| |
| |||||||
Log-Analyse und Auswertung: Windows10: Trojanerfunde TR/Crypt.ZPACK.opknz + TR/Crypt.ZPACK.gezb + TR/Crypt.Xpack.400358 + TR/Dropper.A.40051 + TR/Dropper.A.40034Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
20.01.2017, 21:05
| #1 |
| |  Windows10: Trojanerfunde TR/Crypt.ZPACK.opknz + TR/Crypt.ZPACK.gezb + TR/Crypt.Xpack.400358 + TR/Dropper.A.40051 + TR/Dropper.A.40034 Hallo liebes Forum, Avira Free Antivirus (Produktversion 15.0.24.146, 06.12.2016) hat -soweit ich das überblicke- diese 5 Trojaner gemeldet: TR/Crypt.ZPACK.opknz TR/Crypt.ZPACK.gezb TR/Crypt.Xpack.400358 TR/Dropper.A.40051 TR/Dropper.A.40034 Lt. Avira-Logfile befinden sich diese wohl innerhalb irgendwelcher gepackten Mail-Anhänge (von Pseudo-Juristen-Abmahnern) und in "Backupfiles.zip". Da diese (soweit ich das als Laie beurteilen kann) sich in Archiven befinden, können keine Reparaturen oder Entfernungen vorgenommen werden. Mein System läuft einwandfrei (soweit ich das laienhaft feststellen kann). Meine Frage an Euch Profis: Was mache ich nun? Ignorieren? Oder diese "Schläfer" lieber entfernen? Ich würde die Beseitigung dieser Besucher bevorzugen. Habe aber keine Ahnung wie. Daher wäre ich Euch dankbar, wenn Ihr mir mit ein wenig Rat zur Seite stehen würdet und verbleibe mit besten Grüßen Laocoon Anbei der Auszug aus der FRST-Datei. Die Auszüge aus der Addition-Datei und aus dem aktuellsten Avira-Log lade ich als zip hoch, da diese scheinbar zu groß sind. Hier die FRST: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 18-01-2017
durchgeführt von hans (Administrator) auf DELFINE (20-01-2017 19:25:53)
Gestartet von C:\Users\hans\Desktop
Geladene Profile: hans & Mcx1-DELFINE & Leo & DefaultAppPool (Verfügbare Profile: hans & Mcx1-DELFINE & Leo & DefaultAppPool)
Platform: Windows 10 Pro Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(Axis Communications AB) C:\Program Files\Axis Communications\AXIS Camera Management 4\AcmService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.04\AsusFanControlService.exe
(Chip Digital GmbH) C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\SpybotSearchDestroy2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\SpybotSearchDestroy2\SDFSSvc.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\SpybotSearchDestroy2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFi GO! Server.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\SpybotSearchDestroy2\SDTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetiCtrlTray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AsDLNAServerReal.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-26] (Logitech, Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-11-18] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-27] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [ASUS WiFi GO! FileTransfer Execute] => C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFile\WiFileTransfer.exe [1376896 2012-04-12] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [917576 2016-12-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [407904 2015-04-08] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153952 2015-04-08] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [AXIS Camera Management Service Control] => C:\Program Files\Axis Communications\AXIS Camera Management 4\AcmAdmin.exe [1834160 2015-05-08] (Axis Communications AB)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [60136 2016-11-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Plugin Install] => C:\Program Files (x86)\QuickTime\Plugins\DeleteMe1.exe [86016 2016-04-05] ()
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\SpybotSearchDestroy2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\Run: [Xvid] => C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-21] (Piriform Ltd)
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATINFE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATINFE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\Run: [EPLTarget\P0000000000000002] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATINFE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2876704 2016-12-20] (Valve Corporation)
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\SpybotSearchDestroy2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1412286257-1942420214-3619319362-1002\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-21-1412286257-1942420214-3619319362-1002\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1412286257-1942420214-3619319362-1002\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1412286257-1942420214-3619319362-1007\...\RunOnce: [Uninstall 17.3.6381.0405\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Leo\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64"
HKU\S-1-5-21-1412286257-1942420214-3619319362-1007\...\RunOnce: [Uninstall 17.3.6381.0405] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Leo\AppData\Local\Microsoft\OneDrive\17.3.6381.0405"
HKU\S-1-5-21-1412286257-1942420214-3619319362-1007\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1412286257-1942420214-3619319362-1007\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [01Mediencenter_InSync] -> {77BC4082-DB5F-439A-8DC8-F9E24A63B0DE} => C:\Users\hans\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll [2013-04-18] (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: [02Mediencenter_ToSync] -> {528EE335-5034-4EFC-834E-63E5F02D2BC2} => C:\Users\hans\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll [2013-04-18] (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: [03Mediencenter_Failed] -> {6066ADF0-9EB0-43E5-ADB6-990F5A3B979C} => C:\Users\hans\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll [2013-04-18] (Deutsche Telekom AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk [2014-02-03]
ShortcutTarget: phase-6 Reminder.lnk -> C:\Program Files (x86)\phase-6\phase-6\reminder\reminder.exe (phase-6)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Philips GoGear SA4VBE Device Manager.lnk [2013-06-14]
