-x32\...\{30E85B0C-57D8-4ECE-814B-264550A92FAB}) (Version: 23.00.1146 - Buhl Data Service GmbH)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-3896469874-4053130608-2395046965-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Sven\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {019CBC89-1D8E-46D3-931C-A2C5FAFD864C} - System32\Tasks\FileAdvisorCheck => C:\Program Files (x86)\File Type Advisor\file-type-advisor.exe [2013-08-14] (filetypeadvisor.com                                         )
Task: {09457ED8-88E5-4448-8D3A-7FE99E5939DD} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {0E585D37-9C39-46EA-A58E-E67BC39945C4} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {152CDF23-8A87-48F4-94DF-562C47309197} - System32\Tasks\AviraSpeedup => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [2014-12-09] (Avira Operations GmbH & Co. KG)
Task: {1A852541-1C78-4FF9-8562-EEA33D432BB7} - System32\Tasks\FileAdvisorUpdate => C:\Program Files (x86)\File Type Advisor\fileadvisor.exe [2013-08-14] (File Type Advisor)
Task: {27710FE8-04B5-47DD-B72A-DD4E56F1BDB7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-01-06] (Hewlett-Packard)
Task: {27E0E55C-10EB-45F2-8FED-B0C7505A34C3} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {3F19281D-6B48-4C11-99AD-EE0AF77A5C6B} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {413A63F3-CA1E-4B85-B830-CED4EEC12ED5} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {48F16A4A-FAF6-460B-BF25-D422CCE1BC60} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {4E43793B-3DF9-43D8-8EA5-9BBF8685E350} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-01-12] (Hewlett-Packard Company)
Task: {50155064-DECD-4647-9639-5DF0D5AB2C0E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {5349EBD4-97C6-4807-BCAB-C402926FCCC7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {5476C563-D9BC-4EDC-BA41-A8BE19954FD8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {5D51C8A0-5EC0-41BD-A906-3162722FA1C6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {6211D070-99E0-4DED-A13F-52493BD719CF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {6388BAFC-0150-4432-BDF7-8B261E97E9C7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-01-20] (Hewlett-Packard)
Task: {6CBC2F47-C9B0-4040-A82E-CBEE47851BEA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {6E893CB8-7034-4B13-A5DF-0A3FF7EB5D9C} - System32\Tasks\HPCeeScheduleForSven => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {777F3E62-A613-4228-8C9B-C3E9C638E371} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {7E4E7FF3-E523-4AB8-91A1-6E863A7E8178} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {7EC75E1F-EEFA-40A1-B4D2-038724FE2F67} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {7EED3EF5-0E3B-4F27-801D-655D45628A3A} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {9BC28C3C-3161-4095-A131-C9ACF14681EB} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {ACF97461-4287-42AC-8A1C-DA4EC345EFB9} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {BF0D8677-DDF7-48F9-B3E6-48691E3E7553} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-01-28] ()
Task: {CEF75FE3-A0F3-4099-8E75-D1F1B31C0185} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-09] (Microsoft Corporation)
Task: {DBED7EAD-2721-4E36-A73F-4A511FD36546} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {ED20387E-4EEC-4A2B-B131-A70898FCC4BC} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-09] (Adobe Systems Incorporated)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForSven.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2013-09-05 12:24 - 2013-09-05 12:24 - 02540544 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-09-05 12:21 - 2013-09-05 12:21 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-09-05 12:21 - 2013-09-05 12:21 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-09-05 12:21 - 2013-09-05 12:21 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-09-05 12:36 - 2013-09-05 12:36 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-09-05 12:36 - 2013-09-05 12:36 - 01298832 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2013-09-05 12:22 - 2013-09-05 12:22 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
2013-09-05 12:24 - 2013-09-05 12:24 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-16 12:53 - 2015-12-16 12:53 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-16 12:53 - 2015-12-16 12:53 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-01-28 20:27 - 2016-01-05 02:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-18 12:57 - 2015-12-07 05:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-18 12:57 - 2015-12-07 05:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-28 20:27 - 2016-01-05 02:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-28 20:27 - 2016-01-05 02:24 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-01-28 20:27 - 2016-01-16 06:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-28 20:27 - 2016-01-16 06:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2013-09-05 12:31 - 2013-09-05 12:31 - 00064000 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2014-01-10 06:26 - 2014-01-10 06:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2016-01-22 12:17 - 2016-01-22 12:17 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-02-07 20:07 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-02-07 20:07 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-02-07 20:07 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-02-07 20:07 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-02-07 20:07 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-01-10 06:28 - 2014-01-10 06:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-02-05 07:02 - 2013-08-05 08:49 - 00627672 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-06 00:48 - 2013-08-06 00:48 - 00016856 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2016-01-22 12:17 - 2016-01-22 12:17 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-22 12:17 - 2016-01-22 12:17 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3896469874-4053130608-2395046965-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Sven\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\rs3267_2014zrteam297bluepresse.jpg
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Sven\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\rs3267_2014zrteam297bluepresse.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\...\StartupApproved\Run32: => "ApnTBMon"
HKLM\...\StartupApproved\Run32: => "BrMfcWnd"
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001\...\StartupApproved\Run: => "Sony PC Companion"
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Sony PC Companion"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{02AD2C58-092B-4DFD-B1B0-E4FCEB82C374}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1E83930C-6F68-40A1-8997-92DBA568B38F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{F4BFFE7C-0A7C-46A0-9294-E8C474452702}C:\program files (x86)\xider\esr\game.exe] => (Allow) C:\program files (x86)\xider\esr\game.exe
FirewallRules: [TCP Query User{98A1FDCD-CF24-4720-9F79-076FD617A201}C:\program files (x86)\xider\esr\game.exe] => (Allow) C:\program files (x86)\xider\esr\game.exe
FirewallRules: [{CF98AF81-AF0F-416D-934A-BF7450165545}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3C4817AD-98BE-4D11-8999-FD0000761E4F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2BCFC008-9902-467C-8420-2165A6FBBA22}] => (Allow) LPort=1900
FirewallRules: [{1DB9A553-C6A2-4FEE-B78A-90278036CF44}] => (Allow) LPort=2869
FirewallRules: [{482499AD-7FE3-4135-8514-013A8160D7A9}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{453E056A-4726-43DF-ABC4-6A4AA631C8B6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AD8835D1-973E-49FC-B6DD-4B342599466A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EB1185B0-31B7-4B56-BF59-6BE1F5DB9E2F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{81EF1E91-0F55-4CEE-B7BA-230979FEDB47}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{569C8DDD-2DB0-415E-A842-5563AA6281EF}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{CA14A7EB-BA25-469B-8251-5208C87AC061}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{49FA6AA0-7C84-4359-A4C9-59E94B61E5C9}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{30599DBD-7D5D-457E-A3D5-3035932D89F1}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{63DB04AA-0E95-4681-BC31-3F830D09D4ED}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{88CD4720-0781-438F-81B3-5C00CB4AF90E}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{B7654C57-EB09-4B44-85F7-DCC0671D99FD}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{CDFB26C4-9CDB-48EA-86D5-DDD8DC01427A}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{6CA10F33-0A06-44BD-B896-D59EF4CF9837}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{F9150134-08C6-4B61-8B02-40718027197E}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{8F5A0E16-51D6-48E6-AD6A-F939AC46F01C}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Wiederherstellungspunkte =========================

07-02-2016 19:01:25 Removed Java 8 Update 45

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: AMD Radeon HD 7660D
Description: AMD Radeon HD 7660D
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: Advanced Micro Devices, Inc.
Service: amdkmdap
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 

Name: AMD Radeon HD 7660D + R7 240 Dual Graphics
Description: AMD Radeon HD 7660D + R7 240 Dual Graphics
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: Advanced Micro Devices, Inc.
Service: amdkmdap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (02/10/2016 04:17:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MOM.exe, Version: 4.5.0.0, Zeitstempel: 0x53ad0e3f
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.10586.103, Zeitstempel: 0x56a8489c
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000071f08
ID des fehlerhaften Prozesses: 0x3c8
Startzeit der fehlerhaften Anwendung: 0xMOM.exe0
Pfad der fehlerhaften Anwendung: MOM.exe1
Pfad des fehlerhaften Moduls: MOM.exe2
Berichtskennung: MOM.exe3
Vollständiger Name des fehlerhaften Pakets: MOM.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MOM.exe5

Error: (02/10/2016 04:17:49 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: MOM.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.IO.FileLoadException
   bei ATI.ACE.MOM.Implementation.MOM.Main(System.String[])

Ausnahmeinformationen: System.Reflection.TargetInvocationException
   bei System.RuntimeMethodHandle.InvokeMethod(System.Object, System.Object[], System.Signature, Boolean)
   bei System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(System.Object, System.Object[], System.Object[])
   bei System.Reflection.RuntimeMethodInfo.Invoke(System.Object, System.Reflection.BindingFlags, System.Reflection.Binder, System.Object[], System.Globalization.CultureInfo)
   bei System.RuntimeType.InvokeMember(System.String, System.Reflection.BindingFlags, System.Reflection.Binder, System.Object, System.Object[], System.Reflection.ParameterModifier[], System.Globalization.CultureInfo, System.String[])
   bei System.Type.InvokeMember(System.String, System.Reflection.BindingFlags, System.Reflection.Binder, System.Object, System.Object[])
   bei ATI.ACE.MOM.EXE.MOM.Main(System.String[])

Error: (02/10/2016 02:47:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: atieclxx.exe, Version: 6.14.11.1199, Zeitstempel: 0x563a76a9
Name des fehlerhaften Moduls: atieclxx.exe, Version: 6.14.11.1199, Zeitstempel: 0x563a76a9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000425c6
ID des fehlerhaften Prozesses: 0x1640
Startzeit der fehlerhaften Anwendung: 0xatieclxx.exe0
Pfad der fehlerhaften Anwendung: atieclxx.exe1
Pfad des fehlerhaften Moduls: atieclxx.exe2
Berichtskennung: atieclxx.exe3
Vollständiger Name des fehlerhaften Pakets: atieclxx.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: atieclxx.exe5

Error: (02/10/2016 01:58:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MOM.exe, Version: 4.5.0.0, Zeitstempel: 0x53ad0e3f
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.10586.103, Zeitstempel: 0x56a8489c
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000071f08
ID des fehlerhaften Prozesses: 0x1d1c
Startzeit der fehlerhaften Anwendung: 0xMOM.exe0
Pfad der fehlerhaften Anwendung: MOM.exe1
Pfad des fehlerhaften Moduls: MOM.exe2
Berichtskennung: MOM.exe3
Vollständiger Name des fehlerhaften Pakets: MOM.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MOM.exe5

Error: (02/10/2016 01:58:23 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: MOM.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.IO.FileLoadException
   bei ATI.ACE.MOM.Implementation.MOM.Main(System.String[])

Ausnahmeinformationen: System.Reflection.TargetInvocationException
   bei System.RuntimeMethodHandle.InvokeMethod(System.Object, System.Object[], System.Signature, Boolean)
   bei System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(System.Object, System.Object[], System.Object[])
   bei System.Reflection.RuntimeMethodInfo.Invoke(System.Object, System.Reflection.BindingFlags, System.Reflection.Binder, System.Object[], System.Globalization.CultureInfo)
   bei System.RuntimeType.InvokeMember(System.String, System.Reflection.BindingFlags, System.Reflection.Binder, System.Object, System.Object[], System.Reflection.ParameterModifier[], System.Globalization.CultureInfo, System.String[])
   bei System.Type.InvokeMember(System.String, System.Reflection.BindingFlags, System.Reflection.Binder, System.Object, System.Object[])
   bei ATI.ACE.MOM.EXE.MOM.Main(System.String[])

Error: (02/10/2016 01:16:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: atieclxx.exe, Version: 6.14.11.1199, Zeitstempel: 0x563a76a9
Name des fehlerhaften Moduls: atieclxx.exe, Version: 6.14.11.1199, Zeitstempel: 0x563a76a9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000425c6
ID des fehlerhaften Prozesses: 0x518
Startzeit der fehlerhaften Anwendung: 0xatieclxx.exe0
Pfad der fehlerhaften Anwendung: atieclxx.exe1
Pfad des fehlerhaften Moduls: atieclxx.exe2
Berichtskennung: atieclxx.exe3
Vollständiger Name des fehlerhaften Pakets: atieclxx.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: atieclxx.exe5

Error: (02/10/2016 01:13:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MOM.exe, Version: 4.5.0.0, Zeitstempel: 0x53ad0e3f
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.10586.103, Zeitstempel: 0x56a8489c
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000071f08
ID des fehlerhaften Prozesses: 0x720
Startzeit der fehlerhaften Anwendung: 0xMOM.exe0
Pfad der fehlerhaften Anwendung: MOM.exe1
Pfad des fehlerhaften Moduls: MOM.exe2
Berichtskennung: MOM.exe3
Vollständiger Name des fehlerhaften Pakets: MOM.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MOM.exe5

Error: (02/10/2016 01:13:12 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: MOM.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.IO.FileLoadException
   bei ATI.ACE.MOM.Implementation.MOM.Main(System.String[])

Ausnahmeinformationen: System.Reflection.TargetInvocationException
   bei System.RuntimeMethodHandle.InvokeMethod(System.Object, System.Object[], System.Signature, Boolean)
   bei System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(System.Object, System.Object[], System.Object[])
   bei System.Reflection.RuntimeMethodInfo.Invoke(System.Object, System.Reflection.BindingFlags, System.Reflection.Binder, System.Object[], System.Globalization.CultureInfo)
   bei System.RuntimeType.InvokeMember(System.String, System.Reflection.BindingFlags, System.Reflection.Binder, System.Object, System.Object[], System.Reflection.ParameterModifier[], System.Globalization.CultureInfo, System.String[])
   bei System.Type.InvokeMember(System.String, System.Reflection.BindingFlags, System.Reflection.Binder, System.Object, System.Object[])
   bei ATI.ACE.MOM.EXE.MOM.Main(System.String[])

Error: (02/10/2016 01:12:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: backgroundTaskHost.exe, Version: 10.0.10586.0, Zeitstempel: 0x5632d8f0
Name des fehlerhaften Moduls: Cortana.IntentExtraction.dll, Version: 0.0.0.0, Zeitstempel: 0x568b1b20
Ausnahmecode: 0x80000003
Fehleroffset: 0x000000000003294f
ID des fehlerhaften Prozesses: 0x1264
Startzeit der fehlerhaften Anwendung: 0xbackgroundTaskHost.exe0
Pfad der fehlerhaften Anwendung: backgroundTaskHost.exe1
Pfad des fehlerhaften Moduls: backgroundTaskHost.exe2
Berichtskennung: backgroundTaskHost.exe3
Vollständiger Name des fehlerhaften Pakets: backgroundTaskHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: backgroundTaskHost.exe5

Error: (02/09/2016 09:13:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MOM.exe, Version: 4.5.0.0, Zeitstempel: 0x53ad0e3f
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.10586.103, Zeitstempel: 0x56a8489c
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000071f08
ID des fehlerhaften Prozesses: 0x18d4
Startzeit der fehlerhaften Anwendung: 0xMOM.exe0
Pfad der fehlerhaften Anwendung: MOM.exe1
Pfad des fehlerhaften Moduls: MOM.exe2
Berichtskennung: MOM.exe3
Vollständiger Name des fehlerhaften Pakets: MOM.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MOM.exe5


Systemfehler:
=============
Error: (02/10/2016 02:47:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CyberLink PowerDVD 12 Media Server Service" wurde unerwartet beendet. Dies ist bereits 2 Mal passiert.

Error: (02/10/2016 02:47:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenzugriff_2d2f10" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/10/2016 02:47:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenspeicher _2d2f10" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/10/2016 02:47:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Kontaktdaten_2d2f10" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/10/2016 02:47:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Synchronisierungshost_2d2f10" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/10/2016 02:47:50 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (02/10/2016 01:16:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CyberLink PowerDVD 12 Media Server Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/10/2016 01:16:35 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {7006698D-2974-4091-A424-85DD0B909E23}

Error: (02/10/2016 01:16:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenzugriff_4f84b" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/10/2016 01:16:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenspeicher _4f84b" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.


