Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows10: Trojanerfunde TR/Crypt.ZPACK.opknz + TR/Crypt.ZPACK.gezb + TR/Crypt.Xpack.400358 + TR/Dropper.A.40051 + TR/Dropper.A.40034

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 20.01.2017, 21:05   #1
laocoon
 
Windows10: Trojanerfunde TR/Crypt.ZPACK.opknz + TR/Crypt.ZPACK.gezb + TR/Crypt.Xpack.400358 + TR/Dropper.A.40051 + TR/Dropper.A.40034 - Standard

Windows10: Trojanerfunde TR/Crypt.ZPACK.opknz + TR/Crypt.ZPACK.gezb + TR/Crypt.Xpack.400358 + TR/Dropper.A.40051 + TR/Dropper.A.40034



Hallo liebes Forum,

Avira Free Antivirus (Produktversion 15.0.24.146, 06.12.2016) hat -soweit ich das überblicke- diese 5 Trojaner gemeldet:

TR/Crypt.ZPACK.opknz
TR/Crypt.ZPACK.gezb
TR/Crypt.Xpack.400358
TR/Dropper.A.40051
TR/Dropper.A.40034

Lt. Avira-Logfile befinden sich diese wohl innerhalb irgendwelcher gepackten Mail-Anhänge (von Pseudo-Juristen-Abmahnern) und in "Backupfiles.zip". Da diese (soweit ich das als Laie beurteilen kann) sich in Archiven befinden, können keine Reparaturen oder Entfernungen vorgenommen werden.

Mein System läuft einwandfrei (soweit ich das laienhaft feststellen kann).

Meine Frage an Euch Profis:
Was mache ich nun? Ignorieren? Oder diese "Schläfer" lieber entfernen?
Ich würde die Beseitigung dieser Besucher bevorzugen. Habe aber keine Ahnung wie.

Daher wäre ich Euch dankbar, wenn Ihr mir mit ein wenig Rat zur Seite stehen würdet und verbleibe mit besten Grüßen
Laocoon

Anbei der Auszug aus der FRST-Datei.
Die Auszüge aus der Addition-Datei und aus dem aktuellsten Avira-Log lade ich als zip hoch, da diese scheinbar zu groß sind.

Hier die FRST:

Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 18-01-2017
durchgeführt von hans (Administrator) auf DELFINE (20-01-2017 19:25:53)
Gestartet von C:\Users\hans\Desktop
Geladene Profile: hans & Mcx1-DELFINE & Leo & DefaultAppPool (Verfügbare Profile: hans & Mcx1-DELFINE & Leo & DefaultAppPool)
Platform: Windows 10 Pro Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(Axis Communications AB) C:\Program Files\Axis Communications\AXIS Camera Management 4\AcmService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.04\AsusFanControlService.exe
(Chip Digital GmbH) C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\SpybotSearchDestroy2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\SpybotSearchDestroy2\SDFSSvc.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\SpybotSearchDestroy2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFi GO! Server.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\SpybotSearchDestroy2\SDTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetiCtrlTray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AsDLNAServerReal.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-26] (Logitech, Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-11-18] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-27] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [ASUS WiFi GO! FileTransfer Execute] => C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFile\WiFileTransfer.exe [1376896 2012-04-12] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [917576 2016-12-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [407904 2015-04-08] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153952 2015-04-08] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [AXIS Camera Management Service Control] => C:\Program Files\Axis Communications\AXIS Camera Management 4\AcmAdmin.exe [1834160 2015-05-08] (Axis Communications AB)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [60136 2016-11-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Plugin Install] => C:\Program Files (x86)\QuickTime\Plugins\DeleteMe1.exe [86016 2016-04-05] ()
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\SpybotSearchDestroy2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\Run: [Xvid] => C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-21] (Piriform Ltd)
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATINFE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATINFE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\Run: [EPLTarget\P0000000000000002] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATINFE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2876704 2016-12-20] (Valve Corporation)
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\SpybotSearchDestroy2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1412286257-1942420214-3619319362-1002\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-21-1412286257-1942420214-3619319362-1002\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1412286257-1942420214-3619319362-1002\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1412286257-1942420214-3619319362-1007\...\RunOnce: [Uninstall 17.3.6381.0405\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Leo\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64"
HKU\S-1-5-21-1412286257-1942420214-3619319362-1007\...\RunOnce: [Uninstall 17.3.6381.0405] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Leo\AppData\Local\Microsoft\OneDrive\17.3.6381.0405"
HKU\S-1-5-21-1412286257-1942420214-3619319362-1007\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1412286257-1942420214-3619319362-1007\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [01Mediencenter_InSync] -> {77BC4082-DB5F-439A-8DC8-F9E24A63B0DE} => C:\Users\hans\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll [2013-04-18] (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: [02Mediencenter_ToSync] -> {528EE335-5034-4EFC-834E-63E5F02D2BC2} => C:\Users\hans\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll [2013-04-18] (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: [03Mediencenter_Failed] -> {6066ADF0-9EB0-43E5-ADB6-990F5A3B979C} => C:\Users\hans\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll [2013-04-18] (Deutsche Telekom AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk [2014-02-03]
ShortcutTarget: phase-6 Reminder.lnk -> C:\Program Files (x86)\phase-6\phase-6\reminder\reminder.exe (phase-6)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Philips GoGear SA4VBE Device Manager.lnk [2013-06-14]
ShortcutTarget: Philips GoGear SA4VBE Device Manager.lnk -> C:\Program Files (x86)\Philips\GoGear SA4VBE Device Manager\GoGear_SA4VBE_DeviceManager.exe (Philips)
Startup: C:\Users\hans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk [2012-07-27]
ShortcutTarget: Samsung SSD Magician.lnk -> C:\Program Files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe (Samsung Electronics.)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Beschränkung <======= ACHTUNG
GroupPolicy\User: Beschränkung <======= ACHTUNG
GroupPolicyUsers\S-1-5-21-1412286257-1942420214-3619319362-1007\User: Beschränkung <======= ACHTUNG