ShortcutTarget: Philips GoGear SA4VBE Device Manager.lnk -> C:\Program Files (x86)\Philips\GoGear SA4VBE Device Manager\GoGear_SA4VBE_DeviceManager.exe (Philips)
Startup: C:\Users\hans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk [2012-07-27]
ShortcutTarget: Samsung SSD Magician.lnk -> C:\Program Files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe (Samsung Electronics.)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Beschränkung <======= ACHTUNG
GroupPolicy\User: Beschränkung <======= ACHTUNG
GroupPolicyUsers\S-1-5-21-1412286257-1942420214-3619319362-1007\User: Beschränkung <======= ACHTUNG
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{280df009-71d1-45e6-bca3-de9ca51bc6ef}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{ec71dbf0-98cf-4b04-8ee2-cceb81b9b1a9}: [DhcpNameServer] 192.168.178.1
Internet Explorer:
==================
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKLM -> {1F0C0E4A-72C8-4560-9612-27AD083921F1} URL = hxxp://webtip.ch/cgi-bin/amz_track/tracker_de.pl?loc=search&search={searchTerms}
SearchScopes: HKLM-x32 -> {1F0C0E4A-72C8-4560-9612-27AD083921F1} URL = hxxp://webtip.ch/cgi-bin/amz_track/tracker_de.pl?loc=search&search={searchTerms}
SearchScopes: HKU\S-1-5-21-1412286257-1942420214-3619319362-1000 -> {1F0C0E4A-72C8-4560-9612-27AD083921F1} URL = hxxp://webtip.ch/cgi-bin/amz_track/tracker_de.pl?loc=search&search={searchTerms}
SearchScopes: HKU\S-1-5-21-1412286257-1942420214-3619319362-1000 -> {47F43F50-68E2-4F28-B949-26EE0EC9C505} URL = hxxp://www.buyertools.net/cgi-bin/preispiraten_de/nph.fcgi?qry_str={searchTerms}&category=deutsch&how=and&searchtype=simple&Web=on&wiki_tab=on&wiki_tab_old=+CHECKED&ebay_tab=on&ebay_tab_old=+CHECKED&shoppingcom_tab=on&shoppingcom_tab_old=+CHECKED&pirat_tab=on&pirat_tab_old=+CHECKED&JavaScript=enabled&submit=SUCHEN
SearchScopes: HKU\S-1-5-21-1412286257-1942420214-3619319362-1000 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (Seiko Epson Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-03] (Oracle Corporation)
BHO-x32: amazon -> {84B94901-3645-4D80-A6B7-4D0050B19455} -> C:\Program Files (x86)\Pricepirates7\IEButtonAmazonInterface.dll [2009-08-20] ()
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-03] (Oracle Corporation)
BHO-x32: Preispiraten -> {E9E027BF-C3F3-4022-8F6B-8F6D39A59684} -> C:\Program Files (x86)\Pricepirates7\IEButtonPPInterface.dll [2009-08-20] ()
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (Seiko Epson Corporation)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Home Extension - {F090BE08-2E7E-4D60-8FAB-98ABFA425136} - C:\Program Files (x86)\Pricepirates7\HomeExtension.dll [2007-03-26] ()
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
FireFox:
========
FF ProfilePath: C:\Users\hans\AppData\Roaming\Songbird2\Profiles\f8yv4x3u.default [2017-01-10]
FF Extension: (Philips GoGear Device Manager) - C:\Users\hans\AppData\Roaming\Songbird2\Profiles\f8yv4x3u.default\Extensions\gogear@songbirdnest.com [2013-06-11] [ist nicht signiert]
FF Extension: (German (de) Language Pack) - C:\Users\hans\AppData\Roaming\Songbird2\Profiles\f8yv4x3u.default\Extensions\langpack-de@songbirdnest.com [2013-06-11] [ist nicht signiert]
FF Extension: (MSC Device Support) - C:\Users\hans\AppData\Roaming\Songbird2\Profiles\f8yv4x3u.default\Extensions\msc@songbirdnest.com [2013-06-11] [ist nicht signiert]
FF Extension: (MTP Device Support) - C:\Users\hans\AppData\Roaming\Songbird2\Profiles\f8yv4x3u.default\Extensions\mtp@songbirdnest.com [2013-06-11] [ist nicht signiert]
FF Extension: (Kein Name) - C:\Program Files (x86)\Songbird\extensions\albumart@songbirdnest.com [nicht gefunden]
FF Extension: (Kein Name) - C:\Program Files (x86)\Songbird\extensions\gonzo@songbirdnest.com [nicht gefunden]
FF Extension: (Kein Name) - C:\Program Files (x86)\Songbird\extensions\philips-addon-manager@songbirdnest.com [nicht gefunden]
FF Extension: (Kein Name) - C:\Program Files (x86)\Songbird\extensions\pinkmartini@songbirdnest.com [nicht gefunden]
FF Extension: (Kein Name) - C:\Program Files (x86)\Songbird\extensions\purplerain@songbirdnest.com [nicht gefunden]
FF Extension: (Kein Name) - C:\Program Files (x86)\Songbird\extensions\sharing@songbirdnest.com [nicht gefunden]
FF Extension: (Kein Name) - C:\Program Files (x86)\Songbird\extensions\soundboard@songbirdnest.com [nicht gefunden]
FF ProfilePath: C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default [2017-01-20]
FF user.js: detected! => C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\user.js [2016-03-04]
FF Homepage: Mozilla\Firefox\Profiles\cnn104yu.default -> hxxp://www.google.de
FF Extension: (Avira Browser Safety) - C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\abs@avira.com [2016-11-23] [ist nicht signiert]
FF Extension: (Brief) - C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\brief@mozdev.org.xpi [2016-06-12]
FF Extension: (Clipple) - C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\clipple@mooz.github.com.xpi [2016-02-17]
FF Extension: (ProxTube) - C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\ich@maltegoetz.de.xpi [2016-10-17]
FF Extension: (Download YouTube Videos, Fast And Simple) - C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\jid1-cHKBMlArKdIVEg@jetpack.xpi [2016-04-30]
FF Extension: (Vlc Kontextmenü) - C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\vlcplaylist@helgatauscher.de.xpi [2016-04-30]
FF Extension: (VLC Youtube Shortcut) - C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\vlc_shortcut@kosan.kosan.xpi [2016-12-01]
FF Extension: (All-in-One Sidebar) - C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2016-04-10]
FF Extension: (Amazon Startcenter) - C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\{144D1513-0819-4538-AD26-D515AF443AE7} [2016-11-26]
FF Extension: (Home Extension) - C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\{2E6861CA-9A88-4B7B-B935-F810DE84D259} [2016-11-26]
FF Extension: (Amazon Statusbar Button) - C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\{32DD6873-2BC0-4E4B-B9A3-0E602AB0DC14} [2016-11-26]