CodeIntegrity:
===================================
  Date: 2016-02-09 21:12:32.934
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-31 13:21:46.897
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-07 11:36:50.478
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-03 16:05:34.294
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-31 16:30:27.386
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-23 17:19:04.107
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-18 13:17:27.488
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-17 12:55:14.277
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-16 13:29:31.394
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-16 12:59:28.218
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Speicherinformationen =========================== 

Prozessor: AMD A10-5700 APU with Radeon(tm) HD Graphics 
Prozentuale Nutzung des RAM: 19%
Installierter physikalischer RAM: 11461.12 MB
Verfügbarer physikalischer RAM: 9227.32 MB
Summe virtueller Speicher: 13189.12 MB
Verfügbarer virtueller Speicher: 10922.61 MB

==================== Laufwerke ================================

Drive c: (Windows) (Fixed) (Total:919.25 GB) (Free:833.9 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (Recovery Image) (Fixed) (Total:10.34 GB) (Free:1.26 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive g: (23099) (Fixed) (Total:931.51 GB) (Free:705.9 GB) NTFS
Drive h: (SVEN) (Removable) (Total:28.88 GB) (Free:27.05 GB) FAT32

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 7256B80C)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 28.9 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=28.9 GB) - (Type=0C)

========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: F25276B3)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================
         
und FRST
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
durchgeführt von Sven (Administrator) auf PCSASV (10-02-2016 16:22:09)
Gestartet von C:\Users\Sven\Downloads
Geladene Profile: Sven &  (Verfügbare Profile: Sven)
Platform: Windows 10 Home Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(AMD) C:\Windows\System32\atieclxx.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2793016 2013-09-05] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [154680 2013-09-05] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [154680 2013-09-05] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-06-04] (IDT, Inc.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-08-22] (Hewlett-Packard )
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [803200 2015-12-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-19] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2016-01-28] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [455392 2015-04-10] (Sony)
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001\...\Run: [AviraSpeedup] => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup_internetsecuritysuite.exe [5395704 2014-11-24] (Avira)
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2016-01-28] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [455392 2015-04-10] (Sony)
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AviraSpeedup] => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup_internetsecuritysuite.exe [5395704 2014-11-24] (Avira)
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2016-01-28] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2016-01-28] (Garmin Ltd. or its subsidiaries)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{1c8f6359-ea3a-4a45-89e9-c1bec74245c9}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK14/4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK14/4
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK14/4
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPDSK14/4
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK14/4
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPDSK14/4
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {22C7A57A-4D2D-4DAD-B778-32C842155EB9} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {22C7A57A-4D2D-4DAD-B778-32C842155EB9} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3896469874-4053130608-2395046965-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3896469874-4053130608-2395046965-1001 -> {22C7A57A-4D2D-4DAD-B778-32C842155EB9} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3896469874-4053130608-2395046965-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3896469874-4053130608-2395046965-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3896469874-4053130608-2395046965-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {22C7A57A-4D2D-4DAD-B778-32C842155EB9} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3896469874-4053130608-2395046965-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19] (Hewlett-Packard Company)
Toolbar: HKLM - Kein Name - {41564952-412D-5637-4300-7A786E7484D7} -  Keine Datei
Toolbar: HKLM-x32 - Kein Name - {41564952-412D-5637-4300-7A786E7484D7} -  Keine Datei

FireFox:
========
FF ProfilePath: C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\kw99fd1p.default
FF Homepage: hxxps://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-09] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-09] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-08-13] (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3896469874-4053130608-2395046965-1001: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2015-05-29] (Sony Network Entertainment International LLC)
FF Plugin HKU\S-1-5-21-3896469874-4053130608-2395046965-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2015-05-29] (Sony Network Entertainment International LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files (x86)\Sony\Media Go\MediaGoDetector.crx" <nicht gefunden>

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-11-04] (Advanced Micro Devices, Inc.)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [948392 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [466408 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [466408 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1418560 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-09-05] () [Datei ist nicht signiert]
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink)
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [803856 2016-01-28] (Garmin Ltd. or its subsidiaries)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-09-05] (Softex Inc.) [Datei ist nicht signiert]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) [Datei ist nicht signiert]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [333824 2013-06-04] (IDT, Inc.) [Datei ist nicht signiert]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [135880 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [146696 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [73032 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-10] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402136 2016-01-18] (Realsil Semiconductor Corporation)
U5 usbfilter; C:\Windows\System32\Drivers\usbfilter.sys [58536 2012-08-29] (Advanced Micro Devices)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 RSUSBSTOR; \SystemRoot\System32\Drivers\RtsUStor.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-02-10 16:17 - 2016-02-10 16:17 - 00000000 ___HD C:\OneDriveTemp
2016-02-09 20:40 - 2016-01-29 07:57 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-02-09 20:40 - 2016-01-29 07:33 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-02-09 20:40 - 2016-01-27 07:15 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-02-09 20:40 - 2016-01-27 07:15 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-02-09 20:40 - 2016-01-27 07:01 - 07476064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-02-09 20:40 - 2016-01-27 07:01 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-02-09 20:40 - 2016-01-27 07:01 - 01819720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-02-09 20:40 - 2016-01-27 06:59 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-02-09 20:40 - 2016-01-27 06:57 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-02-09 20:40 - 2016-01-27 06:57 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-02-09 20:40 - 2016-01-27 06:57 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-02-09 20:40 - 2016-01-27 06:56 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-02-09 20:40 - 2016-01-27 06:55 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-02-09 20:40 - 2016-01-27 06:55 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
2016-02-09 20:40 - 2016-01-27 06:54 - 00295264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-02-09 20:40 - 2016-01-27 06:46 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-09 20:40 - 2016-01-27 06:46 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-09 20:40 - 2016-01-27 06:45 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-02-09 20:40 - 2016-01-27 06:45 - 06605544 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-02-09 20:40 - 2016-01-27 06:44 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-02-09 20:40 - 2016-01-27 06:44 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
2016-02-09 20:40 - 2016-01-27 06:43 - 00359776 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-02-09 20:40 - 2016-01-27 06:37 - 01998176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-02-09 20:40 - 2016-01-27 06:37 - 00576352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-02-09 20:40 - 2016-01-27 06:21 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-02-09 20:40 - 2016-01-27 06:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
2016-02-09 20:40 - 2016-01-27 06:13 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-02-09 20:40 - 2016-01-27 06:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-02-09 20:40 - 2016-01-27 06:11 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-02-09 20:40 - 2016-01-27 06:10 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-02-09 20:40 - 2016-01-27 06:10 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-02-09 20:40 - 2016-01-27 06:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-09 20:40 - 2016-01-27 06:08 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
2016-02-09 20:40 - 2016-01-27 06:07 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll
2016-02-09 20:40 - 2016-01-27 06:05 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-02-09 20:40 - 2016-01-27 06:05 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-02-09 20:40 - 2016-01-27 06:05 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-02-09 20:40 - 2016-01-27 06:05 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-02-09 20:40 - 2016-01-27 06:04 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-02-09 20:40 - 2016-01-27 06:04 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-02-09 20:40 - 2016-01-27 06:03 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-02-09 20:40 - 2016-01-27 06:02 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-02-09 20:40 - 2016-01-27 06:01 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-02-09 20:40 - 2016-01-27 05:59 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll
2016-02-09 20:40 - 2016-01-27 05:58 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-02-09 20:40 - 2016-01-27 05:57 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-02-09 20:40 - 2016-01-27 05:55 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-02-09 20:40 - 2016-01-27 05:55 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-02-09 20:40 - 2016-01-27 05:54 - 24603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-02-09 20:40 - 2016-01-27 05:52 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-02-09 20:40 - 2016-01-27 05:50 - 02230784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-02-09 20:40 - 2016-01-27 05:50 - 01504768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-02-09 20:40 - 2016-01-27 05:50 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-02-09 20:40 - 2016-01-27 05:49 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-02-09 20:40 - 2016-01-27 05:48 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-02-09 20:40 - 2016-01-27 05:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll
2016-02-09 20:40 - 2016-01-27 05:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-02-09 20:40 - 2016-01-27 05:41 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-02-09 20:40 - 2016-01-27 05:39 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-02-09 20:40 - 2016-01-27 05:38 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-02-09 20:40 - 2016-01-27 05:38 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-02-09 20:40 - 2016-01-27 05:37 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-02-09 20:40 - 2016-01-27 05:36 - 02757120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-02-09 20:40 - 2016-01-27 05:32 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-02-09 20:40 - 2016-01-27 05:31 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
2016-02-09 20:36 - 2016-02-09 20:39 - 00036218 _____ C:\Users\Sven\Downloads\SystemLook.txt
2016-02-09 20:35 - 2016-02-09 20:35 - 00000686 _____ C:\Users\Sven\Desktop\SystemLook_x64 - Verknüpfung.lnk
2016-02-09 20:33 - 2016-02-09 20:35 - 00165376 _____ C:\Users\Sven\Downloads\SystemLook_x64.exe
2016-02-09 20:30 - 2016-02-09 20:30 - 00001183 _____ C:\Users\Sven\Desktop\mbam.txt
2016-02-09 19:37 - 2016-02-09 19:37 - 01508352 _____ C:\Users\Sven\Downloads\adwcleaner_5.033(2).exe
2016-02-08 18:33 - 2016-02-08 18:42 - 00090344 _____ C:\TDSSKiller.3.1.0.9_08.02.2016_18.33.56_log.txt
2016-02-08 18:33 - 2016-02-08 18:33 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Sven\Downloads\tdsskiller.exe
2016-02-08 18:24 - 2016-02-09 21:17 - 00044601 _____ C:\Users\Sven\Downloads\Addition.txt
2016-02-08 18:23 - 2016-02-10 16:22 - 00019553 _____ C:\Users\Sven\Downloads\FRST.txt
2016-02-08 18:22 - 2016-02-10 16:22 - 00000000 ____D C:\FRST
2016-02-08 18:21 - 2016-02-08 18:22 - 02370560 _____ (Farbar) C:\Users\Sven\Downloads\FRST64.exe
2016-02-08 17:42 - 2016-02-08 17:42 - 00001993 _____ C:\Malwarebyte scan.txt
2016-02-08 17:29 - 2016-02-10 16:18 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-02-08 17:28 - 2016-02-08 17:28 - 00001182 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-02-08 17:28 - 2016-02-08 17:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-02-08 17:28 - 2016-02-08 17:28 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-02-08 17:28 - 2016-02-08 17:28 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2016-02-08 17:28 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-02-08 17:28 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-02-08 17:28 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-02-08 17:27 - 2016-02-08 17:27 - 01466656 _____ C:\Users\Sven\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2016-02-07 21:23 - 2016-02-07 21:24 - 01508352 _____ C:\Users\Sven\Downloads\adwcleaner_5.033(1).exe
2016-02-07 20:08 - 2016-02-07 20:08 - 00000000 ____D C:\Program Files\Common Files\AV
2016-02-07 20:08 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2016-02-07 20:07 - 2016-02-07 21:17 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-02-07 20:07 - 2016-02-07 20:08 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-02-07 20:07 - 2016-02-07 20:07 - 00001471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-02-07 20:07 - 2016-02-07 20:07 - 00001459 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-02-07 20:07 - 2016-02-07 20:07 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2016-02-07 20:07 - 2016-02-07 20:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-02-07 20:07 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2016-02-07 20:05 - 2016-02-07 20:06 - 01466656 _____ C:\Users\Sven\Downloads\SpyBot Search Destroy - CHIP-Installer.exe
2016-02-07 19:52 - 2016-02-07 19:53 - 00246532 _____ C:\WINDOWS\Minidump\020716-31531-01.dmp
2016-02-07 19:52 - 2016-02-07 19:52 - 976396273 _____ C:\WINDOWS\MEMORY.DMP
2016-02-07 19:52 - 2016-02-07 19:52 - 00000000 ____D C:\WINDOWS\Minidump
2016-02-07 19:39 - 2016-02-09 19:39 - 00000000 ____D C:\AdwCleaner
2016-02-07 19:38 - 2016-02-07 19:39 - 01508352 _____ C:\Users\Sven\Downloads\adwcleaner_5.033.exe
2016-02-07 18:56 - 2016-02-07 18:57 - 00464924 _____ C:\Users\Sven\Downloads\JavaRa.def
2016-02-07 18:56 - 2016-02-07 18:56 - 00002250 _____ C:\Users\Sven\Desktop\JavaRa - CHIP Downloader.lnk
2016-02-07 18:54 - 2016-02-07 18:54 - 00184620 _____ C:\Users\Sven\Downloads\JavaRa-2.6.1.zip
2016-02-07 18:53 - 2016-02-07 18:53 - 01466656 _____ C:\Users\Sven\Downloads\JavaRa - CHIP-Installer.exe
2016-02-04 17:46 - 2015-09-22 09:46 - 00072286 _____ C:\Users\Sven\Downloads\WT_2015_Bewertungsbogen.pdf
2016-02-04 17:46 - 2015-06-24 11:48 - 03664019 _____ C:\Users\Sven\Downloads\WT_2015_Folien.pdf
2016-02-04 17:45 - 2015-09-22 09:30 - 00179339 _____ C:\Users\Sven\Downloads\WT 2015_Termine.pdf
2016-02-04 17:45 - 2015-09-22 09:23 - 00177113 _____ C:\Users\Sven\Downloads\WT 2015_Anschreiben Jugendwarte.pdf
2016-02-04 17:45 - 2015-06-24 11:46 - 01306973 _____ C:\Users\Sven\Downloads\WT_2015_Beihefter.pdf
2016-01-28 20:29 - 2016-01-28 20:29 - 00000000 ____D C:\WINDOWS\PCHEALTH
2016-01-28 20:27 - 2016-01-16 07:36 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-28 20:27 - 2016-01-16 07:36 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-28 20:27 - 2016-01-16 07:34 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-28 20:27 - 2016-01-16 07:24 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2016-01-28 20:27 - 2016-01-16 07:23 - 08728920 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-01-28 20:27 - 2016-01-16 07:23 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-28 20:27 - 2016-01-16 07:23 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-28 20:27 - 2016-01-16 07:23 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-01-28 20:27 - 2016-01-16 07:23 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-01-28 20:27 - 2016-01-16 07:21 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2016-01-28 20:27 - 2016-01-16 07:20 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-01-28 20:27 - 2016-01-16 07:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-28 20:27 - 2016-01-16 07:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2016-01-28 20:27 - 2016-01-16 07:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-28 20:27 - 2016-01-16 07:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-01-28 20:27 - 2016-01-16 07:12 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-01-28 20:27 - 2016-01-16 07:09 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-01-28 20:27 - 2016-01-16 07:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-01-28 20:27 - 2016-01-16 07:08 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-01-28 20:27 - 2016-01-16 06:45 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-28 20:27 - 2016-01-16 06:38 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-01-28 20:27 - 2016-01-16 06:38 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
2016-01-28 20:27 - 2016-01-16 06:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-01-28 20:27 - 2016-01-16 06:37 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-01-28 20:27 - 2016-01-16 06:36 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-28 20:27 - 2016-01-16 06:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-01-28 20:27 - 2016-01-16 06:36 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
2016-01-28 20:27 - 2016-01-16 06:35 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-01-28 20:27 - 2016-01-16 06:35 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-01-28 20:27 - 2016-01-16 06:34 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-01-28 20:27 - 2016-01-16 06:34 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2016-01-28 20:27 - 2016-01-16 06:34 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-01-28 20:27 - 2016-01-16 06:33 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2016-01-28 20:27 - 2016-01-16 06:32 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-01-28 20:27 - 2016-01-16 06:31 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-01-28 20:27 - 2016-01-16 06:31 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-01-28 20:27 - 2016-01-16 06:31 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-01-28 20:27 - 2016-01-16 06:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-01-28 20:27 - 2016-01-16 06:30 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-01-28 20:27 - 2016-01-16 06:30 - 01053696 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-01-28 20:27 - 2016-01-16 06:30 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-01-28 20:27 - 2016-01-16 06:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll
2016-01-28 20:27 - 2016-01-16 06:29 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-01-28 20:27 - 2016-01-16 06:29 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-01-28 20:27 - 2016-01-16 06:28 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-01-28 20:27 - 2016-01-16 06:28 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-01-28 20:27 - 2016-01-16 06:28 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2016-01-28 20:27 - 2016-01-16 06:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll
2016-01-28 20:27 - 2016-01-16 06:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-01-28 20:27 - 2016-01-16 06:26 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-01-28 20:27 - 2016-01-16 06:26 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll
2016-01-28 20:27 - 2016-01-16 06:25 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-01-28 20:27 - 2016-01-16 06:24 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-01-28 20:27 - 2016-01-16 06:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-01-28 20:27 - 2016-01-16 06:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-01-28 20:27 - 2016-01-16 06:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-01-28 20:27 - 2016-01-16 06:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-01-28 20:27 - 2016-01-16 06:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-01-28 20:27 - 2016-01-16 06:21 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-01-28 20:27 - 2016-01-16 06:20 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-01-28 20:27 - 2016-01-16 06:20 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-01-28 20:27 - 2016-01-16 06:20 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-01-28 20:27 - 2016-01-16 06:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2016-01-28 20:27 - 2016-01-16 06:19 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-01-28 20:27 - 2016-01-16 06:19 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-01-28 20:27 - 2016-01-16 06:18 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-28 20:27 - 2016-01-16 06:17 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-01-28 20:27 - 2016-01-16 06:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-01-28 20:27 - 2016-01-16 06:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-28 20:27 - 2016-01-16 06:15 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-01-28 20:27 - 2016-01-16 06:14 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-01-28 20:27 - 2016-01-16 06:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-01-28 20:27 - 2016-01-05 03:50 - 00671472 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-28 20:27 - 2016-01-05 03:48 - 00499432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-28 20:27 - 2016-01-05 03:45 - 02587696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-01-28 20:27 - 2016-01-05 03:42 - 02026736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-01-28 20:27 - 2016-01-05 03:37 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-01-28 20:27 - 2016-01-05 03:37 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-01-28 20:27 - 2016-01-05 03:37 - 00858952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-01-28 20:27 - 2016-01-05 03:37 - 00245840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-01-28 20:27 - 2016-01-05 03:37 - 00234504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2016-01-28 20:27 - 2016-01-05 03:36 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-01-28 20:27 - 2016-01-05 03:33 - 02180128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-28 20:27 - 2016-01-05 03:33 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-28 20:27 - 2016-01-05 03:33 - 00701384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-28 20:27 - 2016-01-05 03:33 - 00208176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2016-01-28 20:27 - 2016-01-05 03:33 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-01-28 20:27 - 2016-01-05 03:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-01-28 20:27 - 2016-01-05 03:27 - 01594408 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-28 20:27 - 2016-01-05 03:24 - 00796352 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-01-28 20:27 - 2016-01-05 03:23 - 01804664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-01-28 20:27 - 2016-01-05 03:23 - 01309376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-01-28 20:27 - 2016-01-05 03:23 - 00786696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-01-28 20:27 - 2016-01-05 03:21 - 01371792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-28 20:27 - 2016-01-05 03:17 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-28 20:27 - 2016-01-05 02:54 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-01-28 20:27 - 2016-01-05 02:53 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2016-01-28 20:27 - 2016-01-05 02:50 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-01-28 20:27 - 2016-01-05 02:50 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-01-28 20:27 - 2016-01-05 02:49 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-01-28 20:27 - 2016-01-05 02:49 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2016-01-28 20:27 - 2016-01-05 02:49 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommon.dll
2016-01-28 20:27 - 2016-01-05 02:48 - 01009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-01-28 20:27 - 2016-01-05 02:48 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-01-28 20:27 - 2016-01-05 02:47 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-01-28 20:27 - 2016-01-05 02:47 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-01-28 20:27 - 2016-01-05 02:45 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-01-28 20:27 - 2016-01-05 02:45 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-01-28 20:27 - 2016-01-05 02:44 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2016-01-28 20:27 - 2016-01-05 02:43 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-01-28 20:27 - 2016-01-05 02:43 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-01-28 20:27 - 2016-01-05 02:41 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-28 20:27 - 2016-01-05 02:41 - 00558592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-01-28 20:27 - 2016-01-05 02:40 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-28 20:27 - 2016-01-05 02:40 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll
2016-01-28 20:27 - 2016-01-05 02:39 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-01-28 20:27 - 2016-01-05 02:39 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-28 20:27 - 2016-01-05 02:39 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-01-28 20:27 - 2016-01-05 02:38 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-28 20:27 - 2016-01-05 02:36 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-01-28 20:27 - 2016-01-05 02:30 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-01-28 20:26 - 2016-01-16 07:37 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-01-28 20:26 - 2016-01-16 07:23 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-01-28 20:26 - 2016-01-16 07:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-01-28 20:26 - 2016-01-16 06:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-01-28 20:26 - 2016-01-16 06:44 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-01-28 20:26 - 2016-01-16 06:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
2016-01-28 20:26 - 2016-01-16 06:44 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2016-01-28 20:26 - 2016-01-16 06:43 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
2016-01-28 20:26 - 2016-01-16 06:42 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-01-28 20:26 - 2016-01-16 06:42 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
2016-01-28 20:26 - 2016-01-16 06:41 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-01-28 20:26 - 2016-01-16 06:40 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2016-01-28 20:26 - 2016-01-16 06:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2016-01-28 20:26 - 2016-01-16 06:40 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
2016-01-28 20:26 - 2016-01-16 06:39 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2016-01-28 20:26 - 2016-01-16 06:38 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-01-28 20:26 - 2016-01-16 06:38 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
2016-01-28 20:26 - 2016-01-16 06:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-01-28 20:26 - 2016-01-16 06:37 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-01-28 20:26 - 2016-01-16 06:36 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2016-01-28 20:26 - 2016-01-16 06:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2016-01-28 20:26 - 2016-01-16 06:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll
2016-01-28 20:26 - 2016-01-16 06:34 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-01-28 20:26 - 2016-01-16 06:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
2016-01-28 20:26 - 2016-01-16 06:33 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2016-01-28 20:26 - 2016-01-16 06:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-01-28 20:26 - 2016-01-16 06:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2016-01-28 20:26 - 2016-01-16 06:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe
2016-01-28 20:26 - 2016-01-16 06:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll
2016-01-28 20:26 - 2016-01-16 06:26 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-01-28 20:26 - 2016-01-16 06:26 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-01-28 20:26 - 2016-01-16 06:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2016-01-28 20:26 - 2016-01-16 06:25 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-01-28 20:26 - 2016-01-16 06:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-01-28 20:26 - 2016-01-16 06:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-01-28 20:26 - 2016-01-16 06:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-01-28 20:26 - 2016-01-05 03:51 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-01-28 20:26 - 2016-01-05 03:51 - 01141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-01-28 20:26 - 2016-01-05 03:23 - 00119320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-01-28 20:26 - 2016-01-05 03:16 - 00100160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-28 20:26 - 2016-01-05 02:57 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMSRoamingSecurity.dll
2016-01-28 20:26 - 2016-01-05 02:57 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
2016-01-28 20:26 - 2016-01-05 02:56 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-01-28 20:26 - 2016-01-05 02:52 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-01-28 20:26 - 2016-01-05 02:51 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-01-28 20:26 - 2016-01-05 02:51 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-01-28 20:26 - 2016-01-05 02:49 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-01-28 20:26 - 2016-01-05 02:48 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll
2016-01-28 20:26 - 2016-01-05 02:47 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-01-28 20:26 - 2016-01-05 02:43 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-01-28 20:26 - 2016-01-05 02:42 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-01-28 20:26 - 2016-01-05 02:39 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-28 20:26 - 2016-01-05 02:36 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-01-27 20:43 - 2016-01-31 13:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-23 16:25 - 2016-02-09 21:17 - 00003870 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-01-23 16:24 - 2016-02-10 14:17 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-19 06:18 - 2016-01-19 06:18 - 00023098 _____ C:\Users\Sven\Downloads\LbsGeschichte.odt
2016-01-18 16:01 - 2016-01-18 16:01 - 00000000 ____D C:\Program Files (x86)\Realtek
2016-01-18 16:01 - 2016-01-18 16:00 - 09890008 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RsCRIcon.dll
2016-01-18 16:01 - 2016-01-18 16:00 - 00402136 _____ (Realsil Semiconductor Corporation) C:\WINDOWS\system32\Drivers\RtsUer.sys
2016-01-18 16:01 - 2016-01-18 16:00 - 00083160 _____ (Realtek Semiconductor.) C:\WINDOWS\system32\RtCRX64.dll