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{280df009-71d1-45e6-bca3-de9ca51bc6ef}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{ec71dbf0-98cf-4b04-8ee2-cceb81b9b1a9}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKLM -> {1F0C0E4A-72C8-4560-9612-27AD083921F1} URL = hxxp://webtip.ch/cgi-bin/amz_track/tracker_de.pl?loc=search&search={searchTerms}
SearchScopes: HKLM-x32 -> {1F0C0E4A-72C8-4560-9612-27AD083921F1} URL = hxxp://webtip.ch/cgi-bin/amz_track/tracker_de.pl?loc=search&search={searchTerms}
SearchScopes: HKU\S-1-5-21-1412286257-1942420214-3619319362-1000 -> {1F0C0E4A-72C8-4560-9612-27AD083921F1} URL = hxxp://webtip.ch/cgi-bin/amz_track/tracker_de.pl?loc=search&search={searchTerms}
SearchScopes: HKU\S-1-5-21-1412286257-1942420214-3619319362-1000 -> {47F43F50-68E2-4F28-B949-26EE0EC9C505} URL = hxxp://www.buyertools.net/cgi-bin/preispiraten_de/nph.fcgi?qry_str={searchTerms}&category=deutsch&how=and&searchtype=simple&Web=on&wiki_tab=on&wiki_tab_old=+CHECKED&ebay_tab=on&ebay_tab_old=+CHECKED&shoppingcom_tab=on&shoppingcom_tab_old=+CHECKED&pirat_tab=on&pirat_tab_old=+CHECKED&JavaScript=enabled&submit=SUCHEN
SearchScopes: HKU\S-1-5-21-1412286257-1942420214-3619319362-1000 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (Seiko Epson Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-03] (Oracle Corporation)
BHO-x32: amazon -> {84B94901-3645-4D80-A6B7-4D0050B19455} -> C:\Program Files (x86)\Pricepirates7\IEButtonAmazonInterface.dll [2009-08-20] ()
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-03] (Oracle Corporation)
BHO-x32: Preispiraten -> {E9E027BF-C3F3-4022-8F6B-8F6D39A59684} -> C:\Program Files (x86)\Pricepirates7\IEButtonPPInterface.dll [2009-08-20] ()
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (Seiko Epson Corporation)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Home Extension - {F090BE08-2E7E-4D60-8FAB-98ABFA425136} - C:\Program Files (x86)\Pricepirates7\HomeExtension.dll [2007-03-26] ()
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\hans\AppData\Roaming\Songbird2\Profiles\f8yv4x3u.default [2017-01-10]
FF Extension: (Philips GoGear Device Manager) - C:\Users\hans\AppData\Roaming\Songbird2\Profiles\f8yv4x3u.default\Extensions\gogear@songbirdnest.com [2013-06-11] [ist nicht signiert]
FF Extension: (German (de) Language Pack) - C:\Users\hans\AppData\Roaming\Songbird2\Profiles\f8yv4x3u.default\Extensions\langpack-de@songbirdnest.com [2013-06-11] [ist nicht signiert]
FF Extension: (MSC Device Support) - C:\Users\hans\AppData\Roaming\Songbird2\Profiles\f8yv4x3u.default\Extensions\msc@songbirdnest.com [2013-06-11] [ist nicht signiert]
FF Extension: (MTP Device Support) - C:\Users\hans\AppData\Roaming\Songbird2\Profiles\f8yv4x3u.default\Extensions\mtp@songbirdnest.com [2013-06-11] [ist nicht signiert]
FF Extension: (Kein Name) - C:\Program Files (x86)\Songbird\extensions\albumart@songbirdnest.com [nicht gefunden]
FF Extension: (Kein Name) - C:\Program Files (x86)\Songbird\extensions\gonzo@songbirdnest.com [nicht gefunden]
FF Extension: (Kein Name) - C:\Program Files (x86)\Songbird\extensions\philips-addon-manager@songbirdnest.com [nicht gefunden]
FF Extension: (Kein Name) - C:\Program Files (x86)\Songbird\extensions\pinkmartini@songbirdnest.com [nicht gefunden]
FF Extension: (Kein Name) - C:\Program Files (x86)\Songbird\extensions\purplerain@songbirdnest.com [nicht gefunden]
FF Extension: (Kein Name) - C:\Program Files (x86)\Songbird\extensions\sharing@songbirdnest.com [nicht gefunden]
FF Extension: (Kein Name) - C:\Program Files (x86)\Songbird\extensions\soundboard@songbirdnest.com [nicht gefunden]
FF ProfilePath: C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default [2017-01-20]
FF user.js: detected! => C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\user.js [2016-03-04]
FF Homepage: Mozilla\Firefox\Profiles\cnn104yu.default -> hxxp://www.google.de
FF Extension: (Avira Browser Safety) - C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\abs@avira.com [2016-11-23] [ist nicht signiert]
FF Extension: (Brief) - C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\brief@mozdev.org.xpi [2016-06-12]
FF Extension: (Clipple) - C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\clipple@mooz.github.com.xpi [2016-02-17]
FF Extension: (ProxTube) - C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\ich@maltegoetz.de.xpi [2016-10-17]
FF Extension: (Download YouTube Videos, Fast And Simple) - C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\jid1-cHKBMlArKdIVEg@jetpack.xpi [2016-04-30]
FF Extension: (Vlc Kontextmenü) - C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\vlcplaylist@helgatauscher.de.xpi [2016-04-30]
FF Extension: (VLC Youtube Shortcut) - C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\vlc_shortcut@kosan.kosan.xpi [2016-12-01]
FF Extension: (All-in-One Sidebar) - C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2016-04-10]
FF Extension: (Amazon Startcenter) - C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\{144D1513-0819-4538-AD26-D515AF443AE7} [2016-11-26]
FF Extension: (Home Extension) - C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\{2E6861CA-9A88-4B7B-B935-F810DE84D259} [2016-11-26]
FF Extension: (Amazon Statusbar Button) - C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\{32DD6873-2BC0-4E4B-B9A3-0E602AB0DC14} [2016-11-26]
FF Extension: (Real Player Plugin) - C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\{5bde3c21-2fd4-4f4a-8726-253ac3af4675}.xpi [2016-05-19] [ist nicht signiert]
FF Extension: (NoScript) - C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-01-20]
FF Extension: (CSSHelper) - C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\{89e65ea8-9e30-489d-8269-7ba28535378a}.xpi [2015-12-24] [ist nicht signiert]
FF Extension: (Clippings) - C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271} [2016-11-04]
FF Extension: (Biet-O-Matic Firefox Erweiterung) - C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\{B0D70E72-2FC1-4b9f-A3D4-5921C854D906}.xpi [2012-12-08] [ist nicht signiert]
FF Extension: (Preispiraten) - C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\{C8D3D3BE-7ADC-4109-BF8C-6330A9F58B0C} [2016-01-16]
FF Extension: (Adblock Plus) - C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Extension: (Tab Mix Plus) - C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2017-01-14]
FF SearchPlugin: C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\searchplugins\dudende-suche.xml [2012-07-29]
FF SearchPlugin: C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\searchplugins\stadtbibliothek-hanshans.xml [2016-04-01]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-01-30] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2015-08-18] [ist nicht signiert]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-11] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-09-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-09-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [Keine Datei]
FF Plugin: synology.com/SurveillancePlugin_x86_64 -> C:\Program Files (x86)\Synology\SurveillancePlugin\1.0.0.934\npSurveillancePlugin_x86_64.dll [2016-03-25] (Synology)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-11] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1206147.dll [2013-11-25] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-04-08] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2015-04-08] (Citrix Systems, Inc.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-09-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Keine Datei]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Keine Datei]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Keine Datei]
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @graphisoft.com/GDL Web Plug-in -> C:\Program Files (x86)\GRAPHISOFT\GDLWebControl\npGDLMozilla.dll [2012-06-14] (Graphisoft SE)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-03] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-09-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: synology.com/SurveillancePlugin -> C:\Program Files (x86)\Synology\SurveillancePlugin\1.0.0.934\npSurveillancePlugin.dll [2016-03-25] (Synology)
FF Plugin HKU\S-1-5-21-1412286257-1942420214-3619319362-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-09-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-1412286257-1942420214-3619319362-1000: @sun.com/npsopluginmi;version=1.0 -> C:\Program Files (x86)\OpenOffice.org 3\program [Keine Datei]
FF Plugin HKU\S-1-5-21-1412286257-1942420214-3619319362-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\hans\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-12-03] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1412286257-1942420214-3619319362-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll [2012-12-07] (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2015-09-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-08-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2016-04-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2016-04-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2016-04-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2016-04-05] (Apple Inc.)