FF Extension: (Real Player Plugin) - C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\{5bde3c21-2fd4-4f4a-8726-253ac3af4675}.xpi [2016-05-19] [ist nicht signiert]
FF Extension: (NoScript) - C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-01-20]
FF Extension: (CSSHelper) - C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\{89e65ea8-9e30-489d-8269-7ba28535378a}.xpi [2015-12-24] [ist nicht signiert]
FF Extension: (Clippings) - C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271} [2016-11-04]
FF Extension: (Biet-O-Matic Firefox Erweiterung) - C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\{B0D70E72-2FC1-4b9f-A3D4-5921C854D906}.xpi [2012-12-08] [ist nicht signiert]
FF Extension: (Preispiraten) - C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\{C8D3D3BE-7ADC-4109-BF8C-6330A9F58B0C} [2016-01-16]
FF Extension: (Adblock Plus) - C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Extension: (Tab Mix Plus) - C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2017-01-14]
FF SearchPlugin: C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\searchplugins\dudende-suche.xml [2012-07-29]
FF SearchPlugin: C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\searchplugins\stadtbibliothek-hanshans.xml [2016-04-01]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-01-30] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2015-08-18] [ist nicht signiert]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-11] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-09-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-09-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [Keine Datei]
FF Plugin: synology.com/SurveillancePlugin_x86_64 -> C:\Program Files (x86)\Synology\SurveillancePlugin\1.0.0.934\npSurveillancePlugin_x86_64.dll [2016-03-25] (Synology)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-11] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1206147.dll [2013-11-25] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-04-08] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2015-04-08] (Citrix Systems, Inc.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-09-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Keine Datei]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Keine Datei]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Keine Datei]
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @graphisoft.com/GDL Web Plug-in -> C:\Program Files (x86)\GRAPHISOFT\GDLWebControl\npGDLMozilla.dll [2012-06-14] (Graphisoft SE)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-03] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-09-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: synology.com/SurveillancePlugin -> C:\Program Files (x86)\Synology\SurveillancePlugin\1.0.0.934\npSurveillancePlugin.dll [2016-03-25] (Synology)
FF Plugin HKU\S-1-5-21-1412286257-1942420214-3619319362-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-09-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-1412286257-1942420214-3619319362-1000: @sun.com/npsopluginmi;version=1.0 -> C:\Program Files (x86)\OpenOffice.org 3\program [Keine Datei]
FF Plugin HKU\S-1-5-21-1412286257-1942420214-3619319362-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\hans\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-12-03] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1412286257-1942420214-3619319362-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll [2012-12-07] (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2015-09-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-08-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2016-04-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2016-04-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2016-04-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2016-04-05] (Apple Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> chrome://newtab
CHR Profile: C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default [2017-01-06]
CHR Extension: (Google Präsentationen) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-09]
CHR Extension: (Google Docs) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-09]
CHR Extension: (Google Drive) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-29]
CHR Extension: (YouTube) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-29]
CHR Extension: (Google Cast) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-11-20]
CHR Extension: (Google-Suche) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Google Tabellen) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-09]
CHR Extension: (Google Docs Offline) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-20]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-20]
CHR Extension: (Google Mail) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-09]
CHR Extension: (Chrome Media Router) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-20]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [1089592 2016-12-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [476736 2016-12-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [476736 2016-12-15] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1490296 2016-12-15] (Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-07-28] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-02-02] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.04\AsusFanControlService.exe [1473664 2012-07-28] (ASUSTeK Computer Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [350528 2016-11-24] (Avira Operations GmbH & Co. KG)
R2 AXIS Camera Management; C:\Program Files\Axis Communications\AXIS Camera Management 4\AcmService.exe [18432 2015-05-08] (Axis Communications AB) [Datei ist nicht signiert]
R2 chip1click; C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe [91136 2016-10-27] (Chip Digital GmbH) [Datei ist nicht signiert]
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-16] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-15] (SEIKO EPSON CORPORATION)
R2 FoxitReaderService; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe [1659592 2016-11-15] (Foxit Software Inc.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [703984 2014-09-22] (SEIKO EPSON CORPORATION)