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-02-10 16:17 - 2014-03-01 12:51 - 00000000 __RDO C:\Users\Sven\SkyDrive
2016-02-10 14:08 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-10 14:08 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-10 14:04 - 2014-03-01 13:00 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B7B440A6-BB0D-44B9-BB3E-0513485A3D83}
2016-02-10 13:59 - 2015-12-16 13:05 - 02003182 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-10 13:59 - 2015-10-30 19:35 - 00852510 _____ C:\WINDOWS\system32\perfh007.dat
2016-02-10 13:59 - 2015-10-30 19:35 - 00187736 _____ C:\WINDOWS\system32\perfc007.dat
2016-02-10 13:59 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2016-02-10 13:16 - 2015-12-16 13:05 - 00000000 ____D C:\Users\Sven
2016-02-10 13:11 - 2015-12-16 13:31 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-09 21:12 - 2014-03-01 12:36 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-02-09 21:10 - 2015-10-30 07:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-02-09 21:09 - 2015-10-30 19:44 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-09 20:48 - 2014-03-03 14:47 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-09 20:45 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-09 20:45 - 2014-03-03 14:47 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-08 17:43 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\L2Schemas
2016-02-08 15:23 - 2014-03-14 08:53 - 00003608 _____ C:\WINDOWS\System32\Tasks\FileAdvisorCheck
2016-02-08 15:23 - 2014-03-14 08:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Type Advisor
2016-02-08 15:23 - 2014-03-14 08:53 - 00000000 ____D C:\Program Files (x86)\File Type Advisor
2016-02-07 21:28 - 2015-10-30 07:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-02-07 19:00 - 2014-03-22 08:53 - 00000000 ____D C:\Users\Sven\AppData\Roaming\FileAdvisor
2016-02-05 13:36 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\rescache
2016-02-05 12:38 - 2015-12-27 18:42 - 00003230 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForSven
2016-02-05 12:38 - 2015-12-27 18:42 - 00000342 _____ C:\WINDOWS\Tasks\HPCeeScheduleForSven.job
2016-02-05 11:34 - 2014-06-10 19:14 - 00000000 ____D C:\Users\Sven\Documents\Feuerwehrverein
2016-02-03 20:01 - 2015-10-30 08:26 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-02-03 20:01 - 2015-10-30 08:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-02 20:10 - 2014-10-12 15:12 - 00000000 ____D C:\Users\Sven\AppData\Roaming\vlc
2016-02-02 15:49 - 2015-12-16 13:02 - 00000000 ____D C:\ProgramData\Package Cache
2016-02-02 15:48 - 2015-05-13 06:56 - 00003624 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask
2016-02-02 15:48 - 2015-05-13 06:56 - 00001970 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2016-02-02 15:48 - 2015-05-13 06:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2016-02-02 15:48 - 2015-05-13 06:56 - 00000000 ____D C:\Program Files (x86)\Garmin
2016-01-31 15:06 - 2014-03-01 14:57 - 00000000 ____D C:\Users\Sven\AppData\Roaming\XnView
2016-01-31 13:17 - 2014-03-01 13:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-30 22:09 - 2015-10-30 08:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-01-30 22:09 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-01-30 22:09 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-01-30 22:09 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-01-30 22:09 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-01-30 22:09 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-30 22:09 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-01-23 16:25 - 2014-03-01 18:31 - 00000000 ____D C:\Users\Sven\AppData\Local\Adobe
2016-01-18 16:01 - 2014-02-05 07:00 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2016-01-18 16:00 - 2013-09-03 05:57 - 00000000 ____D C:\SWSETUP
2016-01-15 13:44 - 2016-01-01 13:01 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-15 13:44 - 2014-12-26 16:21 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-10-04 12:55 - 2014-10-11 14:58 - 0005120 _____ () C:\Users\Sven\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-03 12:33 - 2014-05-03 12:33 - 0009046 _____ () C:\Users\Sven\AppData\Local\recently-used.xbel
2014-03-14 09:02 - 2014-03-14 09:02 - 0001534 _____ () C:\ProgramData\ss.ini

Einige Dateien in TEMP:
====================
C:\Users\Sven\AppData\Local\Temp\avgnt.exe
C:\Users\Sven\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-02-09 20:43

==================== Ende von FRST.txt ============================
         

Alt 11.02.2016, 10:57   #9
M-K-D-B
/// TB-Ausbilder
 
Zip Datei entpakt, welche ein Javaskript enthält! Und nun? - Standard

Zip Datei entpakt, welche ein Javaskript enthält! Und nun?



Servus,


wir entfernen die letzten Reste und kontrollieren nochmal alles.



Hinweis: Der Suchlauf mit ESET kann länger dauern.



Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
CloseProcesses:
Task: {09457ED8-88E5-4448-8D3A-7FE99E5939DD} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {0E585D37-9C39-46EA-A58E-E67BC39945C4} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {3F19281D-6B48-4C11-99AD-EE0AF77A5C6B} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {413A63F3-CA1E-4B85-B830-CED4EEC12ED5} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {50155064-DECD-4647-9639-5DF0D5AB2C0E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {6CBC2F47-C9B0-4040-A82E-CBEE47851BEA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {777F3E62-A613-4228-8C9B-C3E9C638E371} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {7E4E7FF3-E523-4AB8-91A1-6E863A7E8178} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {9BC28C3C-3161-4095-A131-C9ACF14681EB} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {ACF97461-4287-42AC-8A1C-DA4EC345EFB9} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {DBED7EAD-2721-4E36-A73F-4A511FD36546} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Toolbar: HKLM - Kein Name - {41564952-412D-5637-4300-7A786E7484D7} -  Keine Datei
Toolbar: HKLM-x32 - Kein Name - {41564952-412D-5637-4300-7A786E7484D7} -  Keine Datei
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\25946514D214736534007A857BC06200
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.







Schritt 2
Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
  • Starte die HitmanPro.exe
  • Klicke auf
  • Entferne den Haken bei
  • Klicke auf
    und
  • Akzeptiere die Lizenzbedingungen und klicke auf
  • Klicke auf

    und auf
  • Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
    und speichere die Logdatei auf Deinem Desktop.
  • Schließe HitmanPro und poste mir das Log.

 







Schritt 3

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset







Schritt 4
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Untersuchen.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.





Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?







Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die Logdatei von HitmanPro,
  • die Logdatei von ESET,
  • die beiden neuen Logdateien von FRST,
  • die Beantwortung der gestellten Fragen.

Alt 11.02.2016, 15:32   #10
SvenFeuer
 
Zip Datei entpakt, welche ein Javaskript enthält! Und nun? - Standard

Zip Datei entpakt, welche ein Javaskript enthält! Und nun?



So, Hitman ist durch! Aber die Logdatei lässt sich nicht speichern! Habe es 2x versucht. Der "Button" Logdatei speichern" reagiert zwar wenn ich mit der Maus drauf komme, aber nach dem an klicken passiert nix.
Gefunden als potentielle Bedrohung wurden diverse Virensuchprogramme und viele Zahlen/Buchstaben_Kombinationen, hinter denen AskBar steht. ich mach halt mit ESET weiter...

Gruß Sven

Sorry, ich hab das fixlog vergessen. Ich denke mal, das ist die fixlist:
Code:
ATTFilter
start
CloseProcesses:
Task: {09457ED8-88E5-4448-8D3A-7FE99E5939DD} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {0E585D37-9C39-46EA-A58E-E67BC39945C4} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {3F19281D-6B48-4C11-99AD-EE0AF77A5C6B} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {413A63F3-CA1E-4B85-B830-CED4EEC12ED5} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {50155064-DECD-4647-9639-5DF0D5AB2C0E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {6CBC2F47-C9B0-4040-A82E-CBEE47851BEA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {777F3E62-A613-4228-8C9B-C3E9C638E371} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {7E4E7FF3-E523-4AB8-91A1-6E863A7E8178} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {9BC28C3C-3161-4095-A131-C9ACF14681EB} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {ACF97461-4287-42AC-8A1C-DA4EC345EFB9} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {DBED7EAD-2721-4E36-A73F-4A511FD36546} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Toolbar: HKLM - Kein Name - {41564952-412D-5637-4300-7A786E7484D7} -  Keine Datei
Toolbar: HKLM-x32 - Kein Name - {41564952-412D-5637-4300-7A786E7484D7} -  Keine Datei
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\25946514D214736534007A857BC06200
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
         

Alt 11.02.2016, 16:40   #11
M-K-D-B
/// TB-Ausbilder
 
Zip Datei entpakt, welche ein Javaskript enthält! Und nun? - Standard

Zip Datei entpakt, welche ein Javaskript enthält! Und nun?



Servus,


ich will die Fixlog von FRST haben.


Hat HitmanPro denn was gefunden? Wenn ja, was?

Weiter mit ESET bitte.

Alt 11.02.2016, 17:38   #12
SvenFeuer
 
Zip Datei entpakt, welche ein Javaskript enthält! Und nun? - Standard

Zip Datei entpakt, welche ein Javaskript enthält! Und nun?