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> chrome://newtab
CHR Profile: C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default [2017-01-06]
CHR Extension: (Google Präsentationen) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-09]
CHR Extension: (Google Docs) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-09]
CHR Extension: (Google Drive) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-29]
CHR Extension: (YouTube) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-29]
CHR Extension: (Google Cast) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-11-20]
CHR Extension: (Google-Suche) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Google Tabellen) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-09]
CHR Extension: (Google Docs Offline) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-20]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-20]
CHR Extension: (Google Mail) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-09]
CHR Extension: (Chrome Media Router) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-20]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [1089592 2016-12-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [476736 2016-12-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [476736 2016-12-15] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1490296 2016-12-15] (Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-07-28] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-02-02] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.04\AsusFanControlService.exe [1473664 2012-07-28] (ASUSTeK Computer Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [350528 2016-11-24] (Avira Operations GmbH & Co. KG)
R2 AXIS Camera Management; C:\Program Files\Axis Communications\AXIS Camera Management 4\AcmService.exe [18432 2015-05-08] (Axis Communications AB) [Datei ist nicht signiert]
R2 chip1click; C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe [91136 2016-10-27] (Chip Digital GmbH) [Datei ist nicht signiert]
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-16] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-15] (SEIKO EPSON CORPORATION)
R2 FoxitReaderService; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe [1659592 2016-11-15] (Foxit Software Inc.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [703984 2014-09-22] (SEIKO EPSON CORPORATION)
R2 SDScannerService; C:\Program Files (x86)\SpybotSearchDestroy2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\SpybotSearchDestroy2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\SpybotSearchDestroy2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-11-18] (Microsoft Corporation)
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2015-05-11] () [Datei ist nicht signiert]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
S3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [151352 2016-12-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [153904 2016-12-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [35488 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [78208 2016-06-04] (Avira Operations GmbH & Co. KG)
S3 GenericMount; C:\WINDOWS\System32\DRIVERS\GenericMount.sys [66608 2010-02-12] (Symantec Corporation)
R3 ikbevent; C:\WINDOWS\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
R3 imsevent; C:\WINDOWS\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 WPRO_41_2001; C:\WINDOWS\System32\drivers\WPRO_41_2001.sys [34752 2013-01-28] ()
U3 idsvc; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-01-20 19:25 - 2017-01-20 19:26 - 00038833 _____ C:\Users\hans\Desktop\FRST.txt
2017-01-20 19:24 - 2017-01-20 19:25 - 00000000 ____D C:\FRST
2017-01-20 19:23 - 2017-01-20 19:24 - 02419712 _____ (Farbar) C:\Users\hans\Desktop\FRST64.exe
2017-01-20 19:03 - 2017-01-20 19:03 - 00001387 _____ C:\Users\hans\Desktop\Bearbeitet - Verknüpfung.lnk
2017-01-20 19:03 - 2017-01-20 19:03 - 00000475 _____ C:\Users\hans\Desktop\Trojaner.txt
2017-01-16 23:51 - 2014-05-19 21:15 - 00450709 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170116-235155.backup
2017-01-14 19:14 - 2017-01-14 19:14 - 00000000 ____D C:\Users\hans\AppData\Roaming\Amanita-Design.Samorost3
2017-01-14 18:35 - 2017-01-14 18:38 - 00000000 ____D C:\WINDOWS\Microsoft Antimalware
2017-01-10 23:50 - 2014-05-19 21:15 - 00450709 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170110-235007.backup
2017-01-10 21:23 - 2014-05-19 21:15 - 00450709 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170110-212324.backup
2017-01-10 20:16 - 2014-05-19 21:15 - 00450709 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170110-201615.backup
2017-01-10 19:32 - 2016-12-21 09:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-10 19:32 - 2016-12-21 09:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-10 19:32 - 2016-12-21 08:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-10 19:32 - 2016-12-21 08:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-10 19:32 - 2016-12-21 08:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-10 19:32 - 2016-12-21 08:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-10 19:32 - 2016-12-21 08:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-01-10 19:32 - 2016-12-21 08:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-10 19:32 - 2016-12-21 08:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-10 19:32 - 2016-12-21 08:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-10 19:32 - 2016-12-21 08:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-10 19:32 - 2016-12-21 08:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-10 19:32 - 2016-12-21 08:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-10 19:32 - 2016-12-21 07:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-10 19:32 - 2016-12-21 07:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-10 19:32 - 2016-12-21 07:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-10 19:32 - 2016-12-21 07:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-10 19:32 - 2016-12-21 07:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-10 19:32 - 2016-12-21 07:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-10 19:32 - 2016-12-21 07:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-10 19:32 - 2016-12-21 07:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-10 19:32 - 2016-12-21 07:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-01-10 19:32 - 2016-12-21 07:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-10 19:32 - 2016-12-21 06:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-01-10 19:32 - 2016-12-21 06:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-10 19:32 - 2016-12-21 06:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-01-10 19:32 - 2016-12-21 05:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-10 19:32 - 2016-12-21 05:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-10 19:32 - 2016-12-21 05:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-01-10 19:32 - 2016-12-21 05:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-01-10 19:32 - 2016-12-21 05:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-01-10 19:32 - 2016-12-21 05:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-01-10 19:32 - 2016-12-21 05:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-01-10 19:32 - 2016-12-21 05:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-01-10 19:32 - 2016-12-21 05:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-10 19:32 - 2016-12-21 05:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-10 19:32 - 2016-12-21 05:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-01-10 19:32 - 2016-12-21 05:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-01-10 19:32 - 2016-12-21 05:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-01-10 19:32 - 2016-12-21 05:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-01-10 19:32 - 2016-12-21 05:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-10 19:32 - 2016-12-21 05:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-01-10 19:32 - 2016-12-14 06:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-10 19:32 - 2016-12-14 06:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-10 19:32 - 2016-12-14 06:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-01-10 19:32 - 2016-12-14 06:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-01-10 19:32 - 2016-12-14 06:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-01-10 19:32 - 2016-12-14 06:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-01-10 19:32 - 2016-12-14 05:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-10 19:32 - 2016-12-14 05:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-10 19:32 - 2016-12-14 05:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-10 19:32 - 2016-12-14 05:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-10 19:32 - 2016-12-14 05:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-01-10 19:32 - 2016-12-14 05:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-10 19:32 - 2016-12-14 05:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-10 19:32 - 2016-12-14 05:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-01-10 19:32 - 2016-12-14 05:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-10 19:32 - 2016-12-14 05:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-10 19:32 - 2016-12-14 05:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-01-10 19:32 - 2016-12-14 05:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-01-10 19:32 - 2016-12-14 05:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-10 19:32 - 2016-12-14 05:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-01-10 19:32 - 2016-12-14 05:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-10 19:32 - 2016-12-14 05:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-10 19:32 - 2016-12-14 05:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-10 19:32 - 2016-12-14 05:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-10 19:32 - 2016-12-14 05:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-10 19:32 - 2016-12-14 05:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-10 19:32 - 2016-12-14 05:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-10 19:32 - 2016-12-14 05:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-10 19:32 - 2016-11-02 13:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-01-10 19:32 - 2016-11-02 11:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-10 19:32 - 2016-08-02 05:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-01-10 19:31 - 2016-12-21 09:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-10 19:31 - 2016-12-21 08:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-10 19:31 - 2016-12-21 08:45 - 00153952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcmiplugin.dll
2017-01-10 19:31 - 2016-12-21 08:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-10 19:31 - 2016-12-21 08:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-10 19:31 - 2016-12-21 08:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-01-10 19:31 - 2016-12-21 08:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-10 19:31 - 2016-12-21 08:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-10 19:31 - 2016-12-21 08:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-10 19:31 - 2016-12-21 08:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-10 19:31 - 2016-12-21 08:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-10 19:31 - 2016-12-21 08:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-10 19:31 - 2016-12-21 08:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-10 19:31 - 2016-12-21 08:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-01-10 19:31 - 2016-12-21 08:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-10 19:31 - 2016-12-21 08:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-01-10 19:31 - 2016-12-21 08:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-10 19:31 - 2016-12-21 08:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-10 19:31 - 2016-12-21 08:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-10 19:31 - 2016-12-21 08:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-10 19:31 - 2016-12-21 08:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-10 19:31 - 2016-12-21 08:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-01-10 19:31 - 2016-12-21 08:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-10 19:31 - 2016-12-21 08:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-10 19:31 - 2016-12-21 08:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-10 19:31 - 2016-12-21 08:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-01-10 19:31 - 2016-12-21 08:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-01-10 19:31 - 2016-12-21 07:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-10 19:31 - 2016-12-21 07:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-10 19:31 - 2016-12-21 07:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-10 19:31 - 2016-12-21 07:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-10 19:31 - 2016-12-21 07:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-10 19:31 - 2016-12-21 07:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-10 19:31 - 2016-12-21 07:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-10 19:31 - 2016-12-21 07:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-10 19:31 - 2016-12-21 07:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-10 19:31 - 2016-12-21 07:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-10 19:31 - 2016-12-21 06:03 - 00136544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqmigplugin.dll
2017-01-10 19:31 - 2016-12-21 06:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-01-10 19:31 - 2016-12-21 06:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-01-10 19:31 - 2016-12-21 06:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-01-10 19:31 - 2016-12-21 06:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-01-10 19:31 - 2016-12-21 06:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-01-10 19:31 - 2016-12-21 06:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-01-10 19:31 - 2016-12-21 05:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-01-10 19:31 - 2016-12-21 05:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-10 19:31 - 2016-12-21 05:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-01-10 19:31 - 2016-12-21 05:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-01-10 19:31 - 2016-12-21 05:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-01-10 19:31 - 2016-12-21 05:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-01-10 19:31 - 2016-12-21 05:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-01-10 19:31 - 2016-12-21 05:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-01-10 19:31 - 2016-12-21 05:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-01-10 19:31 - 2016-12-21 05:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-01-10 19:31 - 2016-12-21 05:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-01-10 19:31 - 2016-12-21 05:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-01-10 19:31 - 2016-12-14 06:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-10 19:31 - 2016-12-14 06:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-10 19:31 - 2016-12-14 06:33 - 02169184 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-01-10 19:31 - 2016-12-14 06:33 - 01669984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-01-10 19:31 - 2016-12-14 06:33 - 01400160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-01-10 19:31 - 2016-12-14 06:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-10 19:31 - 2016-12-14 06:33 - 01054048 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2017-01-10 19:31 - 2016-12-14 06:33 - 00992096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2017-01-10 19:31 - 2016-12-14 06:33 - 00822624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-01-10 19:31 - 2016-12-14 06:33 - 00813408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-01-10 19:31 - 2016-12-14 06:33 - 00779616 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-01-10 19:31 - 2016-12-14 06:33 - 00752992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-01-10 19:31 - 2016-12-14 06:33 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-01-10 19:31 - 2016-12-14 06:33 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-01-10 19:31 - 2016-12-14 06:33 - 00571744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-01-10 19:31 - 2016-12-14 06:33 - 00513376 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2017-01-10 19:31 - 2016-12-14 06:33 - 00406368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-01-10 19:31 - 2016-12-14 06:33 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2017-01-10 19:31 - 2016-12-14 06:33 - 00190816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVDllSurrogate.exe
2017-01-10 19:31 - 2016-12-14 06:26 - 01469792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-01-10 19:31 - 2016-12-14 06:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-10 19:31 - 2016-12-14 06:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-10 19:31 - 2016-12-14 06:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-10 19:31 - 2016-12-14 06:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-10 19:31 - 2016-12-14 06:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-10 19:31 - 2016-12-14 06:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-10 19:31 - 2016-12-14 06:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-01-10 19:31 - 2016-12-14 06:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-01-10 19:31 - 2016-12-14 06:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-01-10 19:31 - 2016-12-14 05:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-10 19:31 - 2016-12-14 05:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-01-10 19:31 - 2016-12-14 05:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-10 19:31 - 2016-12-14 05:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 19:31 - 2016-12-14 05:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-10 19:31 - 2016-12-14 05:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-10 19:31 - 2016-12-14 05:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-10 19:31 - 2016-12-14 05:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-01-10 19:31 - 2016-12-14 05:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 19:31 - 2016-12-14 05:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-10 19:31 - 2016-12-14 05:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-10 19:31 - 2016-12-14 05:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-10 19:31 - 2016-12-14 05:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-10 19:31 - 2016-12-14 05:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-10 19:31 - 2016-12-14 05:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-10 19:31 - 2016-12-14 05:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-01-10 19:31 - 2016-12-14 05:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-01-10 19:31 - 2016-12-14 05:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-01-10 19:31 - 2016-12-14 05:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-10 19:31 - 2016-12-14 05:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-10 19:31 - 2016-12-14 05:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-01-10 19:31 - 2016-12-14 05:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-01-10 19:31 - 2016-12-14 05:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-01-10 19:31 - 2016-12-14 05:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-10 19:31 - 2016-11-02 12:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-01-10 19:31 - 2016-11-02 11:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-01-10 19:31 - 2016-11-02 11:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-01-09 18:22 - 2014-05-19 21:15 - 00450709 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170109-182203.backup
2017-01-07 15:05 - 2017-01-11 18:51 - 00263016 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-06 19:49 - 2014-05-19 21:15 - 00450709 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170106-194925.backup
2017-01-04 20:25 - 2017-01-04 20:25 - 00001333 _____ C:\Users\hans\Desktop\OOSU10861.exe - Verknüpfung.lnk
2017-01-04 20:21 - 2017-01-04 20:21 - 00681536 _____ (O&O Software GmbH) C:\Program Files (x86)\OOSU10861.exe
2017-01-04 18:35 - 2014-05-19 21:15 - 00450709 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170104-183515.backup
2017-01-04 00:41 - 2014-05-19 21:15 - 00450709 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170104-004142.backup
2017-01-04 00:40 - 2014-05-19 21:15 - 00450709 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170104-004028.backup
2017-01-04 00:33 - 2017-01-04 00:33 - 00000000 ____D C:\Users\hans\Aufnahmen\Documents\ProcAlyzer Dumps
2017-01-04 00:27 - 2017-01-04 00:27 - 00000000 ____D C:\Program Files\Common Files\AV
2017-01-04 00:27 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2017-01-04 00:26 - 2017-01-04 00:36 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-01-04 00:26 - 2017-01-04 00:27 - 00000000 ____D C:\Program Files (x86)\SpybotSearchDestroy2
2017-01-04 00:26 - 2017-01-04 00:26 - 00001401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-01-04 00:26 - 2017-01-04 00:26 - 00001389 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-01-04 00:26 - 2017-01-04 00:26 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-01-04 00:26 - 2017-01-04 00:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpybotSearchDestroy2
2017-01-04 00:26 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2017-01-03 20:05 - 2017-01-03 20:05 - 00000000 ____D C:\Program Files (x86)\Chip Digital GmbH
2017-01-02 22:39 - 2017-01-02 22:39 - 00003270 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-02 22:38 - 2017-01-02 22:38 - 00000000 ____D C:\Users\Leo\AppData\Roaming\Skype
2016-12-28 19:03 - 2016-12-28 19:03 - 00001189 _____ C:\Users\hans\Desktop\MediathekView.lnk
2016-12-28 19:01 - 2016-12-29 20:58 - 00000000 ____D C:\Users\hans\.mediathek3
2016-12-28 18:58 - 2016-12-28 19:03 - 00000000 ____D C:\Program Files (x86)\MediathekView12
2016-12-28 18:55 - 2017-01-02 20:18 - 00000000 ____D C:\Users\hans\AppData\Roaming\TV-Browser
2016-12-28 18:55 - 2016-12-28 18:55 - 00001989 _____ C:\Users\Public\Desktop\TV-Browser.lnk
2016-12-28 18:55 - 2016-12-28 18:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TV-Browser
2016-12-28 18:55 - 2016-12-28 18:55 - 00000000 ____D C:\Program Files (x86)\TV-Browser
2016-12-27 18:27 - 2017-01-11 20:37 - 00000000 ____D C:\Users\hans\Aufnahmen\Documents\BotaniculaSaves
2016-12-27 15:13 - 2016-12-27 15:13 - 00000222 _____ C:\Users\hans\Desktop\Samorost 3.url
2016-12-27 15:13 - 2016-12-27 15:13 - 00000222 _____ C:\Users\hans\Desktop\Botanicula.url
2016-12-27 15:13 - 2016-12-27 15:13 - 00000221 _____ C:\Users\hans\Desktop\Samorost 2.url
2016-12-27 15:13 - 2016-12-27 15:13 - 00000221 _____ C:\Users\hans\Desktop\Machinarium.url
2016-12-27 15:13 - 2016-12-27 15:13 - 00000000 ____D C:\Users\hans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-12-27 14:34 - 2016-12-27 14:34 - 00000000 ____D C:\Users\hans\AppData\Local\Chromium
2016-12-24 15:36 - 2017-01-03 19:45 - 00016524 ____H C:\Users\Leo\AppData\Local\IconCache.db
2016-12-24 15:34 - 2017-01-02 23:10 - 00000000 ____D C:\Users\Leo\AppData\Local\ConnectedDevicesPlatform
2016-12-24 15:34 - 2016-12-24 15:34 - 00004676 __RSH C:\Users\Leo\ntuser.pol
2016-12-24 15:34 - 2016-12-24 15:34 - 00000174 ___SH C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
2016-12-24 15:34 - 2016-12-24 15:34 - 00000020 ___SH C:\Users\Leo\ntuser.ini
2016-12-24 15:34 - 2016-12-24 15:34 - 00000000 ____D C:\Users\Leo\AppData\Local\Comms
2016-12-24 12:49 - 2016-12-24 12:49 - 00000000 _____ C:\Users\hans\AppData\Roaming\f0aa1a7e-4626-4653-9ccb-fec05ba6b9ce.storage
2016-12-24 12:49 - 2016-12-24 12:49 - 00000000 _____ C:\Users\hans\AppData\Roaming\5a873492-3d40-49ab-846a-bc059a202348.storage
2016-12-23 19:56 - 2016-12-23 19:56 - 11346638 _____ C:\Users\hans\Downloads\Amazon-Music-Download_2016-12-23_19-56.zip