R2 SDScannerService; C:\Program Files (x86)\SpybotSearchDestroy2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\SpybotSearchDestroy2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\SpybotSearchDestroy2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-11-18] (Microsoft Corporation)
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2015-05-11] () [Datei ist nicht signiert]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
S3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [151352 2016-12-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [153904 2016-12-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [35488 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [78208 2016-06-04] (Avira Operations GmbH & Co. KG)
S3 GenericMount; C:\WINDOWS\System32\DRIVERS\GenericMount.sys [66608 2010-02-12] (Symantec Corporation)
R3 ikbevent; C:\WINDOWS\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
R3 imsevent; C:\WINDOWS\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 WPRO_41_2001; C:\WINDOWS\System32\drivers\WPRO_41_2001.sys [34752 2013-01-28] ()
U3 idsvc; kein ImagePath
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-01-20 19:25 - 2017-01-20 19:26 - 00038833 _____ C:\Users\hans\Desktop\FRST.txt
2017-01-20 19:24 - 2017-01-20 19:25 - 00000000 ____D C:\FRST
2017-01-20 19:23 - 2017-01-20 19:24 - 02419712 _____ (Farbar) C:\Users\hans\Desktop\FRST64.exe
2017-01-20 19:03 - 2017-01-20 19:03 - 00001387 _____ C:\Users\hans\Desktop\Bearbeitet - Verknüpfung.lnk
2017-01-20 19:03 - 2017-01-20 19:03 - 00000475 _____ C:\Users\hans\Desktop\Trojaner.txt
2017-01-16 23:51 - 2014-05-19 21:15 - 00450709 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170116-235155.backup
2017-01-14 19:14 - 2017-01-14 19:14 - 00000000 ____D C:\Users\hans\AppData\Roaming\Amanita-Design.Samorost3
2017-01-14 18:35 - 2017-01-14 18:38 - 00000000 ____D C:\WINDOWS\Microsoft Antimalware
2017-01-10 23:50 - 2014-05-19 21:15 - 00450709 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170110-235007.backup
2017-01-10 21:23 - 2014-05-19 21:15 - 00450709 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170110-212324.backup
2017-01-10 20:16 - 2014-05-19 21:15 - 00450709 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170110-201615.backup
2017-01-10 19:32 - 2016-12-21 09:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-10 19:32 - 2016-12-21 09:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-10 19:32 - 2016-12-21 08:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-10 19:32 - 2016-12-21 08:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-10 19:32 - 2016-12-21 08:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-10 19:32 - 2016-12-21 08:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-10 19:32 - 2016-12-21 08:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-01-10 19:32 - 2016-12-21 08:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-10 19:32 - 2016-12-21 08:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-10 19:32 - 2016-12-21 08:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-10 19:32 - 2016-12-21 08:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-10 19:32 - 2016-12-21 08:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-10 19:32 - 2016-12-21 08:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-10 19:32 - 2016-12-21 07:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-10 19:32 - 2016-12-21 07:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-10 19:32 - 2016-12-21 07:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-10 19:32 - 2016-12-21 07:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-10 19:32 - 2016-12-21 07:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-10 19:32 - 2016-12-21 07:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-10 19:32 - 2016-12-21 07:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-10 19:32 - 2016-12-21 07:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-10 19:32 - 2016-12-21 07:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-01-10 19:32 - 2016-12-21 07:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-10 19:32 - 2016-12-21 06:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-01-10 19:32 - 2016-12-21 06:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-10 19:32 - 2016-12-21 06:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-01-10 19:32 - 2016-12-21 05:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-10 19:32 - 2016-12-21 05:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-10 19:32 - 2016-12-21 05:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-01-10 19:32 - 2016-12-21 05:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-01-10 19:32 - 2016-12-21 05:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-01-10 19:32 - 2016-12-21 05:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-01-10 19:32 - 2016-12-21 05:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-01-10 19:32 - 2016-12-21 05:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-01-10 19:32 - 2016-12-21 05:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-10 19:32 - 2016-12-21 05:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-10 19:32 - 2016-12-21 05:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-01-10 19:32 - 2016-12-21 05:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-01-10 19:32 - 2016-12-21 05:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-01-10 19:32 - 2016-12-21 05:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-01-10 19:32 - 2016-12-21 05:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-10 19:32 - 2016-12-21 05:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-01-10 19:32 - 2016-12-14 06:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-10 19:32 - 2016-12-14 06:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-10 19:32 - 2016-12-14 06:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-01-10 19:32 - 2016-12-14 06:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-01-10 19:32 - 2016-12-14 06:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-01-10 19:32 - 2016-12-14 06:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-01-10 19:32 - 2016-12-14 05:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-10 19:32 - 2016-12-14 05:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-10 19:32 - 2016-12-14 05:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-10 19:32 - 2016-12-14 05:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-10 19:32 - 2016-12-14 05:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-01-10 19:32 - 2016-12-14 05:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-10 19:32 - 2016-12-14 05:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-10 19:32 - 2016-12-14 05:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-01-10 19:32 - 2016-12-14 05:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-10 19:32 - 2016-12-14 05:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-10 19:32 - 2016-12-14 05:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-01-10 19:32 - 2016-12-14 05:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-01-10 19:32 - 2016-12-14 05:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-10 19:32 - 2016-12-14 05:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-01-10 19:32 - 2016-12-14 05:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-10 19:32 - 2016-12-14 05:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-10 19:32 - 2016-12-14 05:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-10 19:32 - 2016-12-14 05:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-10 19:32 - 2016-12-14 05:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-10 19:32 - 2016-12-14 05:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-10 19:32 - 2016-12-14 05:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-10 19:32 - 2016-12-14 05:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-10 19:32 - 2016-11-02 13:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-01-10 19:32 - 2016-11-02 11:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-10 19:32 - 2016-08-02 05:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-01-10 19:31 - 2016-12-21 09:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-10 19:31 - 2016-12-21 08:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-10 19:31 - 2016-12-21 08:45 - 00153952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcmiplugin.dll
2017-01-10 19:31 - 2016-12-21 08:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-10 19:31 - 2016-12-21 08:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-10 19:31 - 2016-12-21 08:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-01-10 19:31 - 2016-12-21 08:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-10 19:31 - 2016-12-21 08:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-10 19:31 - 2016-12-21 08:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-10 19:31 - 2016-12-21 08:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-10 19:31 - 2016-12-21 08:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-10 19:31 - 2016-12-21 08:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-10 19:31 - 2016-12-21 08:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-10 19:31 - 2016-12-21 08:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-01-10 19:31 - 2016-12-21 08:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-10 19:31 - 2016-12-21 08:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-01-10 19:31 - 2016-12-21 08:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-10 19:31 - 2016-12-21 08:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-10 19:31 - 2016-12-21 08:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-10 19:31 - 2016-12-21 08:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-10 19:31 - 2016-12-21 08:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-10 19:31 - 2016-12-21 08:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-01-10 19:31 - 2016-12-21 08:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-10 19:31 - 2016-12-21 08:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-10 19:31 - 2016-12-21 08:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-10 19:31 - 2016-12-21 08:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-01-10 19:31 - 2016-12-21 08:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-01-10 19:31 - 2016-12-21 07:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-10 19:31 - 2016-12-21 07:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-10 19:31 - 2016-12-21 07:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-10 19:31 - 2016-12-21 07:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-10 19:31 - 2016-12-21 07:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-10 19:31 - 2016-12-21 07:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-10 19:31 - 2016-12-21 07:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-10 19:31 - 2016-12-21 07:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-10 19:31 - 2016-12-21 07:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-10 19:31 - 2016-12-21 07:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-10 19:31 - 2016-12-21 06:03 - 00136544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqmigplugin.dll