Hallo
Hitman hat gefunden:
JavaRe Chip Installer
Malwarebytes Chip installer
Spybot Chip Installer
FRST.exe
jede Zahlen/Buchstaben von AskBar
aber wie gesagt, Speichern ging net,,,

So, hier das ESET-Log:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=f5fc38e616c2ef40bfeec93033c46e40
# end=init
# utc_time=2016-02-11 02:38:56
# local_time=2016-02-11 03:38:56 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 28081
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=f5fc38e616c2ef40bfeec93033c46e40
# end=updated
# utc_time=2016-02-11 02:43:39
# local_time=2016-02-11 03:43:39 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=f5fc38e616c2ef40bfeec93033c46e40
# engine=28081
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-02-11 04:05:26
# local_time=2016-02-11 05:05:26 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 8980214 9020869 0 0
# scanned=287008
# found=7
# cleaned=0
# scan_time=4906
sh=5E1CC1965D695E661646B0147DF0D43C1006C3E9 ft=0 fh=0000000000000000 vn="JS/TrojanDownloader.Nemucod.EM Trojaner" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-3896469874-4053130608-2395046965-1001\$RN3G2JM.js"
sh=A15C9536148CE02615132AE1DB1A6BF8F873A726 ft=1 fh=41c25fe63c7f6257 vn="Win32/Installium.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sven\AppData\Roaming\OpenCandy\808CAF1E023D4997A0DC85841588589E\search_protect_global.exe.vir"
sh=5B5EA2F5CEC496F99D245A68C884C09F5849E037 ft=1 fh=038fab3ea954bf64 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sven\AppData\Local\Temp\DMR\dmr_72.exe"
sh=29BF4A66DB53922CE5D1989383C8E8BDFC16C7D4 ft=1 fh=2174806b6c40ca9f vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sven\Downloads\JavaRa - CHIP-Installer.exe"
sh=8B1202FB70CD4410E0B1684FD1DBBA36859DCA68 ft=1 fh=2b4e95b763a3ef40 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sven\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe"
sh=190D420E19276FE3D6C2176F82DAC6451AEB7964 ft=1 fh=4d74709c00ceb3ba vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sven\Downloads\Sony Xperia L Bedienungsanleitung - CHIP-Installer.exe"
sh=7CF8F7EC0F6B4AA7711D229077DB7982BC3B5BF2 ft=1 fh=778ef164278c1405 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sven\Downloads\SpyBot Search Destroy - CHIP-Installer.exe"
         
So, Addition:
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:07-02-2016
durchgeführt von Sven (2016-02-11 17:28:08)
Gestartet von C:\Users\Sven\Downloads
Windows 10 Home (X64) (2015-12-16 12:56:03)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3896469874-4053130608-2395046965-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3896469874-4053130608-2395046965-503 - Limited - Disabled)
Gast (S-1-5-21-3896469874-4053130608-2395046965-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3896469874-4053130608-2395046965-1003 - Limited - Enabled)
Sven (S-1-5-21-3896469874-4053130608-2395046965-1001 - Administrator - Enabled) => C:\Users\Sven

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\AmUStor) (Version: 20.21.3317.03861 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver  (x32 Version: 20.21.3317.03861 - Alcor Micro Corp.) Hidden
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{DCDB976F-A83A-BFFB-59A1-B742F8300486}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.15.129 - Avira Operations GmbH & Co. KG)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite DCP-195C (HKLM-x32\...\{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
Crystal Reports XI Runtime Library (HKLM-x32\...\{C87EF9DB-603B-4EC2-8539-7575770AD5A8}) (Version: 3.1.2 - MP-SOFT-4-U)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6805 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3103 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3.4323 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3215 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3215 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3212 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.80 - DivX, LLC)
Elevated Installer (x32 Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden
EsR 1.0 (HKLM-x32\...\EsR) (Version: 1.0 - bhv Software GmbH & Co. KG)
File Type Advisor 1.2 (HKLM-x32\...\File Type Advisor_is1) (Version:  - filetypeadvisor.com)
FormatFactory 3.3.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.5.0 - Format Factory)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Garmin Express (HKLM-x32\...\{0733d53f-b41d-47cc-b336-d95751c4b2cb}) (Version: 4.1.16.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-3896469874-4053130608-2395046965-1001\...\HPConnectedMusic) (Version: 1.1 (build 128) hp - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-3896469874-4053130608-2395046965-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\HPConnectedMusic) (Version: 1.1 (build 128) hp - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-3896469874-4053130608-2395046965-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\HPConnectedMusic) (Version: 1.1 (build 128) hp - Meridian Audio Ltd)
HP Documentation (HKLM-x32\...\{06600E94-1C34-40E2-AB09-D30AECF78172}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7045.4591 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.51 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.1.40.3 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{B1AD4FFB-DD17-43EC-8C30-B9E71EAD9132}) (Version: 12.0.30.219 - Hewlett-Packard Company)
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6482.0 - IDT)
Inst5675 (Version: 8.00.51 - Softex Inc.) Hidden
Inst5676 (Version: 8.00.51 - Softex Inc.) Hidden
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Media Go (HKLM-x32\...\{1CBCA994-0290-49AD-98D3-9013A0F102E6}) (Version: 2.9.406 - Sony)
Media Go Network Downloader (HKLM-x32\...\{C52148B9-19E0-433A-9422-3451B1BEE20F}) (Version: 1.6.01.0 - Sony)
Media Go Video Playback Engine 2.16.103.12020 (HKLM-x32\...\{C38180CE-9165-E800-FAD3-F1AC427836B9}) (Version: 2.16.103.12020 - Sony)
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 5.1.6 - CEWE Stiftung u Co. KGaA)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 44.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 44.0 (x86 de)) (Version: 44.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.0.5866 - Mozilla)
MP-FEUER 2014 - Jugend (HKLM-x32\...\{D5ECEF53-157F-4B55-A774-162B399E3536}) (Version: 3.6.1 - MP-SOFT-4-U)
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 7.1.32.69 - )
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.7001 - CyberLink Corp.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Sony PC Companion 2.10.259 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.259 - Sony)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steuersparer 2014 (HKLM-x32\...\{485DBEA2-58E9-4136-9E6C-6C3022B02349}) (Version: 21.00.8480 - Buhl Data Service GmbH)
tax 2015 (HKLM-x32\...\{4CF96070-DEE5-43B5-B6A7-23AC07BC0C77}) (Version: 22.02.8861 - Buhl Data Service GmbH)
tax 2016 (HKLM-x32\...\{30E85B0C-57D8-4ECE-814B-264550A92FAB}) (Version: 23.00.1146 - Buhl Data Service GmbH)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-3896469874-4053130608-2395046965-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Sven\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {019CBC89-1D8E-46D3-931C-A2C5FAFD864C} - System32\Tasks\FileAdvisorCheck => C:\Program Files (x86)\File Type Advisor\file-type-advisor.exe [2013-08-14] (filetypeadvisor.com                                         )
Task: {09457ED8-88E5-4448-8D3A-7FE99E5939DD} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {0E585D37-9C39-46EA-A58E-E67BC39945C4} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {152CDF23-8A87-48F4-94DF-562C47309197} - System32\Tasks\AviraSpeedup => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [2014-12-09] (Avira Operations GmbH & Co. KG)
Task: {1A852541-1C78-4FF9-8562-EEA33D432BB7} - System32\Tasks\FileAdvisorUpdate => C:\Program Files (x86)\File Type Advisor\fileadvisor.exe [2013-08-14] (File Type Advisor)
Task: {27710FE8-04B5-47DD-B72A-DD4E56F1BDB7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-01-06] (Hewlett-Packard)
Task: {27E0E55C-10EB-45F2-8FED-B0C7505A34C3} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {27E13534-077C-484A-ACCE-8E1EECF56376} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-09] (Microsoft Corporation)
Task: {3F19281D-6B48-4C11-99AD-EE0AF77A5C6B} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {413A63F3-CA1E-4B85-B830-CED4EEC12ED5} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {48F16A4A-FAF6-460B-BF25-D422CCE1BC60} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {4E43793B-3DF9-43D8-8EA5-9BBF8685E350} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-01-12] (Hewlett-Packard Company)
Task: {50155064-DECD-4647-9639-5DF0D5AB2C0E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {5349EBD4-97C6-4807-BCAB-C402926FCCC7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {5476C563-D9BC-4EDC-BA41-A8BE19954FD8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {5D51C8A0-5EC0-41BD-A906-3162722FA1C6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {6211D070-99E0-4DED-A13F-52493BD719CF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {6388BAFC-0150-4432-BDF7-8B261E97E9C7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-01-20] (Hewlett-Packard)
Task: {6CBC2F47-C9B0-4040-A82E-CBEE47851BEA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {6E893CB8-7034-4B13-A5DF-0A3FF7EB5D9C} - System32\Tasks\HPCeeScheduleForSven => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {777F3E62-A613-4228-8C9B-C3E9C638E371} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {7E4E7FF3-E523-4AB8-91A1-6E863A7E8178} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {7EC75E1F-EEFA-40A1-B4D2-038724FE2F67} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {7EED3EF5-0E3B-4F27-801D-655D45628A3A} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {9BC28C3C-3161-4095-A131-C9ACF14681EB} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {ACF97461-4287-42AC-8A1C-DA4EC345EFB9} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {BF0D8677-DDF7-48F9-B3E6-48691E3E7553} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-01-28] ()
Task: {DBED7EAD-2721-4E36-A73F-4A511FD36546} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {ED20387E-4EEC-4A2B-B131-A70898FCC4BC} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-09] (Adobe Systems Incorporated)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForSven.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2013-09-05 12:24 - 2013-09-05 12:24 - 02540544 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-09-05 12:21 - 2013-09-05 12:21 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-09-05 12:21 - 2013-09-05 12:21 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-09-05 12:21 - 2013-09-05 12:21 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-09-05 12:36 - 2013-09-05 12:36 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-09-05 12:36 - 2013-09-05 12:36 - 01298832 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2013-09-05 12:22 - 2013-09-05 12:22 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
2013-09-05 12:24 - 2013-09-05 12:24 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-16 12:53 - 2015-12-16 12:53 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-16 12:53 - 2015-12-16 12:53 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-01-28 20:27 - 2016-01-05 02:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-18 12:57 - 2015-12-07 05:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-18 12:57 - 2015-12-07 05:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-28 20:27 - 2016-01-05 02:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-28 20:27 - 2016-01-05 02:24 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-01-28 20:27 - 2016-01-16 06:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-28 20:27 - 2016-01-16 06:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-12-16 12:53 - 2015-12-16 12:53 - 00529408 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.NodeWinrtWrap.dll
2015-10-30 08:18 - 2015-10-30 19:44 - 00037888 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\winrt-projections\bin\Winrt_Projections.node
2015-10-30 08:18 - 2015-10-30 19:44 - 00796160 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http\bin\NodeRT_Windows_Web_Http.node
2015-10-30 08:18 - 2015-10-30 19:44 - 00961024 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.headers\bin\NodeRT_Windows_Web_Http_Headers.node
2015-10-30 08:18 - 2015-10-30 19:44 - 00206336 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.filters\bin\NodeRT_Windows_Web_Http_Filters.node
2015-10-30 08:18 - 2015-10-30 19:44 - 00558592 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.storage.streams\bin\NodeRT_Windows_Storage_Streams.node
2015-10-30 08:18 - 2015-10-30 19:44 - 00397824 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.foundation\bin\NodeRT_Windows_Foundation.node
2015-10-30 08:18 - 2015-10-30 19:44 - 00181248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\nodert-buffer-utils\bin\NodeRT_Buffer_Utils.node
2015-10-30 08:18 - 2015-10-30 19:44 - 00093696 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.security.cryptography\bin\NodeRT_Windows_Security_Cryptography.node
2015-10-30 08:18 - 2015-10-30 19:43 - 00200192 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.cortana.pal\bin\NodeRT_Windows_Cortana_PAL.node
2013-09-05 12:31 - 2013-09-05 12:31 - 00064000 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2014-01-10 06:26 - 2014-01-10 06:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2016-01-22 12:17 - 2016-01-22 12:17 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-02-05 11:25 - 2016-02-05 11:25 - 00015872 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.201.11370.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-02-05 11:25 - 2016-02-05 11:25 - 14869504 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.201.11370.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2015-12-16 14:32 - 2015-12-16 14:32 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.201.11370.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-02-07 20:07 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-02-07 20:07 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-02-07 20:07 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-02-07 20:07 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-02-07 20:07 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-01-10 06:28 - 2014-01-10 06:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-02-05 07:02 - 2013-08-05 08:49 - 00627672 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-06 00:48 - 2013-08-06 00:48 - 00016856 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2016-01-22 12:17 - 2016-01-22 12:17 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-22 12:17 - 2016-01-22 12:17 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3896469874-4053130608-2395046965-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Sven\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\rs3267_2014zrteam297bluepresse.jpg
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Sven\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\rs3267_2014zrteam297bluepresse.jpg
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> C:\Users\Sven\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\rs3267_2014zrteam297bluepresse.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\...\StartupApproved\Run32: => "ApnTBMon"
HKLM\...\StartupApproved\Run32: => "BrMfcWnd"
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001\...\StartupApproved\Run: => "Sony PC Companion"
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Sony PC Companion"
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\StartupApproved\Run: => "Sony PC Companion"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{02AD2C58-092B-4DFD-B1B0-E4FCEB82C374}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1E83930C-6F68-40A1-8997-92DBA568B38F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{F4BFFE7C-0A7C-46A0-9294-E8C474452702}C:\program files (x86)\xider\esr\game.exe] => (Allow) C:\program files (x86)\xider\esr\game.exe
FirewallRules: [TCP Query User{98A1FDCD-CF24-4720-9F79-076FD617A201}C:\program files (x86)\xider\esr\game.exe] => (Allow) C:\program files (x86)\xider\esr\game.exe
FirewallRules: [{CF98AF81-AF0F-416D-934A-BF7450165545}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3C4817AD-98BE-4D11-8999-FD0000761E4F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2BCFC008-9902-467C-8420-2165A6FBBA22}] => (Allow) LPort=1900
FirewallRules: [{1DB9A553-C6A2-4FEE-B78A-90278036CF44}] => (Allow) LPort=2869
FirewallRules: [{482499AD-7FE3-4135-8514-013A8160D7A9}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{453E056A-4726-43DF-ABC4-6A4AA631C8B6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AD8835D1-973E-49FC-B6DD-4B342599466A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EB1185B0-31B7-4B56-BF59-6BE1F5DB9E2F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{81EF1E91-0F55-4CEE-B7BA-230979FEDB47}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{569C8DDD-2DB0-415E-A842-5563AA6281EF}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{CA14A7EB-BA25-469B-8251-5208C87AC061}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{49FA6AA0-7C84-4359-A4C9-59E94B61E5C9}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{30599DBD-7D5D-457E-A3D5-3035932D89F1}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{63DB04AA-0E95-4681-BC31-3F830D09D4ED}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{88CD4720-0781-438F-81B3-5C00CB4AF90E}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{B7654C57-EB09-4B44-85F7-DCC0671D99FD}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{CDFB26C4-9CDB-48EA-86D5-DDD8DC01427A}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{6CA10F33-0A06-44BD-B896-D59EF4CF9837}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{F9150134-08C6-4B61-8B02-40718027197E}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{8F5A0E16-51D6-48E6-AD6A-F939AC46F01C}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Wiederherstellungspunkte =========================

07-02-2016 19:01:25 Removed Java 8 Update 45
11-02-2016 14:43:18 Windows Update

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: AMD Radeon HD 7660D
Description: AMD Radeon HD 7660D
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: Advanced Micro Devices, Inc.
Service: amdkmdap
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 

Name: AMD Radeon HD 7660D + R7 240 Dual Graphics
Description: AMD Radeon HD 7660D + R7 240 Dual Graphics
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: Advanced Micro Devices, Inc.
Service: amdkmdap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (02/11/2016 05:27:14 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (02/11/2016 05:21:16 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (02/11/2016 03:38:51 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (02/11/2016 03:38:47 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (02/11/2016 03:38:47 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (02/11/2016 02:43:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (02/11/2016 02:40:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MOM.exe, Version: 4.5.0.0, Zeitstempel: 0x53ad0e3f
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.10586.103, Zeitstempel: 0x56a8489c
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000071f08
ID des fehlerhaften Prozesses: 0x24b0
Startzeit der fehlerhaften Anwendung: 0xMOM.exe0
Pfad der fehlerhaften Anwendung: MOM.exe1
Pfad des fehlerhaften Moduls: MOM.exe2
Berichtskennung: MOM.exe3
Vollständiger Name des fehlerhaften Pakets: MOM.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MOM.exe5

Error: (02/11/2016 02:40:13 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: MOM.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.IO.FileLoadException
   bei ATI.ACE.MOM.Implementation.MOM.Main(System.String[])

Ausnahmeinformationen: System.Reflection.TargetInvocationException
   bei System.RuntimeMethodHandle.InvokeMethod(System.Object, System.Object[], System.Signature, Boolean)
   bei System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(System.Object, System.Object[], System.Object[])
   bei System.Reflection.RuntimeMethodInfo.Invoke(System.Object, System.Reflection.BindingFlags, System.Reflection.Binder, System.Object[], System.Globalization.CultureInfo)
   bei System.RuntimeType.InvokeMember(System.String, System.Reflection.BindingFlags, System.Reflection.Binder, System.Object, System.Object[], System.Reflection.ParameterModifier[], System.Globalization.CultureInfo, System.String[])
   bei System.Type.InvokeMember(System.String, System.Reflection.BindingFlags, System.Reflection.Binder, System.Object, System.Object[])
   bei ATI.ACE.MOM.EXE.MOM.Main(System.String[])