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-01-20 19:04 - 2012-11-06 22:55 - 00000000 ____D C:\Users\hans\AppData\Roaming\Notepad++
2017-01-20 19:03 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-20 18:37 - 2016-11-18 18:33 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-20 18:05 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-20 14:30 - 2012-07-27 20:37 - 00000000 _____ C:\WINDOWS\Path.idx
2017-01-19 18:18 - 2016-03-06 11:45 - 00000000 ____D C:\Program Files (x86)\Steam
2017-01-19 18:18 - 2012-07-27 19:31 - 01048576 _____ C:\WINDOWS\PE_Rom.dll
2017-01-19 18:17 - 2015-05-19 22:05 - 00000000 __SHD C:\Users\hans\IntelGraphicsProfiles
2017-01-17 19:54 - 2015-11-08 11:57 - 00000000 ____D C:\Users\hans\Aufnahmen\Documents\Registry CC_Cleaner
2017-01-17 19:52 - 2016-01-02 16:24 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-01-16 23:54 - 2015-10-15 18:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-16 21:12 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-14 19:52 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-01-14 18:47 - 2016-11-18 18:38 - 03159026 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-14 18:47 - 2016-07-16 23:51 - 01357240 _____ C:\WINDOWS\system32\perfh007.dat
2017-01-14 18:47 - 2016-07-16 23:51 - 00348444 _____ C:\WINDOWS\system32\perfc007.dat
2017-01-14 18:38 - 2016-11-18 18:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-14 18:38 - 2015-06-16 19:22 - 00000000 ____D C:\ProgramData\firebird
2017-01-14 18:35 - 2016-07-16 07:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-01-14 17:36 - 2016-07-16 07:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-01-11 18:52 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-11 18:52 - 2015-10-23 20:52 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-11 18:51 - 2013-10-09 12:21 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-11 07:55 - 2016-11-18 18:39 - 00000000 ____D C:\Users\DefaultAppPool
2017-01-11 07:54 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-11 07:54 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-11 07:54 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-11 07:54 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-11 07:54 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-11 07:54 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-01-11 01:47 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-01-11 01:47 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-01-10 21:01 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-10 20:59 - 2013-08-16 22:43 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-10 20:57 - 2012-07-28 17:25 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-07 15:07 - 2016-11-18 18:39 - 00000000 ____D C:\Users\Mcx1-DELFINE
2017-01-07 15:07 - 2016-11-18 18:39 - 00000000 ____D C:\Users\Leo
2017-01-05 17:40 - 2010-11-21 04:27 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-01-04 01:47 - 2016-11-18 18:45 - 00003858 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-01-03 20:05 - 2012-07-28 16:00 - 00000000 ____D C:\Users\hans\AppData\Local\Downloaded Installations
2017-01-03 19:45 - 2016-12-03 14:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-01-03 19:45 - 2012-09-07 16:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-02 22:41 - 2015-12-03 19:27 - 00000000 ____D C:\Users\Leo\AppData\Local\Packages
2017-01-02 22:39 - 2016-03-06 11:43 - 00002418 _____ C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-02 22:39 - 2016-03-06 11:43 - 00000000 ___RD C:\Users\Leo\OneDrive
2017-01-02 22:38 - 2015-06-07 17:59 - 00000000 __SHD C:\Users\Leo\IntelGraphicsProfiles
2016-12-31 20:36 - 2014-01-25 15:21 - 00000000 ____D C:\Users\hans\AppData\Roaming\KeePass
2016-12-31 13:23 - 2016-12-10 13:37 - 00000000 ____D C:\ProgramData\Foxit Software
2016-12-31 13:23 - 2009-07-14 04:20 - 00000000 ___RD C:\Users\Public\Documents
2016-12-31 13:14 - 2012-07-30 21:48 - 00000000 ____D C:\Users\hans\AppData\Roaming\Foxit Software
2016-12-31 12:57 - 2012-07-28 16:00 - 00000000 ____D C:\ProgramData\Sonos,_Inc
2016-12-28 19:03 - 2015-07-24 14:57 - 00000000 ____D C:\Users\hans\AppData\Roaming\vlc
2016-12-28 19:01 - 2016-11-18 18:39 - 00000000 ____D C:\Users\hans
2016-12-27 16:02 - 2016-03-06 11:57 - 00000000 ____D C:\Users\hans\AppData\Local\Steam
2016-12-27 14:32 - 2016-03-06 11:45 - 00001036 _____ C:\Users\Public\Desktop\Steam.lnk
2016-12-27 14:32 - 2016-03-06 11:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-12-24 15:42 - 2016-12-03 14:44 - 00000000 ____D C:\WINDOWS\Minidump
2016-12-24 15:36 - 2016-11-18 18:39 - 00524288 ___SH C:\Users\Leo\NTUSER.DAT{22c1e74d-adb5-11e6-a28c-dd852ca2b43d}.TMContainer00000000000000000001.regtrans-ms
2016-12-24 15:36 - 2016-11-18 18:39 - 00065536 ___SH C:\Users\Leo\NTUSER.DAT{22c1e74d-adb5-11e6-a28c-dd852ca2b43d}.TM.blf
2016-12-24 15:36 - 2016-11-18 18:39 - 00000000 ____D C:\Users\Leo\AppData\Local
2016-12-24 15:34 - 2016-11-18 18:39 - 00000000 ___RD C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2016-12-24 15:34 - 2015-05-03 14:21 - 00000282 ___SH C:\Users\Leo\Downloads\desktop.ini
2016-12-24 15:34 - 2015-05-03 14:21 - 00000282 ___SH C:\Users\Leo\Desktop\desktop.ini
2016-12-24 15:34 - 2015-05-03 14:21 - 00000174 ___SH C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
2016-12-24 15:34 - 2015-05-03 14:21 - 00000000 ___RD C:\Users\Leo\Searches
2016-12-24 15:34 - 2015-05-03 14:21 - 00000000 ___RD C:\Users\Leo\Contacts
2016-12-24 15:34 - 2015-05-03 14:21 - 00000000 ___RD C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2016-12-24 15:34 - 2015-05-03 14:21 - 00000000 ___RD C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2016-12-24 15:34 - 2015-05-03 14:20 - 00000000 ___RD C:\Users\Leo\Videos
2016-12-24 15:34 - 2015-05-03 14:20 - 00000000 ___RD C:\Users\Leo\Saved Games
2016-12-24 15:34 - 2015-05-03 14:20 - 00000000 ___RD C:\Users\Leo\Pictures
2016-12-24 15:34 - 2015-05-03 14:20 - 00000000 ___RD C:\Users\Leo\Music
2016-12-24 15:34 - 2015-05-03 14:20 - 00000000 ___RD C:\Users\Leo\Links
2016-12-24 15:34 - 2015-05-03 14:20 - 00000000 ___RD C:\Users\Leo\Favorites
2016-12-24 15:34 - 2015-05-03 14:20 - 00000000 ___RD C:\Users\Leo\Downloads
2016-12-24 15:34 - 2015-05-03 14:20 - 00000000 ___RD C:\Users\Leo\Documents
2016-12-24 15:34 - 2015-05-03 14:20 - 00000000 ___RD C:\Users\Leo\Desktop
2016-12-23 00:13 - 2016-07-16 12:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-23 00:13 - 2016-07-16 12:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-22 20:53 - 2015-12-28 19:04 - 00000000 ____D C:\Users\hans\Aufnahmen\Documents\My Digital Editions