2017-01-10 19:31 - 2016-12-21 06:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-01-10 19:31 - 2016-12-21 06:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-01-10 19:31 - 2016-12-21 06:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-01-10 19:31 - 2016-12-21 06:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-01-10 19:31 - 2016-12-21 06:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-01-10 19:31 - 2016-12-21 06:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-01-10 19:31 - 2016-12-21 05:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-01-10 19:31 - 2016-12-21 05:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-10 19:31 - 2016-12-21 05:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-01-10 19:31 - 2016-12-21 05:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-01-10 19:31 - 2016-12-21 05:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-01-10 19:31 - 2016-12-21 05:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-01-10 19:31 - 2016-12-21 05:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-01-10 19:31 - 2016-12-21 05:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-01-10 19:31 - 2016-12-21 05:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-01-10 19:31 - 2016-12-21 05:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-01-10 19:31 - 2016-12-21 05:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-01-10 19:31 - 2016-12-21 05:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-01-10 19:31 - 2016-12-14 06:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-10 19:31 - 2016-12-14 06:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-10 19:31 - 2016-12-14 06:33 - 02169184 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-01-10 19:31 - 2016-12-14 06:33 - 01669984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-01-10 19:31 - 2016-12-14 06:33 - 01400160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-01-10 19:31 - 2016-12-14 06:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-10 19:31 - 2016-12-14 06:33 - 01054048 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2017-01-10 19:31 - 2016-12-14 06:33 - 00992096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2017-01-10 19:31 - 2016-12-14 06:33 - 00822624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-01-10 19:31 - 2016-12-14 06:33 - 00813408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-01-10 19:31 - 2016-12-14 06:33 - 00779616 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-01-10 19:31 - 2016-12-14 06:33 - 00752992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-01-10 19:31 - 2016-12-14 06:33 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-01-10 19:31 - 2016-12-14 06:33 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-01-10 19:31 - 2016-12-14 06:33 - 00571744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-01-10 19:31 - 2016-12-14 06:33 - 00513376 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2017-01-10 19:31 - 2016-12-14 06:33 - 00406368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-01-10 19:31 - 2016-12-14 06:33 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2017-01-10 19:31 - 2016-12-14 06:33 - 00190816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVDllSurrogate.exe
2017-01-10 19:31 - 2016-12-14 06:26 - 01469792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-01-10 19:31 - 2016-12-14 06:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-10 19:31 - 2016-12-14 06:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-10 19:31 - 2016-12-14 06:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-10 19:31 - 2016-12-14 06:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-10 19:31 - 2016-12-14 06:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-10 19:31 - 2016-12-14 06:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-10 19:31 - 2016-12-14 06:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-01-10 19:31 - 2016-12-14 06:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-01-10 19:31 - 2016-12-14 06:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-01-10 19:31 - 2016-12-14 05:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-10 19:31 - 2016-12-14 05:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-01-10 19:31 - 2016-12-14 05:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-10 19:31 - 2016-12-14 05:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 19:31 - 2016-12-14 05:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-10 19:31 - 2016-12-14 05:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-10 19:31 - 2016-12-14 05:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-10 19:31 - 2016-12-14 05:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-01-10 19:31 - 2016-12-14 05:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 19:31 - 2016-12-14 05:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-10 19:31 - 2016-12-14 05:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-10 19:31 - 2016-12-14 05:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-10 19:31 - 2016-12-14 05:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-10 19:31 - 2016-12-14 05:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-10 19:31 - 2016-12-14 05:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-10 19:31 - 2016-12-14 05:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-01-10 19:31 - 2016-12-14 05:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-01-10 19:31 - 2016-12-14 05:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-01-10 19:31 - 2016-12-14 05:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-10 19:31 - 2016-12-14 05:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-10 19:31 - 2016-12-14 05:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-01-10 19:31 - 2016-12-14 05:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-01-10 19:31 - 2016-12-14 05:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-01-10 19:31 - 2016-12-14 05:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-10 19:31 - 2016-11-02 12:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-01-10 19:31 - 2016-11-02 11:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-01-10 19:31 - 2016-11-02 11:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-01-09 18:22 - 2014-05-19 21:15 - 00450709 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170109-182203.backup
2017-01-07 15:05 - 2017-01-11 18:51 - 00263016 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-06 19:49 - 2014-05-19 21:15 - 00450709 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170106-194925.backup
2017-01-04 20:25 - 2017-01-04 20:25 - 00001333 _____ C:\Users\hans\Desktop\OOSU10861.exe - Verknüpfung.lnk
2017-01-04 20:21 - 2017-01-04 20:21 - 00681536 _____ (O&O Software GmbH) C:\Program Files (x86)\OOSU10861.exe
2017-01-04 18:35 - 2014-05-19 21:15 - 00450709 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170104-183515.backup
2017-01-04 00:41 - 2014-05-19 21:15 - 00450709 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170104-004142.backup