Error: (02/11/2016 10:53:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: atieclxx.exe, Version: 6.14.11.1199, Zeitstempel: 0x563a76a9
Name des fehlerhaften Moduls: atieclxx.exe, Version: 6.14.11.1199, Zeitstempel: 0x563a76a9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000425c6
ID des fehlerhaften Prozesses: 0x78
Startzeit der fehlerhaften Anwendung: 0xatieclxx.exe0
Pfad der fehlerhaften Anwendung: atieclxx.exe1
Pfad des fehlerhaften Moduls: atieclxx.exe2
Berichtskennung: atieclxx.exe3
Vollständiger Name des fehlerhaften Pakets: atieclxx.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: atieclxx.exe5

Error: (02/11/2016 10:25:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MOM.exe, Version: 4.5.0.0, Zeitstempel: 0x53ad0e3f
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.10586.103, Zeitstempel: 0x56a8489c
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000071f08
ID des fehlerhaften Prozesses: 0x2664
Startzeit der fehlerhaften Anwendung: 0xMOM.exe0
Pfad der fehlerhaften Anwendung: MOM.exe1
Pfad des fehlerhaften Moduls: MOM.exe2
Berichtskennung: MOM.exe3
Vollständiger Name des fehlerhaften Pakets: MOM.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MOM.exe5


Systemfehler:
=============
Error: (02/11/2016 03:43:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (02/11/2016 03:43:36 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Sven\AppData\Local\Temp\ehdrv.sys

Error: (02/11/2016 03:43:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (02/11/2016 03:43:35 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Sven\AppData\Local\Temp\ehdrv.sys

Error: (02/11/2016 03:43:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (02/11/2016 03:43:35 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Sven\AppData\Local\Temp\ehdrv.sys

Error: (02/11/2016 03:41:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (02/11/2016 03:41:06 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Sven\AppData\Local\Temp\ehdrv.sys

Error: (02/11/2016 03:41:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (02/11/2016 03:41:06 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Sven\AppData\Local\Temp\ehdrv.sys


CodeIntegrity:
===================================
  Date: 2016-02-09 21:12:32.934
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-31 13:21:46.897
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-07 11:36:50.478
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-03 16:05:34.294
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-31 16:30:27.386
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-23 17:19:04.107
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-18 13:17:27.488
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-17 12:55:14.277
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-16 13:29:31.394
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-16 12:59:28.218
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Speicherinformationen =========================== 

Prozessor: AMD A10-5700 APU with Radeon(tm) HD Graphics 
Prozentuale Nutzung des RAM: 22%
Installierter physikalischer RAM: 11461.12 MB
Verfügbarer physikalischer RAM: 8897.69 MB
Summe virtueller Speicher: 13189.12 MB
Verfügbarer virtueller Speicher: 10237.84 MB

==================== Laufwerke ================================

Drive c: (Windows) (Fixed) (Total:919.25 GB) (Free:832.87 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (Recovery Image) (Fixed) (Total:10.34 GB) (Free:1.26 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive g: (23099) (Fixed) (Total:931.51 GB) (Free:705.9 GB) NTFS
Drive h: (SVEN) (Removable) (Total:28.88 GB) (Free:27.05 GB) FAT32

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 7256B80C)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 28.9 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=28.9 GB) - (Type=0C)

========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: F25276B3)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================
         
und FRST:
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
durchgeführt von Sven (Administrator) auf PCSASV (11-02-2016 17:27:26)
Gestartet von C:\Users\Sven\Downloads
Geladene Profile: Sven &  (Verfügbare Profile: Sven)
Platform: Windows 10 Home Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(AMD) C:\Windows\System32\atieclxx.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.201.11370.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.0_none_95e4f9a171a1ad95\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2793016 2013-09-05] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [154680 2013-09-05] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [154680 2013-09-05] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-06-04] (IDT, Inc.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-08-22] (Hewlett-Packard )
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [803200 2015-12-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-19] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2016-01-28] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2016-01-28] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [455392 2015-04-10] (Sony)
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001\...\Run: [AviraSpeedup] => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup_internetsecuritysuite.exe [5395704 2014-11-24] (Avira)
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2016-01-28] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [455392 2015-04-10] (Sony)
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AviraSpeedup] => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup_internetsecuritysuite.exe [5395704 2014-11-24] (Avira)
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2016-01-28] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [455392 2015-04-10] (Sony)
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [AviraSpeedup] => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup_internetsecuritysuite.exe [5395704 2014-11-24] (Avira)
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2016-01-28] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2016-01-28] (Garmin Ltd. or its subsidiaries)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{1c8f6359-ea3a-4a45-89e9-c1bec74245c9}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK14/4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK14/4
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK14/4
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPDSK14/4
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK14/4
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPDSK14/4
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK14/4
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPDSK14/4
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {22C7A57A-4D2D-4DAD-B778-32C842155EB9} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {22C7A57A-4D2D-4DAD-B778-32C842155EB9} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3896469874-4053130608-2395046965-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3896469874-4053130608-2395046965-1001 -> {22C7A57A-4D2D-4DAD-B778-32C842155EB9} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3896469874-4053130608-2395046965-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3896469874-4053130608-2395046965-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3896469874-4053130608-2395046965-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {22C7A57A-4D2D-4DAD-B778-32C842155EB9} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3896469874-4053130608-2395046965-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3896469874-4053130608-2395046965-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3896469874-4053130608-2395046965-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {22C7A57A-4D2D-4DAD-B778-32C842155EB9} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3896469874-4053130608-2395046965-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19] (Hewlett-Packard Company)
Toolbar: HKLM - Kein Name - {41564952-412D-5637-4300-7A786E7484D7} -  Keine Datei
Toolbar: HKLM-x32 - Kein Name - {41564952-412D-5637-4300-7A786E7484D7} -  Keine Datei

FireFox:
========
FF ProfilePath: C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\kw99fd1p.default
FF Homepage: hxxps://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-09] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-09] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-08-13] (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3896469874-4053130608-2395046965-1001: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2015-05-29] (Sony Network Entertainment International LLC)
FF Plugin HKU\S-1-5-21-3896469874-4053130608-2395046965-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2015-05-29] (Sony Network Entertainment International LLC)
FF Plugin HKU\S-1-5-21-3896469874-4053130608-2395046965-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2015-05-29] (Sony Network Entertainment International LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files (x86)\Sony\Media Go\MediaGoDetector.crx" <nicht gefunden>

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-11-04] (Advanced Micro Devices, Inc.)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [948392 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [466408 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [466408 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1418560 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-09-05] () [Datei ist nicht signiert]
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink)
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [803856 2016-01-28] (Garmin Ltd. or its subsidiaries)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-09-05] (Softex Inc.) [Datei ist nicht signiert]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) [Datei ist nicht signiert]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [333824 2013-06-04] (IDT, Inc.) [Datei ist nicht signiert]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [135880 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [146696 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [73032 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-11] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402136 2016-01-18] (Realsil Semiconductor Corporation)
U5 usbfilter; C:\Windows\System32\Drivers\usbfilter.sys [58536 2012-08-29] (Advanced Micro Devices)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 RSUSBSTOR; \SystemRoot\System32\Drivers\RtsUStor.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-02-11 15:36 - 2016-02-11 15:38 - 02870984 _____ (ESET) C:\Users\Sven\Downloads\esetsmartinstaller_deu.exe
2016-02-11 14:52 - 2016-02-11 15:06 - 00000000 ____D C:\ProgramData\HitmanPro
2016-02-11 14:50 - 2016-02-11 14:52 - 11443792 _____ (SurfRight B.V.) C:\Users\Sven\Downloads\HitmanPro_x64.exe
2016-02-11 14:40 - 2016-02-11 14:40 - 00000000 ___HD C:\OneDriveTemp
2016-02-09 20:40 - 2016-01-29 07:57 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-02-09 20:40 - 2016-01-29 07:33 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-02-09 20:40 - 2016-01-27 07:15 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-02-09 20:40 - 2016-01-27 07:15 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-02-09 20:40 - 2016-01-27 07:01 - 07476064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-02-09 20:40 - 2016-01-27 07:01 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-02-09 20:40 - 2016-01-27 07:01 - 01819720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-02-09 20:40 - 2016-01-27 06:59 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-02-09 20:40 - 2016-01-27 06:57 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-02-09 20:40 - 2016-01-27 06:57 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-02-09 20:40 - 2016-01-27 06:57 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-02-09 20:40 - 2016-01-27 06:56 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-02-09 20:40 - 2016-01-27 06:55 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-02-09 20:40 - 2016-01-27 06:55 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
2016-02-09 20:40 - 2016-01-27 06:54 - 00295264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-02-09 20:40 - 2016-01-27 06:46 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-09 20:40 - 2016-01-27 06:46 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-09 20:40 - 2016-01-27 06:45 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-02-09 20:40 - 2016-01-27 06:45 - 06605544 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-02-09 20:40 - 2016-01-27 06:44 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-02-09 20:40 - 2016-01-27 06:44 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
2016-02-09 20:40 - 2016-01-27 06:43 - 00359776 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-02-09 20:40 - 2016-01-27 06:37 - 01998176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-02-09 20:40 - 2016-01-27 06:37 - 00576352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-02-09 20:40 - 2016-01-27 06:21 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-02-09 20:40 - 2016-01-27 06:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
2016-02-09 20:40 - 2016-01-27 06:13 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-02-09 20:40 - 2016-01-27 06:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-02-09 20:40 - 2016-01-27 06:11 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-02-09 20:40 - 2016-01-27 06:10 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-02-09 20:40 - 2016-01-27 06:10 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-02-09 20:40 - 2016-01-27 06:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-09 20:40 - 2016-01-27 06:08 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
2016-02-09 20:40 - 2016-01-27 06:07 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll
2016-02-09 20:40 - 2016-01-27 06:05 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-02-09 20:40 - 2016-01-27 06:05 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-02-09 20:40 - 2016-01-27 06:05 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-02-09 20:40 - 2016-01-27 06:05 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-02-09 20:40 - 2016-01-27 06:04 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-02-09 20:40 - 2016-01-27 06:04 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-02-09 20:40 - 2016-01-27 06:03 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-02-09 20:40 - 2016-01-27 06:02 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-02-09 20:40 - 2016-01-27 06:01 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-02-09 20:40 - 2016-01-27 05:59 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll
2016-02-09 20:40 - 2016-01-27 05:58 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-02-09 20:40 - 2016-01-27 05:57 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-02-09 20:40 - 2016-01-27 05:55 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-02-09 20:40 - 2016-01-27 05:55 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-02-09 20:40 - 2016-01-27 05:54 - 24603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-02-09 20:40 - 2016-01-27 05:52 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-02-09 20:40 - 2016-01-27 05:50 - 02230784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-02-09 20:40 - 2016-01-27 05:50 - 01504768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-02-09 20:40 - 2016-01-27 05:50 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-02-09 20:40 - 2016-01-27 05:49 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-02-09 20:40 - 2016-01-27 05:48 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-02-09 20:40 - 2016-01-27 05:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll
2016-02-09 20:40 - 2016-01-27 05:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-02-09 20:40 - 2016-01-27 05:41 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-02-09 20:40 - 2016-01-27 05:39 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-02-09 20:40 - 2016-01-27 05:38 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-02-09 20:40 - 2016-01-27 05:38 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-02-09 20:40 - 2016-01-27 05:37 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-02-09 20:40 - 2016-01-27 05:36 - 02757120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-02-09 20:40 - 2016-01-27 05:32 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-02-09 20:40 - 2016-01-27 05:31 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
2016-02-09 20:36 - 2016-02-09 20:39 - 00036218 _____ C:\Users\Sven\Downloads\SystemLook.txt
2016-02-09 20:35 - 2016-02-09 20:35 - 00000686 _____ C:\Users\Sven\Desktop\SystemLook_x64 - Verknüpfung.lnk
2016-02-09 20:33 - 2016-02-09 20:35 - 00165376 _____ C:\Users\Sven\Downloads\SystemLook_x64.exe
2016-02-09 20:30 - 2016-02-09 20:30 - 00001183 _____ C:\Users\Sven\Desktop\mbam.txt
2016-02-09 19:37 - 2016-02-09 19:37 - 01508352 _____ C:\Users\Sven\Downloads\adwcleaner_5.033(2).exe
2016-02-08 18:33 - 2016-02-08 18:42 - 00090344 _____ C:\TDSSKiller.3.1.0.9_08.02.2016_18.33.56_log.txt
2016-02-08 18:33 - 2016-02-08 18:33 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Sven\Downloads\tdsskiller.exe
2016-02-08 18:24 - 2016-02-11 15:26 - 00048586 _____ C:\Users\Sven\Downloads\Addition.txt
2016-02-08 18:23 - 2016-02-11 17:27 - 00022445 _____ C:\Users\Sven\Downloads\FRST.txt
2016-02-08 18:22 - 2016-02-11 17:27 - 00000000 ____D C:\FRST
2016-02-08 18:21 - 2016-02-08 18:22 - 02370560 _____ (Farbar) C:\Users\Sven\Downloads\FRST64.exe
2016-02-08 17:42 - 2016-02-08 17:42 - 00001993 _____ C:\Malwarebyte scan.txt
2016-02-08 17:29 - 2016-02-11 15:16 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-02-08 17:28 - 2016-02-08 17:28 - 00001182 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-02-08 17:28 - 2016-02-08 17:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-02-08 17:28 - 2016-02-08 17:28 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-02-08 17:28 - 2016-02-08 17:28 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2016-02-08 17:28 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-02-08 17:28 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-02-08 17:28 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-02-08 17:27 - 2016-02-08 17:27 - 01466656 _____ C:\Users\Sven\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2016-02-07 21:23 - 2016-02-07 21:24 - 01508352 _____ C:\Users\Sven\Downloads\adwcleaner_5.033(1).exe
2016-02-07 20:08 - 2016-02-07 20:08 - 00000000 ____D C:\Program Files\Common Files\AV
2016-02-07 20:08 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2016-02-07 20:07 - 2016-02-07 21:17 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-02-07 20:07 - 2016-02-07 20:08 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-02-07 20:07 - 2016-02-07 20:07 - 00001471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-02-07 20:07 - 2016-02-07 20:07 - 00001459 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-02-07 20:07 - 2016-02-07 20:07 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2016-02-07 20:07 - 2016-02-07 20:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-02-07 20:07 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2016-02-07 20:05 - 2016-02-07 20:06 - 01466656 _____ C:\Users\Sven\Downloads\SpyBot Search Destroy - CHIP-Installer.exe
2016-02-07 19:52 - 2016-02-07 19:53 - 00246532 _____ C:\WINDOWS\Minidump\020716-31531-01.dmp
2016-02-07 19:52 - 2016-02-07 19:52 - 976396273 _____ C:\WINDOWS\MEMORY.DMP
2016-02-07 19:52 - 2016-02-07 19:52 - 00000000 ____D C:\WINDOWS\Minidump
2016-02-07 19:39 - 2016-02-09 19:39 - 00000000 ____D C:\AdwCleaner
2016-02-07 19:38 - 2016-02-07 19:39 - 01508352 _____ C:\Users\Sven\Downloads\adwcleaner_5.033.exe
2016-02-07 18:56 - 2016-02-07 18:57 - 00464924 _____ C:\Users\Sven\Downloads\JavaRa.def
2016-02-07 18:56 - 2016-02-07 18:56 - 00002250 _____ C:\Users\Sven\Desktop\JavaRa - CHIP Downloader.lnk
2016-02-07 18:54 - 2016-02-07 18:54 - 00184620 _____ C:\Users\Sven\Downloads\JavaRa-2.6.1.zip
2016-02-07 18:53 - 2016-02-07 18:53 - 01466656 _____ C:\Users\Sven\Downloads\JavaRa - CHIP-Installer.exe
2016-02-04 17:46 - 2015-09-22 09:46 - 00072286 _____ C:\Users\Sven\Downloads\WT_2015_Bewertungsbogen.pdf
2016-02-04 17:46 - 2015-06-24 11:48 - 03664019 _____ C:\Users\Sven\Downloads\WT_2015_Folien.pdf
2016-02-04 17:45 - 2015-09-22 09:30 - 00179339 _____ C:\Users\Sven\Downloads\WT 2015_Termine.pdf
2016-02-04 17:45 - 2015-09-22 09:23 - 00177113 _____ C:\Users\Sven\Downloads\WT 2015_Anschreiben Jugendwarte.pdf
2016-02-04 17:45 - 2015-06-24 11:46 - 01306973 _____ C:\Users\Sven\Downloads\WT_2015_Beihefter.pdf
2016-01-28 20:29 - 2016-01-28 20:29 - 00000000 ____D C:\WINDOWS\PCHEALTH
2016-01-28 20:27 - 2016-01-16 07:36 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-28 20:27 - 2016-01-16 07:36 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-28 20:27 - 2016-01-16 07:34 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-28 20:27 - 2016-01-16 07:24 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2016-01-28 20:27 - 2016-01-16 07:23 - 08728920 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-01-28 20:27 - 2016-01-16 07:23 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-28 20:27 - 2016-01-16 07:23 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-28 20:27 - 2016-01-16 07:23 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-01-28 20:27 - 2016-01-16 07:23 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-01-28 20:27 - 2016-01-16 07:21 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2016-01-28 20:27 - 2016-01-16 07:20 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-01-28 20:27 - 2016-01-16 07:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-28 20:27 - 2016-01-16 07:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2016-01-28 20:27 - 2016-01-16 07:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-28 20:27 - 2016-01-16 07:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-01-28 20:27 - 2016-01-16 07:12 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-01-28 20:27 - 2016-01-16 07:09 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-01-28 20:27 - 2016-01-16 07:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-01-28 20:27 - 2016-01-16 07:08 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-01-28 20:27 - 2016-01-16 06:45 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-28 20:27 - 2016-01-16 06:38 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-01-28 20:27 - 2016-01-16 06:38 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
2016-01-28 20:27 - 2016-01-16 06:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-01-28 20:27 - 2016-01-16 06:37 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-01-28 20:27 - 2016-01-16 06:36 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-28 20:27 - 2016-01-16 06:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-01-28 20:27 - 2016-01-16 06:36 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
2016-01-28 20:27 - 2016-01-16 06:35 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-01-28 20:27 - 2016-01-16 06:35 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-01-28 20:27 - 2016-01-16 06:34 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-01-28 20:27 - 2016-01-16 06:34 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2016-01-28 20:27 - 2016-01-16 06:34 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-01-28 20:27 - 2016-01-16 06:33 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2016-01-28 20:27 - 2016-01-16 06:32 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-01-28 20:27 - 2016-01-16 06:31 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-01-28 20:27 - 2016-01-16 06:31 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-01-28 20:27 - 2016-01-16 06:31 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-01-28 20:27 - 2016-01-16 06:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-01-28 20:27 - 2016-01-16 06:30 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-01-28 20:27 - 2016-01-16 06:30 - 01053696 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-01-28 20:27 - 2016-01-16 06:30 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-01-28 20:27 - 2016-01-16 06:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll
2016-01-28 20:27 - 2016-01-16 06:29 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-01-28 20:27 - 2016-01-16 06:29 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-01-28 20:27 - 2016-01-16 06:28 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-01-28 20:27 - 2016-01-16 06:28 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-01-28 20:27 - 2016-01-16 06:28 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2016-01-28 20:27 - 2016-01-16 06:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll
2016-01-28 20:27 - 2016-01-16 06:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-01-28 20:27 - 2016-01-16 06:26 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-01-28 20:27 - 2016-01-16 06:26 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll
2016-01-28 20:27 - 2016-01-16 06:25 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-01-28 20:27 - 2016-01-16 06:24 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-01-28 20:27 - 2016-01-16 06:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-01-28 20:27 - 2016-01-16 06:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-01-28 20:27 - 2016-01-16 06:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-01-28 20:27 - 2016-01-16 06:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-01-28 20:27 - 2016-01-16 06:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-01-28 20:27 - 2016-01-16 06:21 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-01-28 20:27 - 2016-01-16 06:20 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-01-28 20:27 - 2016-01-16 06:20 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-01-28 20:27 - 2016-01-16 06:20 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-01-28 20:27 - 2016-01-16 06:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2016-01-28 20:27 - 2016-01-16 06:19 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-01-28 20:27 - 2016-01-16 06:19 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-01-28 20:27 - 2016-01-16 06:18 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-28 20:27 - 2016-01-16 06:17 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-01-28 20:27 - 2016-01-16 06:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-01-28 20:27 - 2016-01-16 06:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-28 20:27 - 2016-01-16 06:15 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-01-28 20:27 - 2016-01-16 06:14 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-01-28 20:27 - 2016-01-16 06:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-01-28 20:27 - 2016-01-05 03:50 - 00671472 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-28 20:27 - 2016-01-05 03:48 - 00499432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-28 20:27 - 2016-01-05 03:45 - 02587696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-01-28 20:27 - 2016-01-05 03:42 - 02026736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-01-28 20:27 - 2016-01-05 03:37 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-01-28 20:27 - 2016-01-05 03:37 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-01-28 20:27 - 2016-01-05 03:37 - 00858952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-01-28 20:27 - 2016-01-05 03:37 - 00245840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-01-28 20:27 - 2016-01-05 03:37 - 00234504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2016-01-28 20:27 - 2016-01-05 03:36 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-01-28 20:27 - 2016-01-05 03:33 - 02180128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-28 20:27 - 2016-01-05 03:33 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-28 20:27 - 2016-01-05 03:33 - 00701384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-28 20:27 - 2016-01-05 03:33 - 00208176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2016-01-28 20:27 - 2016-01-05 03:33 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-01-28 20:27 - 2016-01-05 03:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-01-28 20:27 - 2016-01-05 03:27 - 01594408 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-28 20:27 - 2016-01-05 03:24 - 00796352 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-01-28 20:27 - 2016-01-05 03:23 - 01804664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-01-28 20:27 - 2016-01-05 03:23 - 01309376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-01-28 20:27 - 2016-01-05 03:23 - 00786696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-01-28 20:27 - 2016-01-05 03:21 - 01371792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-28 20:27 - 2016-01-05 03:17 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-28 20:27 - 2016-01-05 02:54 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-01-28 20:27 - 2016-01-05 02:53 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2016-01-28 20:27 - 2016-01-05 02:50 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-01-28 20:27 - 2016-01-05 02:50 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-01-28 20:27 - 2016-01-05 02:49 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-01-28 20:27 - 2016-01-05 02:49 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2016-01-28 20:27 - 2016-01-05 02:49 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommon.dll
2016-01-28 20:27 - 2016-01-05 02:48 - 01009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-01-28 20:27 - 2016-01-05 02:48 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-01-28 20:27 - 2016-01-05 02:47 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-01-28 20:27 - 2016-01-05 02:47 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-01-28 20:27 - 2016-01-05 02:45 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-01-28 20:27 - 2016-01-05 02:45 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-01-28 20:27 - 2016-01-05 02:44 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2016-01-28 20:27 - 2016-01-05 02:43 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-01-28 20:27 - 2016-01-05 02:43 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-01-28 20:27 - 2016-01-05 02:41 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-28 20:27 - 2016-01-05 02:41 - 00558592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-01-28 20:27 - 2016-01-05 02:40 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-28 20:27 - 2016-01-05 02:40 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll
2016-01-28 20:27 - 2016-01-05 02:39 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-01-28 20:27 - 2016-01-05 02:39 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-28 20:27 - 2016-01-05 02:39 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-01-28 20:27 - 2016-01-05 02:38 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-28 20:27 - 2016-01-05 02:36 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-01-28 20:27 - 2016-01-05 02:30 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-01-28 20:26 - 2016-01-16 07:37 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-01-28 20:26 - 2016-01-16 07:23 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-01-28 20:26 - 2016-01-16 07:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-01-28 20:26 - 2016-01-16 06:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-01-28 20:26 - 2016-01-16 06:44 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-01-28 20:26 - 2016-01-16 06:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
2016-01-28 20:26 - 2016-01-16 06:44 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2016-01-28 20:26 - 2016-01-16 06:43 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
2016-01-28 20:26 - 2016-01-16 06:42 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-01-28 20:26 - 2016-01-16 06:42 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
2016-01-28 20:26 - 2016-01-16 06:41 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-01-28 20:26 - 2016-01-16 06:40 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2016-01-28 20:26 - 2016-01-16 06:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2016-01-28 20:26 - 2016-01-16 06:40 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
2016-01-28 20:26 - 2016-01-16 06:39 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2016-01-28 20:26 - 2016-01-16 06:38 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-01-28 20:26 - 2016-01-16 06:38 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
2016-01-28 20:26 - 2016-01-16 06:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-01-28 20:26 - 2016-01-16 06:37 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-01-28 20:26 - 2016-01-16 06:36 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2016-01-28 20:26 - 2016-01-16 06:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2016-01-28 20:26 - 2016-01-16 06:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll
2016-01-28 20:26 - 2016-01-16 06:34 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-01-28 20:26 - 2016-01-16 06:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
2016-01-28 20:26 - 2016-01-16 06:33 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2016-01-28 20:26 - 2016-01-16 06:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-01-28 20:26 - 2016-01-16 06:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2016-01-28 20:26 - 2016-01-16 06:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe
2016-01-28 20:26 - 2016-01-16 06:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll
2016-01-28 20:26 - 2016-01-16 06:26 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-01-28 20:26 - 2016-01-16 06:26 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-01-28 20:26 - 2016-01-16 06:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2016-01-28 20:26 - 2016-01-16 06:25 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-01-28 20:26 - 2016-01-16 06:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-01-28 20:26 - 2016-01-16 06:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-01-28 20:26 - 2016-01-16 06:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-01-28 20:26 - 2016-01-05 03:51 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-01-28 20:26 - 2016-01-05 03:51 - 01141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-01-28 20:26 - 2016-01-05 03:23 - 00119320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-01-28 20:26 - 2016-01-05 03:16 - 00100160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-28 20:26 - 2016-01-05 02:57 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMSRoamingSecurity.dll
2016-01-28 20:26 - 2016-01-05 02:57 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
2016-01-28 20:26 - 2016-01-05 02:56 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-01-28 20:26 - 2016-01-05 02:52 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-01-28 20:26 - 2016-01-05 02:51 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-01-28 20:26 - 2016-01-05 02:51 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-01-28 20:26 - 2016-01-05 02:49 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-01-28 20:26 - 2016-01-05 02:48 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll
2016-01-28 20:26 - 2016-01-05 02:47 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-01-28 20:26 - 2016-01-05 02:43 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-01-28 20:26 - 2016-01-05 02:42 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-01-28 20:26 - 2016-01-05 02:39 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-28 20:26 - 2016-01-05 02:36 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-01-27 20:43 - 2016-01-31 13:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-23 16:25 - 2016-02-09 21:17 - 00003870 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-01-23 16:24 - 2016-02-11 17:17 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-19 06:18 - 2016-01-19 06:18 - 00023098 _____ C:\Users\Sven\Downloads\LbsGeschichte.odt
2016-01-18 16:01 - 2016-01-18 16:01 - 00000000 ____D C:\Program Files (x86)\Realtek
2016-01-18 16:01 - 2016-01-18 16:00 - 09890008 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RsCRIcon.dll
2016-01-18 16:01 - 2016-01-18 16:00 - 00402136 _____ (Realsil Semiconductor Corporation) C:\WINDOWS\system32\Drivers\RtsUer.sys
2016-01-18 16:01 - 2016-01-18 16:00 - 00083160 _____ (Realtek Semiconductor.) C:\WINDOWS\system32\RtCRX64.dll