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2017-01-04 20:21 - 2017-01-04 20:21 - 0681536 _____ (O&O Software GmbH) C:\Program Files (x86)\OOSU10861.exe
2015-11-01 17:56 - 2015-11-01 17:56 - 0000000 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-12-24 12:49 - 2016-12-24 12:49 - 0000000 _____ () C:\Users\hans\AppData\Roaming\5a873492-3d40-49ab-846a-bc059a202348.storage
2015-05-25 10:28 - 2015-05-25 10:28 - 0000093 _____ () C:\Users\hans\AppData\Roaming\ARCompanion.log
2016-12-24 12:49 - 2016-12-24 12:49 - 0000000 _____ () C:\Users\hans\AppData\Roaming\f0aa1a7e-4626-4653-9ccb-fec05ba6b9ce.storage
2014-02-07 19:26 - 2014-02-07 19:26 - 0000044 _____ () C:\Users\hans\AppData\Roaming\WB.CFG
2012-09-23 14:57 - 2016-06-22 20:06 - 0012800 _____ () C:\Users\hans\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-29 11:00 - 2013-12-29 11:00 - 0000093 _____ () C:\Users\hans\AppData\Local\fusioncache.dat
2016-01-30 16:21 - 2016-01-30 16:47 - 0000026 _____ () C:\Users\hans\AppData\Local\isoworkshop.ini
2013-02-09 18:39 - 2013-02-09 18:40 - 0000600 _____ () C:\Users\hans\AppData\Local\PUTTY.RND
2012-07-28 01:07 - 2012-09-14 22:37 - 0007597 _____ () C:\Users\hans\AppData\Local\Resmon.ResmonCfg
2013-09-25 18:08 - 2016-01-30 16:12 - 0000085 ___SH () C:\ProgramData\.zreglib
2012-07-29 16:35 - 2012-07-29 18:52 - 0000297 _____ () C:\ProgramData\Gpu.log