2017-01-04 00:40 - 2014-05-19 21:15 - 00450709 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170104-004028.backup
2017-01-04 00:33 - 2017-01-04 00:33 - 00000000 ____D C:\Users\hans\Aufnahmen\Documents\ProcAlyzer Dumps
2017-01-04 00:27 - 2017-01-04 00:27 - 00000000 ____D C:\Program Files\Common Files\AV
2017-01-04 00:27 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2017-01-04 00:26 - 2017-01-04 00:36 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-01-04 00:26 - 2017-01-04 00:27 - 00000000 ____D C:\Program Files (x86)\SpybotSearchDestroy2
2017-01-04 00:26 - 2017-01-04 00:26 - 00001401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-01-04 00:26 - 2017-01-04 00:26 - 00001389 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-01-04 00:26 - 2017-01-04 00:26 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-01-04 00:26 - 2017-01-04 00:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpybotSearchDestroy2
2017-01-04 00:26 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2017-01-03 20:05 - 2017-01-03 20:05 - 00000000 ____D C:\Program Files (x86)\Chip Digital GmbH
2017-01-02 22:39 - 2017-01-02 22:39 - 00003270 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-02 22:38 - 2017-01-02 22:38 - 00000000 ____D C:\Users\Leo\AppData\Roaming\Skype
2016-12-28 19:03 - 2016-12-28 19:03 - 00001189 _____ C:\Users\hans\Desktop\MediathekView.lnk
2016-12-28 19:01 - 2016-12-29 20:58 - 00000000 ____D C:\Users\hans\.mediathek3
2016-12-28 18:58 - 2016-12-28 19:03 - 00000000 ____D C:\Program Files (x86)\MediathekView12
2016-12-28 18:55 - 2017-01-02 20:18 - 00000000 ____D C:\Users\hans\AppData\Roaming\TV-Browser
2016-12-28 18:55 - 2016-12-28 18:55 - 00001989 _____ C:\Users\Public\Desktop\TV-Browser.lnk
2016-12-28 18:55 - 2016-12-28 18:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TV-Browser
2016-12-28 18:55 - 2016-12-28 18:55 - 00000000 ____D C:\Program Files (x86)\TV-Browser
2016-12-27 18:27 - 2017-01-11 20:37 - 00000000 ____D C:\Users\hans\Aufnahmen\Documents\BotaniculaSaves
2016-12-27 15:13 - 2016-12-27 15:13 - 00000222 _____ C:\Users\hans\Desktop\Samorost 3.url
2016-12-27 15:13 - 2016-12-27 15:13 - 00000222 _____ C:\Users\hans\Desktop\Botanicula.url
2016-12-27 15:13 - 2016-12-27 15:13 - 00000221 _____ C:\Users\hans\Desktop\Samorost 2.url
2016-12-27 15:13 - 2016-12-27 15:13 - 00000221 _____ C:\Users\hans\Desktop\Machinarium.url
2016-12-27 15:13 - 2016-12-27 15:13 - 00000000 ____D C:\Users\hans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-12-27 14:34 - 2016-12-27 14:34 - 00000000 ____D C:\Users\hans\AppData\Local\Chromium
2016-12-24 15:36 - 2017-01-03 19:45 - 00016524 ____H C:\Users\Leo\AppData\Local\IconCache.db
2016-12-24 15:34 - 2017-01-02 23:10 - 00000000 ____D C:\Users\Leo\AppData\Local\ConnectedDevicesPlatform
2016-12-24 15:34 - 2016-12-24 15:34 - 00004676 __RSH C:\Users\Leo\ntuser.pol
2016-12-24 15:34 - 2016-12-24 15:34 - 00000174 ___SH C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
2016-12-24 15:34 - 2016-12-24 15:34 - 00000020 ___SH C:\Users\Leo\ntuser.ini
2016-12-24 15:34 - 2016-12-24 15:34 - 00000000 ____D C:\Users\Leo\AppData\Local\Comms
2016-12-24 12:49 - 2016-12-24 12:49 - 00000000 _____ C:\Users\hans\AppData\Roaming\f0aa1a7e-4626-4653-9ccb-fec05ba6b9ce.storage
2016-12-24 12:49 - 2016-12-24 12:49 - 00000000 _____ C:\Users\hans\AppData\Roaming\5a873492-3d40-49ab-846a-bc059a202348.storage
2016-12-23 19:56 - 2016-12-23 19:56 - 11346638 _____ C:\Users\hans\Downloads\Amazon-Music-Download_2016-12-23_19-56.zip
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-01-20 19:04 - 2012-11-06 22:55 - 00000000 ____D C:\Users\hans\AppData\Roaming\Notepad++
2017-01-20 19:03 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-20 18:37 - 2016-11-18 18:33 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-20 18:05 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-20 14:30 - 2012-07-27 20:37 - 00000000 _____ C:\WINDOWS\Path.idx
2017-01-19 18:18 - 2016-03-06 11:45 - 00000000 ____D C:\Program Files (x86)\Steam
2017-01-19 18:18 - 2012-07-27 19:31 - 01048576 _____ C:\WINDOWS\PE_Rom.dll
2017-01-19 18:17 - 2015-05-19 22:05 - 00000000 __SHD C:\Users\hans\IntelGraphicsProfiles
2017-01-17 19:54 - 2015-11-08 11:57 - 00000000 ____D C:\Users\hans\Aufnahmen\Documents\Registry CC_Cleaner
2017-01-17 19:52 - 2016-01-02 16:24 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-01-16 23:54 - 2015-10-15 18:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-16 21:12 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-14 19:52 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-01-14 18:47 - 2016-11-18 18:38 - 03159026 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-14 18:47 - 2016-07-16 23:51 - 01357240 _____ C:\WINDOWS\system32\perfh007.dat
2017-01-14 18:47 - 2016-07-16 23:51 - 00348444 _____ C:\WINDOWS\system32\perfc007.dat
2017-01-14 18:38 - 2016-11-18 18:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-14 18:38 - 2015-06-16 19:22 - 00000000 ____D C:\ProgramData\firebird
2017-01-14 18:35 - 2016-07-16 07:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-01-14 17:36 - 2016-07-16 07:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-01-11 18:52 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-11 18:52 - 2015-10-23 20:52 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-11 18:51 - 2013-10-09 12:21 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-11 07:55 - 2016-11-18 18:39 - 00000000 ____D C:\Users\DefaultAppPool
2017-01-11 07:54 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-11 07:54 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-11 07:54 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-11 07:54 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-11 07:54 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-11 07:54 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-01-11 01:47 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-01-11 01:47 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-01-10 21:01 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-10 20:59 - 2013-08-16 22:43 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-10 20:57 - 2012-07-28 17:25 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-07 15:07 - 2016-11-18 18:39 - 00000000 ____D C:\Users\Mcx1-DELFINE