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-02-11 15:23 - 2014-03-14 08:53 - 00003608 _____ C:\WINDOWS\System32\Tasks\FileAdvisorCheck
2016-02-11 15:23 - 2014-03-14 08:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Type Advisor
2016-02-11 15:23 - 2014-03-14 08:53 - 00000000 ____D C:\Program Files (x86)\File Type Advisor
2016-02-11 14:43 - 2014-03-01 13:00 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B7B440A6-BB0D-44B9-BB3E-0513485A3D83}
2016-02-11 14:40 - 2014-03-01 12:51 - 00000000 __RDO C:\Users\Sven\SkyDrive
2016-02-10 20:45 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-10 14:08 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-10 13:59 - 2015-12-16 13:05 - 02003182 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-10 13:59 - 2015-10-30 19:35 - 00852510 _____ C:\WINDOWS\system32\perfh007.dat
2016-02-10 13:59 - 2015-10-30 19:35 - 00187736 _____ C:\WINDOWS\system32\perfc007.dat
2016-02-10 13:59 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2016-02-10 13:16 - 2015-12-16 13:05 - 00000000 ____D C:\Users\Sven
2016-02-10 13:11 - 2015-12-16 13:31 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-09 21:12 - 2014-03-01 12:36 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-02-09 21:10 - 2015-10-30 07:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-02-09 21:09 - 2015-10-30 19:44 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-09 20:48 - 2014-03-03 14:47 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-09 20:45 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-09 20:45 - 2014-03-03 14:47 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-08 17:43 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\L2Schemas
2016-02-07 21:28 - 2015-10-30 07:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-02-07 19:00 - 2014-03-22 08:53 - 00000000 ____D C:\Users\Sven\AppData\Roaming\FileAdvisor
2016-02-05 13:36 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\rescache
2016-02-05 12:38 - 2015-12-27 18:42 - 00003230 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForSven
2016-02-05 12:38 - 2015-12-27 18:42 - 00000342 _____ C:\WINDOWS\Tasks\HPCeeScheduleForSven.job
2016-02-05 11:34 - 2014-06-10 19:14 - 00000000 ____D C:\Users\Sven\Documents\Feuerwehrverein
2016-02-03 20:01 - 2015-10-30 08:26 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-02-03 20:01 - 2015-10-30 08:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-02 20:10 - 2014-10-12 15:12 - 00000000 ____D C:\Users\Sven\AppData\Roaming\vlc
2016-02-02 15:49 - 2015-12-16 13:02 - 00000000 ____D C:\ProgramData\Package Cache
2016-02-02 15:48 - 2015-05-13 06:56 - 00003624 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask
2016-02-02 15:48 - 2015-05-13 06:56 - 00001970 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2016-02-02 15:48 - 2015-05-13 06:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2016-02-02 15:48 - 2015-05-13 06:56 - 00000000 ____D C:\Program Files (x86)\Garmin
2016-01-31 15:06 - 2014-03-01 14:57 - 00000000 ____D C:\Users\Sven\AppData\Roaming\XnView
2016-01-31 13:17 - 2014-03-01 13:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-30 22:09 - 2015-10-30 08:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-01-30 22:09 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-01-30 22:09 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-01-30 22:09 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-01-30 22:09 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-01-30 22:09 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-30 22:09 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-01-23 16:25 - 2014-03-01 18:31 - 00000000 ____D C:\Users\Sven\AppData\Local\Adobe
2016-01-18 16:01 - 2014-02-05 07:00 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2016-01-18 16:00 - 2013-09-03 05:57 - 00000000 ____D C:\SWSETUP
2016-01-15 13:44 - 2016-01-01 13:01 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-15 13:44 - 2014-12-26 16:21 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-10-04 12:55 - 2014-10-11 14:58 - 0005120 _____ () C:\Users\Sven\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-03 12:33 - 2014-05-03 12:33 - 0009046 _____ () C:\Users\Sven\AppData\Local\recently-used.xbel
2014-03-14 09:02 - 2014-03-14 09:02 - 0001534 _____ () C:\ProgramData\ss.ini

Einige Dateien in TEMP:
====================
C:\Users\Sven\AppData\Local\Temp\avgnt.exe
C:\Users\Sven\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-02-09 20:43

==================== Ende von FRST.txt ============================
         
Wie oben schon erwähnt, habe ich eigentlich (noch) keine Probleme!
Ich habe lediglich dummerweise eine ZIP-Datei mit einem Javascript (nannte sich invoice-scan-YJJfMw.docx) entpackt. Habe ja oben mal eine pdf mit der WORD-Version an gehängt.
Jetzt habe ich halt tierisch Panik, das ich mir was eingefangen habe und mein Konto noch kleiner wird, wie es eh schon ist! Mein "Großer" hat gesagt, das schaut aus wie etwas, das Tastatureingaben speichern soll. Naja, und da hab ich mal bei euch um Hilfe gebeten. Hab doch von so´n Scheiß keeeen Plan...

Gruß Sven

Alt 11.02.2016, 21:00   #13
M-K-D-B
/// TB-Ausbilder
 
Zip Datei entpakt, welche ein Javaskript enthält! Und nun? - Standard

Zip Datei entpakt, welche ein Javaskript enthält! Und nun?



Servus,


bisher haben wir nur etwas Adware gefunden, nichts gefährliches.

führe bitte nochmal den FRST-Fix aus, das hast du nämlich noch nicht gemacht (Schritt 1).
Poste mir die Logdatei des Fix.


Dann nochmal FRST-Scan wie in Schritt 4 beschrieben.

Alt 11.02.2016, 21:39   #14
SvenFeuer
 
Zip Datei entpakt, welche ein Javaskript enthält! Und nun? - Standard

Zip Datei entpakt, welche ein Javaskript enthält! Und nun?