Einige Dateien in TEMP:
====================
C:\Users\hans\AppData\Local\Temp\ginstall.dll


==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-01-14 18:48

==================== Ende von FRST.txt ============================
         
Angehängte Dateien
Dateityp: zip AVSCAN-20170119-210753-35D54530.zip (966,7 KB, 4x aufgerufen)
Dateityp: 7z Addition.7z (18,9 KB, 15x aufgerufen)

Alt 21.01.2017, 13:46   #2
M-K-D-B
/// TB-Ausbilder
 
Windows10: Trojanerfunde TR/Crypt.ZPACK.opknz + TR/Crypt.ZPACK.gezb + TR/Crypt.Xpack.400358 + TR/Dropper.A.40051 + TR/Dropper.A.40034 - Standard

Windows10: Trojanerfunde TR/Crypt.ZPACK.opknz + TR/Crypt.ZPACK.gezb + TR/Crypt.Xpack.400358 + TR/Dropper.A.40051 + TR/Dropper.A.40034






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort als Administrator zu starten!
  • Einige Programme, die wir hier verwenden, können unter Umständen von deinem Antiviren- oder Anti-Malwareprogramm fälschlicherweise als Bedrohung eingestuft werden. Die Sicherheitsprogramme können aufgrund eines bestimmten Programmverhaltens nicht zwischen "gut" oder "böse" unterscheiden und schlagen Alarm. Dabei handelt es sich um Fehlalarme, welche du getrost ignorieren kannst. Gegebenenfalls musst du deine Sicherheitssoftware vor der Ausführung eines Programms deaktivieren, damit unsere Bereinigungsvorgänge nicht beeinträchtigt werden.



Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:
So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!







Schritt 1
Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Werkzeuge > Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel
    • "Prefetch" Dateien
    • Proxy
    • Winsock
    • Internet Explorer Richtlinien
    • Chrome Richtlinien
  • Bestätige die Auswahl mit Ok.
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen (auch dann wenn AdwCleaner sagt, dass nichts gefunden wurde) und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).






Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad.
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scan, wähle den Bedrohungs-Scan aus und klicke auf Scan starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Ausgewählte Elemente in die Quarantäne verschieben.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM nach dem Neustart, klicke auf Berichte.
  • Wähle den neuesten Scan-Bericht aus, klicke auf Bericht anzeigen und dann auf Export.
  • Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.





Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.







Schritt 4
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt nun zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von MBAM,
  • die Logdatei von JRT,
  • die beiden neuen Logdateien von FRST.
__________________

__________________

Alt 21.01.2017, 15:46   #3
laocoon
 
Windows10: Trojanerfunde TR/Crypt.ZPACK.opknz + TR/Crypt.ZPACK.gezb + TR/Crypt.Xpack.400358 + TR/Dropper.A.40051 + TR/Dropper.A.40034 - Standard

Windows10: Trojanerfunde TR/Crypt.ZPACK.opknz + TR/Crypt.ZPACK.gezb + TR/Crypt.Xpack.400358 + TR/Dropper.A.40051 + TR/Dropper.A.40034



Hallo Matthias,
erst einmal vorweg vielen Dank für Deine Hilfe!
Ich bin nach den Anweisungen in der Email vorgegangen. In dieser war unter Schritt 3 nichts enthalten, daher bin ich direkt zu Schritt 4 übergegangen.
Am Ende der Mail habe ich in der Gesamtliste nun gelesen, dass Du einen JRT-Log haben möchtest. Davon hatte ich bisher nichts gelesen, hab daraufhin hier im Board nachgesehen, und siehe da: Hier war im Gegensatz zur Mail unter Schritt 3 das Procedere mit JRT beschrieben.

Sollte ich daher, den Schritt 3 nachholen und den Schritt 4 wiederholen?
VG

Ok, habe jetzt einfach mal den 3. Schritt nachgeholt (JRT) und den Schritt 4 (FRST) wiederholt. Anbei die LOGs. Addition-LOG kommt infolge der Größe im Nachgang.

adwcleaner:

Code:
ATTFilter
# AdwCleaner v6.042 - Bericht erstellt am 21/01/2017 um 14:08:06
# Aktualisiert am 06/01/2017 von Malwarebytes
# Datenbank : 2017-01-20.2 [Server]
# Betriebssystem : Windows 10 Pro  (X64)
# Benutzername : Joerg - DELFINE
# Gestartet von : C:\Users\Joerg\Desktop\AdwCleaner_6.042.exe
# Modus: Löschen
# Unterstützung : https://www.malwarebytes.com/support



***** [ Dienste ] *****



***** [ Ordner ] *****

[-] Ordner gelöscht: C:\Users\Joerg\AppData\Local\Geckofx


***** [ Dateien ] *****

[-] Datei gelöscht: C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\invalidprefs.js


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Verknüpfungen ] *****



***** [ Aufgabenplanung ] *****



***** [ Registrierungsdatenbank ] *****

[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Prod.cap
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\Prod.cap
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
[-] Schlüssel gelöscht: HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\Software\APN PIP
[-] Schlüssel gelöscht: HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\Software\mysearchdial.com
[-] Schlüssel gelöscht: HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\Software\PIP
[-] Schlüssel gelöscht: HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\Software\Softonic
[-] Schlüssel gelöscht: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1412286257-1942420214-3619319362-1000\Software\SweetIM
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\APN PIP
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\mysearchdial.com
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\PIP
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\Softonic
[-] Schlüssel gelöscht: HKLM\SOFTWARE\PIP
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1412286257-1942420214-3619319362-1000\Software\SweetIM
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\APN PIP
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\mysearchdial.com
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\PIP
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Softonic