2017-01-07 15:07 - 2016-11-18 18:39 - 00000000 ____D C:\Users\Leo
2017-01-05 17:40 - 2010-11-21 04:27 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-01-04 01:47 - 2016-11-18 18:45 - 00003858 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-01-03 20:05 - 2012-07-28 16:00 - 00000000 ____D C:\Users\hans\AppData\Local\Downloaded Installations
2017-01-03 19:45 - 2016-12-03 14:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-01-03 19:45 - 2012-09-07 16:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-02 22:41 - 2015-12-03 19:27 - 00000000 ____D C:\Users\Leo\AppData\Local\Packages
2017-01-02 22:39 - 2016-03-06 11:43 - 00002418 _____ C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-02 22:39 - 2016-03-06 11:43 - 00000000 ___RD C:\Users\Leo\OneDrive
2017-01-02 22:38 - 2015-06-07 17:59 - 00000000 __SHD C:\Users\Leo\IntelGraphicsProfiles
2016-12-31 20:36 - 2014-01-25 15:21 - 00000000 ____D C:\Users\hans\AppData\Roaming\KeePass
2016-12-31 13:23 - 2016-12-10 13:37 - 00000000 ____D C:\ProgramData\Foxit Software
2016-12-31 13:23 - 2009-07-14 04:20 - 00000000 ___RD C:\Users\Public\Documents
2016-12-31 13:14 - 2012-07-30 21:48 - 00000000 ____D C:\Users\hans\AppData\Roaming\Foxit Software
2016-12-31 12:57 - 2012-07-28 16:00 - 00000000 ____D C:\ProgramData\Sonos,_Inc
2016-12-28 19:03 - 2015-07-24 14:57 - 00000000 ____D C:\Users\hans\AppData\Roaming\vlc
2016-12-28 19:01 - 2016-11-18 18:39 - 00000000 ____D C:\Users\hans
2016-12-27 16:02 - 2016-03-06 11:57 - 00000000 ____D C:\Users\hans\AppData\Local\Steam
2016-12-27 14:32 - 2016-03-06 11:45 - 00001036 _____ C:\Users\Public\Desktop\Steam.lnk
2016-12-27 14:32 - 2016-03-06 11:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-12-24 15:42 - 2016-12-03 14:44 - 00000000 ____D C:\WINDOWS\Minidump
2016-12-24 15:36 - 2016-11-18 18:39 - 00524288 ___SH C:\Users\Leo\NTUSER.DAT{22c1e74d-adb5-11e6-a28c-dd852ca2b43d}.TMContainer00000000000000000001.regtrans-ms
2016-12-24 15:36 - 2016-11-18 18:39 - 00065536 ___SH C:\Users\Leo\NTUSER.DAT{22c1e74d-adb5-11e6-a28c-dd852ca2b43d}.TM.blf
2016-12-24 15:36 - 2016-11-18 18:39 - 00000000 ____D C:\Users\Leo\AppData\Local
2016-12-24 15:34 - 2016-11-18 18:39 - 00000000 ___RD C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2016-12-24 15:34 - 2015-05-03 14:21 - 00000282 ___SH C:\Users\Leo\Downloads\desktop.ini
2016-12-24 15:34 - 2015-05-03 14:21 - 00000282 ___SH C:\Users\Leo\Desktop\desktop.ini
2016-12-24 15:34 - 2015-05-03 14:21 - 00000174 ___SH C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
2016-12-24 15:34 - 2015-05-03 14:21 - 00000000 ___RD C:\Users\Leo\Searches
2016-12-24 15:34 - 2015-05-03 14:21 - 00000000 ___RD C:\Users\Leo\Contacts
2016-12-24 15:34 - 2015-05-03 14:21 - 00000000 ___RD C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2016-12-24 15:34 - 2015-05-03 14:21 - 00000000 ___RD C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2016-12-24 15:34 - 2015-05-03 14:20 - 00000000 ___RD C:\Users\Leo\Videos
2016-12-24 15:34 - 2015-05-03 14:20 - 00000000 ___RD C:\Users\Leo\Saved Games
2016-12-24 15:34 - 2015-05-03 14:20 - 00000000 ___RD C:\Users\Leo\Pictures
2016-12-24 15:34 - 2015-05-03 14:20 - 00000000 ___RD C:\Users\Leo\Music
2016-12-24 15:34 - 2015-05-03 14:20 - 00000000 ___RD C:\Users\Leo\Links
2016-12-24 15:34 - 2015-05-03 14:20 - 00000000 ___RD C:\Users\Leo\Favorites
2016-12-24 15:34 - 2015-05-03 14:20 - 00000000 ___RD C:\Users\Leo\Downloads
2016-12-24 15:34 - 2015-05-03 14:20 - 00000000 ___RD C:\Users\Leo\Documents
2016-12-24 15:34 - 2015-05-03 14:20 - 00000000 ___RD C:\Users\Leo\Desktop
2016-12-23 00:13 - 2016-07-16 12:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-23 00:13 - 2016-07-16 12:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-22 20:53 - 2015-12-28 19:04 - 00000000 ____D C:\Users\hans\Aufnahmen\Documents\My Digital Editions
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2017-01-04 20:21 - 2017-01-04 20:21 - 0681536 _____ (O&O Software GmbH) C:\Program Files (x86)\OOSU10861.exe
2015-11-01 17:56 - 2015-11-01 17:56 - 0000000 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-12-24 12:49 - 2016-12-24 12:49 - 0000000 _____ () C:\Users\hans\AppData\Roaming\5a873492-3d40-49ab-846a-bc059a202348.storage
2015-05-25 10:28 - 2015-05-25 10:28 - 0000093 _____ () C:\Users\hans\AppData\Roaming\ARCompanion.log
2016-12-24 12:49 - 2016-12-24 12:49 - 0000000 _____ () C:\Users\hans\AppData\Roaming\f0aa1a7e-4626-4653-9ccb-fec05ba6b9ce.storage
2014-02-07 19:26 - 2014-02-07 19:26 - 0000044 _____ () C:\Users\hans\AppData\Roaming\WB.CFG
2012-09-23 14:57 - 2016-06-22 20:06 - 0012800 _____ () C:\Users\hans\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-29 11:00 - 2013-12-29 11:00 - 0000093 _____ () C:\Users\hans\AppData\Local\fusioncache.dat
2016-01-30 16:21 - 2016-01-30 16:47 - 0000026 _____ () C:\Users\hans\AppData\Local\isoworkshop.ini
2013-02-09 18:39 - 2013-02-09 18:40 - 0000600 _____ () C:\Users\hans\AppData\Local\PUTTY.RND
2012-07-28 01:07 - 2012-09-14 22:37 - 0007597 _____ () C:\Users\hans\AppData\Local\Resmon.ResmonCfg
2013-09-25 18:08 - 2016-01-30 16:12 - 0000085 ___SH () C:\ProgramData\.zreglib
2012-07-29 16:35 - 2012-07-29 18:52 - 0000297 _____ () C:\ProgramData\Gpu.log
Einige Dateien in TEMP:
====================
C:\Users\hans\AppData\Local\Temp\ginstall.dll
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-01-14 18:48
==================== Ende von FRST.txt ============================
|
| Themen zu Windows10: Trojanerfunde TR/Crypt.ZPACK.opknz + TR/Crypt.ZPACK.gezb + TR/Crypt.Xpack.400358 + TR/Dropper.A.40051 + TR/Dropper.A.40034 |
| administrator, antivirus, avira, beseitigung, computer, defender, ebay, entfernen, explorer, failed, firefox, flash player, frage, helper, home, homepage, mozilla, prozesse, registry, safer networking, scan, services.exe, software, symantec, system, trojaner, windows, windows 10 |
Baum-Darstellung