Ok, ich hoffe das ist das richtige. Mehr kommt net...
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
durchgeführt von Sven (Administrator) auf PCSASV (11-02-2016 21:27:13)
Gestartet von C:\Users\Sven\Downloads
Geladene Profile: Sven &  (Verfügbare Profile: Sven)
Platform: Windows 10 Home Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(AMD) C:\Windows\System32\atieclxx.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2793016 2013-09-05] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [154680 2013-09-05] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [154680 2013-09-05] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-06-04] (IDT, Inc.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-08-22] (Hewlett-Packard )
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [803200 2015-12-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-19] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2016-01-28] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2016-01-28] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [455392 2015-04-10] (Sony)
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001\...\Run: [AviraSpeedup] => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup_internetsecuritysuite.exe [5395704 2014-11-24] (Avira)
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2016-01-28] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001\...\RunOnce: [Uninstall C:\Users\Sven\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Sven\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001\...\RunOnce: [Uninstall C:\Users\Sven\AppData\Local\Microsoft\OneDrive\17.3.6281.1202] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Sven\AppData\Local\Microsoft\OneDrive\17.3.6281.1202"
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [455392 2015-04-10] (Sony)
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AviraSpeedup] => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup_internetsecuritysuite.exe [5395704 2014-11-24] (Avira)
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2016-01-28] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [455392 2015-04-10] (Sony)
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [AviraSpeedup] => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup_internetsecuritysuite.exe [5395704 2014-11-24] (Avira)
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2016-01-28] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2016-01-28] (Garmin Ltd. or its subsidiaries)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{1c8f6359-ea3a-4a45-89e9-c1bec74245c9}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK14/4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK14/4
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK14/4
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPDSK14/4
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK14/4
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPDSK14/4
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK14/4
HKU\S-1-5-21-3896469874-4053130608-2395046965-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPDSK14/4
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {22C7A57A-4D2D-4DAD-B778-32C842155EB9} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {22C7A57A-4D2D-4DAD-B778-32C842155EB9} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3896469874-4053130608-2395046965-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3896469874-4053130608-2395046965-1001 -> {22C7A57A-4D2D-4DAD-B778-32C842155EB9} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3896469874-4053130608-2395046965-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3896469874-4053130608-2395046965-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3896469874-4053130608-2395046965-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {22C7A57A-4D2D-4DAD-B778-32C842155EB9} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3896469874-4053130608-2395046965-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3896469874-4053130608-2395046965-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3896469874-4053130608-2395046965-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {22C7A57A-4D2D-4DAD-B778-32C842155EB9} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3896469874-4053130608-2395046965-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19] (Hewlett-Packard Company)
Toolbar: HKLM - Kein Name - {41564952-412D-5637-4300-7A786E7484D7} -  Keine Datei
Toolbar: HKLM-x32 - Kein Name - {41564952-412D-5637-4300-7A786E7484D7} -  Keine Datei

FireFox:
========
FF ProfilePath: C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\kw99fd1p.default
FF Homepage: hxxps://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-09] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-09] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-08-13] (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3896469874-4053130608-2395046965-1001: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2015-05-29] (Sony Network Entertainment International LLC)
FF Plugin HKU\S-1-5-21-3896469874-4053130608-2395046965-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2015-05-29] (Sony Network Entertainment International LLC)
FF Plugin HKU\S-1-5-21-3896469874-4053130608-2395046965-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2015-05-29] (Sony Network Entertainment International LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files (x86)\Sony\Media Go\MediaGoDetector.crx" <nicht gefunden>

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-11-04] (Advanced Micro Devices, Inc.)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [948392 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [466408 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [466408 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1418560 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-09-05] () [Datei ist nicht signiert]
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink)
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [803856 2016-01-28] (Garmin Ltd. or its subsidiaries)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-09-05] (Softex Inc.) [Datei ist nicht signiert]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) [Datei ist nicht signiert]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [333824 2013-06-04] (IDT, Inc.) [Datei ist nicht signiert]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [135880 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [146696 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [73032 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-11] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402136 2016-01-18] (Realsil Semiconductor Corporation)
U5 usbfilter; C:\Windows\System32\Drivers\usbfilter.sys [58536 2012-08-29] (Advanced Micro Devices)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 RSUSBSTOR; \SystemRoot\System32\Drivers\RtsUStor.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-02-11 21:15 - 2016-02-11 21:15 - 00000000 ___HD C:\OneDriveTemp
2016-02-11 18:15 - 2016-02-11 18:16 - 00087722 _____ C:\TDSSKiller.3.1.0.9_11.02.2016_18.15.28_log.txt
2016-02-11 14:52 - 2016-02-11 15:06 - 00000000 ____D C:\ProgramData\HitmanPro
2016-02-11 14:50 - 2016-02-11 14:52 - 11443792 _____ (SurfRight B.V.) C:\Users\Sven\Downloads\HitmanPro_x64.exe
2016-02-09 20:40 - 2016-01-29 07:57 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-02-09 20:40 - 2016-01-29 07:33 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-02-09 20:40 - 2016-01-27 07:15 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-02-09 20:40 - 2016-01-27 07:15 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-02-09 20:40 - 2016-01-27 07:01 - 07476064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-02-09 20:40 - 2016-01-27 07:01 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-02-09 20:40 - 2016-01-27 07:01 - 01819720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-02-09 20:40 - 2016-01-27 06:59 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-02-09 20:40 - 2016-01-27 06:57 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-02-09 20:40 - 2016-01-27 06:57 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-02-09 20:40 - 2016-01-27 06:57 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-02-09 20:40 - 2016-01-27 06:56 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-02-09 20:40 - 2016-01-27 06:55 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-02-09 20:40 - 2016-01-27 06:55 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
2016-02-09 20:40 - 2016-01-27 06:54 - 00295264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-02-09 20:40 - 2016-01-27 06:46 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-09 20:40 - 2016-01-27 06:46 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-09 20:40 - 2016-01-27 06:45 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-02-09 20:40 - 2016-01-27 06:45 - 06605544 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-02-09 20:40 - 2016-01-27 06:44 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-02-09 20:40 - 2016-01-27 06:44 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
2016-02-09 20:40 - 2016-01-27 06:43 - 00359776 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-02-09 20:40 - 2016-01-27 06:37 - 01998176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-02-09 20:40 - 2016-01-27 06:37 - 00576352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-02-09 20:40 - 2016-01-27 06:21 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-02-09 20:40 - 2016-01-27 06:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
2016-02-09 20:40 - 2016-01-27 06:13 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-02-09 20:40 - 2016-01-27 06:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-02-09 20:40 - 2016-01-27 06:11 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-02-09 20:40 - 2016-01-27 06:10 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-02-09 20:40 - 2016-01-27 06:10 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-02-09 20:40 - 2016-01-27 06:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-09 20:40 - 2016-01-27 06:08 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
2016-02-09 20:40 - 2016-01-27 06:07 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll
2016-02-09 20:40 - 2016-01-27 06:05 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-02-09 20:40 - 2016-01-27 06:05 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-02-09 20:40 - 2016-01-27 06:05 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-02-09 20:40 - 2016-01-27 06:05 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-02-09 20:40 - 2016-01-27 06:04 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-02-09 20:40 - 2016-01-27 06:04 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-02-09 20:40 - 2016-01-27 06:03 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-02-09 20:40 - 2016-01-27 06:02 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-02-09 20:40 - 2016-01-27 06:01 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-02-09 20:40 - 2016-01-27 05:59 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll
2016-02-09 20:40 - 2016-01-27 05:58 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-02-09 20:40 - 2016-01-27 05:57 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-02-09 20:40 - 2016-01-27 05:55 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-02-09 20:40 - 2016-01-27 05:55 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-02-09 20:40 - 2016-01-27 05:54 - 24603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-02-09 20:40 - 2016-01-27 05:52 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-02-09 20:40 - 2016-01-27 05:50 - 02230784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-02-09 20:40 - 2016-01-27 05:50 - 01504768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-02-09 20:40 - 2016-01-27 05:50 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-02-09 20:40 - 2016-01-27 05:49 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-02-09 20:40 - 2016-01-27 05:48 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-02-09 20:40 - 2016-01-27 05:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll
2016-02-09 20:40 - 2016-01-27 05:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-02-09 20:40 - 2016-01-27 05:41 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-02-09 20:40 - 2016-01-27 05:39 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-02-09 20:40 - 2016-01-27 05:38 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-02-09 20:40 - 2016-01-27 05:38 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-02-09 20:40 - 2016-01-27 05:37 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-02-09 20:40 - 2016-01-27 05:36 - 02757120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-02-09 20:40 - 2016-01-27 05:32 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-02-09 20:40 - 2016-01-27 05:31 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
2016-02-09 20:36 - 2016-02-09 20:39 - 00036218 _____ C:\Users\Sven\Downloads\SystemLook.txt
2016-02-09 20:35 - 2016-02-09 20:35 - 00000686 _____ C:\Users\Sven\Desktop\SystemLook_x64 - Verknüpfung.lnk
2016-02-09 20:33 - 2016-02-09 20:35 - 00165376 _____ C:\Users\Sven\Downloads\SystemLook_x64.exe
2016-02-09 20:30 - 2016-02-09 20:30 - 00001183 _____ C:\Users\Sven\Desktop\mbam.txt
2016-02-09 19:37 - 2016-02-09 19:37 - 01508352 _____ C:\Users\Sven\Downloads\adwcleaner_5.033(2).exe
2016-02-08 18:33 - 2016-02-08 18:42 - 00090344 _____ C:\TDSSKiller.3.1.0.9_08.02.2016_18.33.56_log.txt
2016-02-08 18:33 - 2016-02-08 18:33 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Sven\Downloads\tdsskiller.exe
2016-02-08 18:24 - 2016-02-11 17:28 - 00047770 _____ C:\Users\Sven\Downloads\Addition.txt
2016-02-08 18:23 - 2016-02-11 21:27 - 00022779 _____ C:\Users\Sven\Downloads\FRST.txt
2016-02-08 18:22 - 2016-02-11 21:27 - 00000000 ____D C:\FRST
2016-02-08 18:21 - 2016-02-08 18:22 - 02370560 _____ (Farbar) C:\Users\Sven\Downloads\FRST64.exe
2016-02-08 17:42 - 2016-02-08 17:42 - 00001993 _____ C:\Malwarebyte scan.txt
2016-02-08 17:29 - 2016-02-11 21:16 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-02-08 17:28 - 2016-02-08 17:28 - 00001182 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-02-08 17:28 - 2016-02-08 17:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-02-08 17:28 - 2016-02-08 17:28 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-02-08 17:28 - 2016-02-08 17:28 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2016-02-08 17:28 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-02-08 17:28 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-02-08 17:28 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-02-08 17:27 - 2016-02-08 17:27 - 01466656 _____ C:\Users\Sven\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2016-02-07 21:23 - 2016-02-07 21:24 - 01508352 _____ C:\Users\Sven\Downloads\adwcleaner_5.033(1).exe
2016-02-07 20:08 - 2016-02-07 20:08 - 00000000 ____D C:\Program Files\Common Files\AV
2016-02-07 20:08 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2016-02-07 20:07 - 2016-02-07 21:17 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-02-07 20:07 - 2016-02-07 20:08 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-02-07 20:07 - 2016-02-07 20:07 - 00001471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-02-07 20:07 - 2016-02-07 20:07 - 00001459 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-02-07 20:07 - 2016-02-07 20:07 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2016-02-07 20:07 - 2016-02-07 20:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-02-07 20:07 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2016-02-07 20:05 - 2016-02-07 20:06 - 01466656 _____ C:\Users\Sven\Downloads\SpyBot Search Destroy - CHIP-Installer.exe
2016-02-07 19:52 - 2016-02-07 19:53 - 00246532 _____ C:\WINDOWS\Minidump\020716-31531-01.dmp
2016-02-07 19:52 - 2016-02-07 19:52 - 976396273 _____ C:\WINDOWS\MEMORY.DMP
2016-02-07 19:52 - 2016-02-07 19:52 - 00000000 ____D C:\WINDOWS\Minidump
2016-02-07 19:39 - 2016-02-11 18:14 - 00000000 ____D C:\AdwCleaner
2016-02-07 19:38 - 2016-02-07 19:39 - 01508352 _____ C:\Users\Sven\Downloads\adwcleaner_5.033.exe
2016-02-07 18:56 - 2016-02-07 18:57 - 00464924 _____ C:\Users\Sven\Downloads\JavaRa.def
2016-02-07 18:56 - 2016-02-07 18:56 - 00002250 _____ C:\Users\Sven\Desktop\JavaRa - CHIP Downloader.lnk
2016-02-07 18:54 - 2016-02-07 18:54 - 00184620 _____ C:\Users\Sven\Downloads\JavaRa-2.6.1.zip
2016-02-07 18:53 - 2016-02-07 18:53 - 01466656 _____ C:\Users\Sven\Downloads\JavaRa - CHIP-Installer.exe
2016-02-04 17:46 - 2015-09-22 09:46 - 00072286 _____ C:\Users\Sven\Downloads\WT_2015_Bewertungsbogen.pdf
2016-02-04 17:46 - 2015-06-24 11:48 - 03664019 _____ C:\Users\Sven\Downloads\WT_2015_Folien.pdf
2016-02-04 17:45 - 2015-09-22 09:30 - 00179339 _____ C:\Users\Sven\Downloads\WT 2015_Termine.pdf
2016-02-04 17:45 - 2015-09-22 09:23 - 00177113 _____ C:\Users\Sven\Downloads\WT 2015_Anschreiben Jugendwarte.pdf
2016-02-04 17:45 - 2015-06-24 11:46 - 01306973 _____ C:\Users\Sven\Downloads\WT_2015_Beihefter.pdf
2016-01-28 20:29 - 2016-01-28 20:29 - 00000000 ____D C:\WINDOWS\PCHEALTH
2016-01-28 20:27 - 2016-01-16 07:36 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-28 20:27 - 2016-01-16 07:36 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-28 20:27 - 2016-01-16 07:34 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-28 20:27 - 2016-01-16 07:24 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2016-01-28 20:27 - 2016-01-16 07:23 - 08728920 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-01-28 20:27 - 2016-01-16 07:23 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-28 20:27 - 2016-01-16 07:23 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-28 20:27 - 2016-01-16 07:23 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-01-28 20:27 - 2016-01-16 07:23 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-01-28 20:27 - 2016-01-16 07:21 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2016-01-28 20:27 - 2016-01-16 07:20 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-01-28 20:27 - 2016-01-16 07:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-28 20:27 - 2016-01-16 07:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2016-01-28 20:27 - 2016-01-16 07:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-28 20:27 - 2016-01-16 07:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-01-28 20:27 - 2016-01-16 07:12 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-01-28 20:27 - 2016-01-16 07:09 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-01-28 20:27 - 2016-01-16 07:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-01-28 20:27 - 2016-01-16 07:08 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-01-28 20:27 - 2016-01-16 06:45 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-28 20:27 - 2016-01-16 06:38 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-01-28 20:27 - 2016-01-16 06:38 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
2016-01-28 20:27 - 2016-01-16 06:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-01-28 20:27 - 2016-01-16 06:37 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-01-28 20:27 - 2016-01-16 06:36 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-28 20:27 - 2016-01-16 06:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-01-28 20:27 - 2016-01-16 06:36 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
2016-01-28 20:27 - 2016-01-16 06:35 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-01-28 20:27 - 2016-01-16 06:35 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-01-28 20:27 - 2016-01-16 06:34 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-01-28 20:27 - 2016-01-16 06:34 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2016-01-28 20:27 - 2016-01-16 06:34 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-01-28 20:27 - 2016-01-16 06:33 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2016-01-28 20:27 - 2016-01-16 06:32 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-01-28 20:27 - 2016-01-16 06:31 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-01-28 20:27 - 2016-01-16 06:31 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-01-28 20:27 - 2016-01-16 06:31 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-01-28 20:27 - 2016-01-16 06:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-01-28 20:27 - 2016-01-16 06:30 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-01-28 20:27 - 2016-01-16 06:30 - 01053696 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-01-28 20:27 - 2016-01-16 06:30 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-01-28 20:27 - 2016-01-16 06:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll
2016-01-28 20:27 - 2016-01-16 06:29 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-01-28 20:27 - 2016-01-16 06:29 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-01-28 20:27 - 2016-01-16 06:28 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-01-28 20:27 - 2016-01-16 06:28 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-01-28 20:27 - 2016-01-16 06:28 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2016-01-28 20:27 - 2016-01-16 06:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll
2016-01-28 20:27 - 2016-01-16 06:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-01-28 20:27 - 2016-01-16 06:26 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-01-28 20:27 - 2016-01-16 06:26 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll
2016-01-28 20:27 - 2016-01-16 06:25 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-01-28 20:27 - 2016-01-16 06:24 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-01-28 20:27 - 2016-01-16 06:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-01-28 20:27 - 2016-01-16 06:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-01-28 20:27 - 2016-01-16 06:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-01-28 20:27 - 2016-01-16 06:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-01-28 20:27 - 2016-01-16 06:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-01-28 20:27 - 2016-01-16 06:21 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-01-28 20:27 - 2016-01-16 06:20 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-01-28 20:27 - 2016-01-16 06:20 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-01-28 20:27 - 2016-01-16 06:20 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-01-28 20:27 - 2016-01-16 06:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2016-01-28 20:27 - 2016-01-16 06:19 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-01-28 20:27 - 2016-01-16 06:19 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-01-28 20:27 - 2016-01-16 06:18 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-28 20:27 - 2016-01-16 06:17 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-01-28 20:27 - 2016-01-16 06:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-01-28 20:27 - 2016-01-16 06:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-28 20:27 - 2016-01-16 06:15 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-01-28 20:27 - 2016-01-16 06:14 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-01-28 20:27 - 2016-01-16 06:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-01-28 20:27 - 2016-01-05 03:50 - 00671472 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-28 20:27 - 2016-01-05 03:48 - 00499432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-28 20:27 - 2016-01-05 03:45 - 02587696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-01-28 20:27 - 2016-01-05 03:42 - 02026736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-01-28 20:27 - 2016-01-05 03:37 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-01-28 20:27 - 2016-01-05 03:37 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-01-28 20:27 - 2016-01-05 03:37 - 00858952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-01-28 20:27 - 2016-01-05 03:37 - 00245840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-01-28 20:27 - 2016-01-05 03:37 - 00234504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2016-01-28 20:27 - 2016-01-05 03:36 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-01-28 20:27 - 2016-01-05 03:33 - 02180128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-28 20:27 - 2016-01-05 03:33 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-28 20:27 - 2016-01-05 03:33 - 00701384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-28 20:27 - 2016-01-05 03:33 - 00208176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2016-01-28 20:27 - 2016-01-05 03:33 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-01-28 20:27 - 2016-01-05 03:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-01-28 20:27 - 2016-01-05 03:27 - 01594408 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-28 20:27 - 2016-01-05 03:24 - 00796352 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-01-28 20:27 - 2016-01-05 03:23 - 01804664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-01-28 20:27 - 2016-01-05 03:23 - 01309376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-01-28 20:27 - 2016-01-05 03:23 - 00786696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-01-28 20:27 - 2016-01-05 03:21 - 01371792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-28 20:27 - 2016-01-05 03:17 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-28 20:27 - 2016-01-05 02:54 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-01-28 20:27 - 2016-01-05 02:53 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2016-01-28 20:27 - 2016-01-05 02:50 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-01-28 20:27 - 2016-01-05 02:50 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-01-28 20:27 - 2016-01-05 02:49 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-01-28 20:27 - 2016-01-05 02:49 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2016-01-28 20:27 - 2016-01-05 02:49 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommon.dll
2016-01-28 20:27 - 2016-01-05 02:48 - 01009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-01-28 20:27 - 2016-01-05 02:48 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-01-28 20:27 - 2016-01-05 02:47 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-01-28 20:27 - 2016-01-05 02:47 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-01-28 20:27 - 2016-01-05 02:45 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-01-28 20:27 - 2016-01-05 02:45 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-01-28 20:27 - 2016-01-05 02:44 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2016-01-28 20:27 - 2016-01-05 02:43 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-01-28 20:27 - 2016-01-05 02:43 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-01-28 20:27 - 2016-01-05 02:41 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-28 20:27 - 2016-01-05 02:41 - 00558592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-01-28 20:27 - 2016-01-05 02:40 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-28 20:27 - 2016-01-05 02:40 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll
2016-01-28 20:27 - 2016-01-05 02:39 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-01-28 20:27 - 2016-01-05 02:39 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-28 20:27 - 2016-01-05 02:39 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-01-28 20:27 - 2016-01-05 02:38 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-28 20:27 - 2016-01-05 02:36 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-01-28 20:27 - 2016-01-05 02:30 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-01-28 20:26 - 2016-01-16 07:37 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-01-28 20:26 - 2016-01-16 07:23 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-01-28 20:26 - 2016-01-16 07:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-01-28 20:26 - 2016-01-16 06:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-01-28 20:26 - 2016-01-16 06:44 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-01-28 20:26 - 2016-01-16 06:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
2016-01-28 20:26 - 2016-01-16 06:44 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2016-01-28 20:26 - 2016-01-16 06:43 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
2016-01-28 20:26 - 2016-01-16 06:42 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-01-28 20:26 - 2016-01-16 06:42 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
2016-01-28 20:26 - 2016-01-16 06:41 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-01-28 20:26 - 2016-01-16 06:40 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2016-01-28 20:26 - 2016-01-16 06:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2016-01-28 20:26 - 2016-01-16 06:40 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
2016-01-28 20:26 - 2016-01-16 06:39 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2016-01-28 20:26 - 2016-01-16 06:38 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-01-28 20:26 - 2016-01-16 06:38 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
2016-01-28 20:26 - 2016-01-16 06:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-01-28 20:26 - 2016-01-16 06:37 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-01-28 20:26 - 2016-01-16 06:36 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2016-01-28 20:26 - 2016-01-16 06:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2016-01-28 20:26 - 2016-01-16 06:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll
2016-01-28 20:26 - 2016-01-16 06:34 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-01-28 20:26 - 2016-01-16 06:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
2016-01-28 20:26 - 2016-01-16 06:33 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2016-01-28 20:26 - 2016-01-16 06:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-01-28 20:26 - 2016-01-16 06:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2016-01-28 20:26 - 2016-01-16 06:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe
2016-01-28 20:26 - 2016-01-16 06:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll
2016-01-28 20:26 - 2016-01-16 06:26 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-01-28 20:26 - 2016-01-16 06:26 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-01-28 20:26 - 2016-01-16 06:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2016-01-28 20:26 - 2016-01-16 06:25 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-01-28 20:26 - 2016-01-16 06:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-01-28 20:26 - 2016-01-16 06:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-01-28 20:26 - 2016-01-16 06:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-01-28 20:26 - 2016-01-05 03:51 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-01-28 20:26 - 2016-01-05 03:51 - 01141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-01-28 20:26 - 2016-01-05 03:23 - 00119320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-01-28 20:26 - 2016-01-05 03:16 - 00100160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-28 20:26 - 2016-01-05 02:57 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMSRoamingSecurity.dll
2016-01-28 20:26 - 2016-01-05 02:57 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
2016-01-28 20:26 - 2016-01-05 02:56 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-01-28 20:26 - 2016-01-05 02:52 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-01-28 20:26 - 2016-01-05 02:51 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-01-28 20:26 - 2016-01-05 02:51 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-01-28 20:26 - 2016-01-05 02:49 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-01-28 20:26 - 2016-01-05 02:48 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll
2016-01-28 20:26 - 2016-01-05 02:47 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-01-28 20:26 - 2016-01-05 02:43 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-01-28 20:26 - 2016-01-05 02:42 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-01-28 20:26 - 2016-01-05 02:39 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-28 20:26 - 2016-01-05 02:36 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-01-27 20:43 - 2016-01-31 13:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-23 16:25 - 2016-02-09 21:17 - 00003870 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-01-23 16:24 - 2016-02-11 21:17 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-19 06:18 - 2016-01-19 06:18 - 00023098 _____ C:\Users\Sven\Downloads\LbsGeschichte.odt
2016-01-18 16:01 - 2016-01-18 16:01 - 00000000 ____D C:\Program Files (x86)\Realtek
2016-01-18 16:01 - 2016-01-18 16:00 - 09890008 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RsCRIcon.dll
2016-01-18 16:01 - 2016-01-18 16:00 - 00402136 _____ (Realsil Semiconductor Corporation) C:\WINDOWS\system32\Drivers\RtsUer.sys
2016-01-18 16:01 - 2016-01-18 16:00 - 00083160 _____ (Realtek Semiconductor.) C:\WINDOWS\system32\RtCRX64.dll

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-02-11 21:18 - 2014-03-01 13:00 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B7B440A6-BB0D-44B9-BB3E-0513485A3D83}
2016-02-11 21:15 - 2015-12-16 14:00 - 00002428 _____ C:\Users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-02-11 21:15 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-11 21:15 - 2014-03-01 12:51 - 00000000 __RDO C:\Users\Sven\SkyDrive
2016-02-11 15:23 - 2014-03-14 08:53 - 00003608 _____ C:\WINDOWS\System32\Tasks\FileAdvisorCheck
2016-02-11 15:23 - 2014-03-14 08:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Type Advisor
2016-02-11 15:23 - 2014-03-14 08:53 - 00000000 ____D C:\Program Files (x86)\File Type Advisor
2016-02-10 14:08 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-10 13:59 - 2015-12-16 13:05 - 02003182 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-10 13:59 - 2015-10-30 19:35 - 00852510 _____ C:\WINDOWS\system32\perfh007.dat
2016-02-10 13:59 - 2015-10-30 19:35 - 00187736 _____ C:\WINDOWS\system32\perfc007.dat
2016-02-10 13:59 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2016-02-10 13:16 - 2015-12-16 13:05 - 00000000 ____D C:\Users\Sven
2016-02-10 13:11 - 2015-12-16 13:31 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-09 21:12 - 2014-03-01 12:36 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-02-09 21:10 - 2015-10-30 07:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-02-09 21:09 - 2015-10-30 19:44 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-09 20:48 - 2014-03-03 14:47 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-09 20:45 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-09 20:45 - 2014-03-03 14:47 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-08 17:43 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\L2Schemas
2016-02-07 21:28 - 2015-10-30 07:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-02-07 19:00 - 2014-03-22 08:53 - 00000000 ____D C:\Users\Sven\AppData\Roaming\FileAdvisor
2016-02-05 13:36 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\rescache
2016-02-05 12:38 - 2015-12-27 18:42 - 00003230 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForSven
2016-02-05 12:38 - 2015-12-27 18:42 - 00000342 _____ C:\WINDOWS\Tasks\HPCeeScheduleForSven.job
2016-02-05 11:34 - 2014-06-10 19:14 - 00000000 ____D C:\Users\Sven\Documents\Feuerwehrverein
2016-02-03 20:01 - 2015-10-30 08:26 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-02-03 20:01 - 2015-10-30 08:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-02 20:10 - 2014-10-12 15:12 - 00000000 ____D C:\Users\Sven\AppData\Roaming\vlc
2016-02-02 15:49 - 2015-12-16 13:02 - 00000000 ____D C:\ProgramData\Package Cache
2016-02-02 15:48 - 2015-05-13 06:56 - 00003624 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask
2016-02-02 15:48 - 2015-05-13 06:56 - 00001970 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2016-02-02 15:48 - 2015-05-13 06:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2016-02-02 15:48 - 2015-05-13 06:56 - 00000000 ____D C:\Program Files (x86)\Garmin
2016-01-31 15:06 - 2014-03-01 14:57 - 00000000 ____D C:\Users\Sven\AppData\Roaming\XnView
2016-01-31 13:17 - 2014-03-01 13:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-30 22:09 - 2015-10-30 08:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-01-30 22:09 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-01-30 22:09 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-01-30 22:09 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-01-30 22:09 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-01-30 22:09 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-30 22:09 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-01-23 16:25 - 2014-03-01 18:31 - 00000000 ____D C:\Users\Sven\AppData\Local\Adobe
2016-01-18 16:01 - 2014-02-05 07:00 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2016-01-18 16:00 - 2013-09-03 05:57 - 00000000 ____D C:\SWSETUP
2016-01-15 13:44 - 2016-01-01 13:01 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-15 13:44 - 2014-12-26 16:21 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-10-04 12:55 - 2014-10-11 14:58 - 0005120 _____ () C:\Users\Sven\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-03 12:33 - 2014-05-03 12:33 - 0009046 _____ () C:\Users\Sven\AppData\Local\recently-used.xbel
2014-03-14 09:02 - 2014-03-14 09:02 - 0001534 _____ () C:\ProgramData\ss.ini

Einige Dateien in TEMP:
====================
C:\Users\Sven\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-02-09 20:43

==================== Ende von FRST.txt ============================
         
Mal ne Frage nebenher.
Kann men eigentlich mit dem textfragment, was ich ganz oben mit gepostet habe was anfangen? Also, ich meine, schon mal sagen, was das sein kann bzw, was das eventuell anrichten könnte?
Ich habe noch knapp 2 Seiten davon da.

Gruß Sven

Alt 11.02.2016, 21:56   #15
M-K-D-B
/// TB-Ausbilder
 
Zip Datei entpakt, welche ein Javaskript enthält! Und nun? - Standard

Zip Datei entpakt, welche ein Javaskript enthält! Und nun?



Servus,


Was genau meinst du mit dem "Textfragment"?

Die pdf, die du gepostet hast, ist harmlos.




Lies dir bitte die Anleitung zu Schritt 1 nochmal durch, du musst schon auf den Entfernen-Button in FRST drücken, nachdem du die fixlist.txt erstellt hast:


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
CloseProcesses:
Task: {09457ED8-88E5-4448-8D3A-7FE99E5939DD} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {0E585D37-9C39-46EA-A58E-E67BC39945C4} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {3F19281D-6B48-4C11-99AD-EE0AF77A5C6B} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {413A63F3-CA1E-4B85-B830-CED4EEC12ED5} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {50155064-DECD-4647-9639-5DF0D5AB2C0E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {6CBC2F47-C9B0-4040-A82E-CBEE47851BEA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {777F3E62-A613-4228-8C9B-C3E9C638E371} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {7E4E7FF3-E523-4AB8-91A1-6E863A7E8178} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {9BC28C3C-3161-4095-A131-C9ACF14681EB} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {ACF97461-4287-42AC-8A1C-DA4EC345EFB9} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {DBED7EAD-2721-4E36-A73F-4A511FD36546} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Toolbar: HKLM - Kein Name - {41564952-412D-5637-4300-7A786E7484D7} -  Keine Datei
Toolbar: HKLM-x32 - Kein Name - {41564952-412D-5637-4300-7A786E7484D7} -  Keine Datei
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\25946514D214736534007A857BC06200
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Antwort

Themen zu Zip Datei entpakt, welche ein Javaskript enthält! Und nun?
antivirus, avira, browser, computer, dateien, desktop, dll, explorer, firefox, flash player, helper, helper.exe, home, internet, internet explorer, log, microsoft, mozilla, namen, ordner, programme, registry, server, software, temp, windows



Ähnliche Themen: Zip Datei entpakt, welche ein Javaskript enthält! Und nun?


  1. Webseite enthält eventuell Schadsoftware
    Diskussionsforum - 09.02.2016 (6)
  2. Avira - Minecraft.exe enthält TR/agent?
    Plagegeister aller Art und deren Bekämpfung - 25.09.2015 (18)
  3. Windows 10: coActMgr.dll enthält einen Trojaner.
    Log-Analyse und Auswertung - 14.09.2015 (3)
  4. Fehlermeldung von Bewerberportal: Ihr Dokument enthält einen Virus (!)
    Log-Analyse und Auswertung - 07.09.2015 (9)
  5. AdwCleaner - Welche Datei darf gelöscht werden? / Programm "Chip best Deal" kann nicht deintalliert werden
    Plagegeister aller Art und deren Bekämpfung - 26.02.2015 (5)
  6. FRST64.exe Scan-Tool enthält Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 12.02.2015 (4)
  7. Windows 8.1: USB-Stick enthält nur noch Verknüpfungen
    Log-Analyse und Auswertung - 19.06.2014 (11)
  8. E-mail Mahnung die .zip Datei mit MS-Dos anwendung enthält (leider geöffnet)
    Log-Analyse und Auswertung - 21.08.2013 (9)
  9. Win 7/ Avira Fund Enthält EXP/CVE-2012-1723.B.Gen
    Log-Analyse und Auswertung - 05.08.2013 (7)
  10. Externe Festplatte enthält nur noch Verknüpfungen und CPU Auslastung
    Log-Analyse und Auswertung - 07.02.2012 (3)
  11. Welche Software-/Hardwaremaßnahme ist für welche Schädlinge geeignet/ungeeignet...
    Antiviren-, Firewall- und andere Schutzprogramme - 16.09.2010 (2)
  12. Computer enthält Virus!
    Log-Analyse und Auswertung - 21.03.2009 (10)
  13. Meldung mit ATI-Symbol enthält Virus?
    Plagegeister aller Art und deren Bekämpfung - 28.09.2007 (2)
  14. habe gaaaaanz viele prozesse laufen!Welche sind gut welche nicht?
    Plagegeister aller Art und deren Bekämpfung - 07.03.2006 (3)
  15. Enthält Signatur des Exploits EXP/VBS.Phel.I
    Log-Analyse und Auswertung - 20.08.2005 (5)
  16. Enthält eine Signatur des (gefährlichen) Backdoorprogrammes BDS/Agent.AY!
    Log-Analyse und Auswertung - 10.07.2005 (1)
  17. nie benutzte Partition enthält Spyware, wie schütze ich mich???
    Plagegeister aller Art und deren Bekämpfung - 14.01.2005 (1)

Zum Thema Zip Datei entpakt, welche ein Javaskript enthält! Und nun? - Hallo gestern hab ich wohl e weng Bockmist gebaut! Normalerweise öffne ich keine Mail-Anhänge, wo ich den Absender nicht kenne! Nur, den Absender der Mail von gestern abend habe ich - Zip Datei entpakt, welche ein Javaskript enthält! Und nun?...
Archiv
Du betrachtest: Zip Datei entpakt, welche ein Javaskript enthält! Und nun? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.