***** [ Browser ] *****

[-] Firefox Einstellungen bereinigt: "extensions.delta.admin" -  false
[-] Firefox Einstellungen bereinigt: "extensions.delta.aflt" -  "babsst"
[-] Firefox Einstellungen bereinigt: "extensions.delta.appId" -  "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"
[-] Firefox Einstellungen bereinigt: "extensions.delta.autoRvrt" -  "false"
[-] Firefox Einstellungen bereinigt: "extensions.delta.dfltLng" -  "de"
[-] Firefox Einstellungen bereinigt: "extensions.delta.excTlbr" -  false
[-] Firefox Einstellungen bereinigt: "extensions.delta.ffxUnstlRst" -  true
[-] Firefox Einstellungen bereinigt: "extensions.delta.id" -  "44584158000000000000b6dbc94b9bfc"
[-] Firefox Einstellungen bereinigt: "extensions.delta.instlDay" -  "15942"
[-] Firefox Einstellungen bereinigt: "extensions.delta.instlRef" -  "sst"
[-] Firefox Einstellungen bereinigt: "extensions.delta.newTab" -  false
[-] Firefox Einstellungen bereinigt: "extensions.delta.prdct" -  "delta"
[-] Firefox Einstellungen bereinigt: "extensions.delta.prtnrId" -  "delta"
[-] Firefox Einstellungen bereinigt: "extensions.delta.rvrt" -  "false"
[-] Firefox Einstellungen bereinigt: "extensions.delta.smplGrp" -  "none"
[-] Firefox Einstellungen bereinigt: "extensions.delta.tlbrId" -  "base"
[-] Firefox Einstellungen bereinigt: "extensions.delta.tlbrSrchUrl" -  ""
[-] Firefox Einstellungen bereinigt: "extensions.delta.vrsn" -  "1.8.24.6"
[-] Firefox Einstellungen bereinigt: "extensions.delta.vrsnTs" -  "1.8.24.620:01:51"
[-] Firefox Einstellungen bereinigt: "extensions.delta.vrsni" -  "1.8.24.6"
[-] Firefox Einstellungen bereinigt: "extensions.delta_i.babExt" -  ""
[-] Firefox Einstellungen bereinigt: "extensions.delta_i.babTrack" -  "affID=121564&tsp=4985"
[-] Firefox Einstellungen bereinigt: "extensions.delta_i.srcExt" -  "ss"
[-] Firefox Einstellungen bereinigt: "extensions.irmysearch.aflt" -  "irmsd0103"
[-] Firefox Einstellungen bereinigt: "extensions.irmysearch.cd" -  "2XzuyEtN2Y1L1Qzu0ByC0D0B0CzyyE0Bzy0B0F0CyEtCyDzztN0D0Tzu0CyByCzytN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R"
[-] Firefox Einstellungen bereinigt: "extensions.irmysearch.cr" -  "150302635"
[-] Firefox Einstellungen bereinigt: "extensions.irmysearch.instlRef" -  ""
[-] Firefox Einstellungen bereinigt: "extensions.mysearchdial.AL" -  2
[-] Firefox Einstellungen bereinigt: "extensions.mysearchdial.aflt" -  "irmsd0103"
[-] Firefox Einstellungen bereinigt: "extensions.mysearchdial.appId" -  "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}"
[-] Firefox Einstellungen bereinigt: "extensions.mysearchdial.cd" -  "2XzuyEtN2Y1L1Qzu0ByC0D0B0CzyyE0Bzy0B0F0CyEtCyDzztN0D0Tzu0CyByCzytN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R"
[-] Firefox Einstellungen bereinigt: "extensions.mysearchdial.cr" -  "150302635"
[-] Firefox Einstellungen bereinigt: "extensions.mysearchdial.dfltLng" -  ""
[-] Firefox Einstellungen bereinigt: "extensions.mysearchdial.dfltSrch" -  true
[-] Firefox Einstellungen bereinigt: "extensions.mysearchdial.dnsErr" -  true
[-] Firefox Einstellungen bereinigt: "extensions.mysearchdial.excTlbr" -  false
[-] Firefox Einstellungen bereinigt: "extensions.mysearchdial.hmpg" -  true
[-] Firefox Einstellungen bereinigt: "extensions.mysearchdial.hmpgUrl" -  "hxxp://start.mysearchdial.com/?f=1&a=irmsd0103&cd=2XzuyEtN2Y1L1Qzu0ByC0D0B0CzyyE0Bzy0B0F0CyEtCyDzztN0D0Tzu0CyByCzytN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=150302635&ir="
[-] Firefox Einstellungen bereinigt: "extensions.mysearchdial.id" -  "B6DBC94B9BFC4158"
[-] Firefox Einstellungen bereinigt: "extensions.mysearchdial.instlDay" -  "16108"
[-] Firefox Einstellungen bereinigt: "extensions.mysearchdial.instlRef" -  ""
[-] Firefox Einstellungen bereinigt: "extensions.mysearchdial.newTabUrl" -  "hxxp://start.mysearchdial.com/?f=2&a=irmsd0103&cd=2XzuyEtN2Y1L1Qzu0ByC0D0B0CzyyE0Bzy0B0F0CyEtCyDzztN0D0Tzu0CyByCzytN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=150302635&ir="
[-] Firefox Einstellungen bereinigt: "extensions.mysearchdial.prdct" -  "mysearchdial"
[-] Firefox Einstellungen bereinigt: "extensions.mysearchdial.prtnrId" -  "mysearchdial"
[-] Firefox Einstellungen bereinigt: "extensions.mysearchdial.srchPrvdr" -  "Mysearchdial"
[-] Firefox Einstellungen bereinigt: "extensions.mysearchdial.tlbrId" -  "base"
[-] Firefox Einstellungen bereinigt: "extensions.mysearchdial.tlbrSrchUrl" -  "hxxp://start.mysearchdial.com/?f=3&a=irmsd0103&cd=2XzuyEtN2Y1L1Qzu0ByC0D0B0CzyyE0Bzy0B0F0CyEtCyDzztN0D0Tzu0CyByCzytN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=150302635&ir=&q="
[-] Firefox Einstellungen bereinigt: "extensions.mysearchdial.vrsn" -  "1.8.21.0"
[-] Firefox Einstellungen bereinigt: "extensions.mysearchdial.vrsni" -  "1.8.21.0"
[-] Firefox Einstellungen bereinigt: "extensions.mysearchdial_i.hmpg" -  true
[-] Firefox Einstellungen bereinigt: "extensions.mysearchdial_i.newTab" -  false
[-] Firefox Einstellungen bereinigt: "extensions.mysearchdial_i.smplGrp" -  "none"
[-] Firefox Einstellungen bereinigt: "extensions.mysearchdial_i.vrsnTs" -  "1.8.21.019:25:58"
[-] [C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Gelöscht: mysearchdial.com


*************************

:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt
:: "Prefetch" Dateien gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [7825 Bytes] - [21/01/2017 14:08:06]
C:\AdwCleaner\AdwCleaner[S0].txt - [11138 Bytes] - [21/01/2017 14:06:24]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [7972 Bytes] ##########
         

MBAM:
Code:
ATTFilter
Malwarebytes
www.malwarebytes.com

-Protokolldetails-
Scan-Datum: 21.01.17
Scan-Zeit: 14:22
Protokolldatei: mbam.txt
Administrator: Ja

-Softwaredaten-
Version: 3.0.5.1299
Komponentenversion: 1.0.43
Version des Aktualisierungspakets: 1.0.1069
Lizenz: Testversion

-Systemdaten-
Betriebssystem: Windows 10
CPU: x64
Dateisystem: NTFS
Benutzer: DELFINE\Joerg

-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Ergebnis: Abgeschlossen
Gescannte Objekte: 535663
Abgelaufene Zeit: 2 Min., 58 Sek.

-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)

Modul: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 2
PUP.Optional.OpenCandy, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\OpenCandyHelperRunAsStandardUser39F652A7FEF04373A7D826A4FB8638DB, In Quarantäne, [646], [241417],1.0.1069
PUP.Optional.OpenCandy, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\OpenCandyHelperRunOnce7511DA7BB18F4EF0AC0ADBB00F8CFA7A, In Quarantäne, [646], [241417],1.0.1069

Registrierungswert: 0
(keine bösartigen Elemente erkannt)

Daten-Stream: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Datei: 0
(keine bösartigen Elemente erkannt)

Physischer Sektor: 0
(keine bösartigen Elemente erkannt)


(end)
         

JRT:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Pro x64 
Ran by hans (Administrator) on 21.01.2017 at 15:14:41,29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 2 

Successfully deleted: C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\user.js (File) 
Successfully deleted: C:\Users\hans\AppData\Roaming\pdfforge (Folder) 



Registry: 6 

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84B94901-3645-4D80-A6B7-4D0050B19455} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E9E027BF-C3F3-4022-8F6B-8F6D39A59684} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84B94901-3645-4D80-A6B7-4D0050B19455} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E9E027BF-C3F3-4022-8F6B-8F6D39A59684} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{F090BE08-2E7E-4D60-8FAB-98ABFA425136} (Registry Value) 




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.01.2017 at 15:15:46,03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
FRST:
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 18-01-2017
durchgeführt von hans (Administrator) auf DELFINE (21-01-2017 15:20:29)
Gestartet von C:\Users\hans\Desktop
Geladene Profile: hans &  (Verfügbare Profile: hans & Mcx1-DELFINE & Leo & DefaultAppPool)
Platform: Windows 10 Pro Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.04\AsusFanControlService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Axis Communications AB) C:\Program Files\Axis Communications\AXIS Camera Management 4\AcmService.exe
(Chip Digital GmbH) C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\SpybotSearchDestroy2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\SpybotSearchDestroy2\SDUpdSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\SpybotSearchDestroy2\SDWSCSvc.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-26] (Logitech, Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-27] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [ASUS WiFi GO! FileTransfer Execute] => C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFile\WiFileTransfer.exe [1376896 2012-04-12] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [917576 2016-12-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [407904 2015-04-08] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153952 2015-04-08] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [AXIS Camera Management Service Control] => C:\Program Files\Axis Communications\AXIS Camera Management 4\AcmAdmin.exe [1834160 2015-05-08] (Axis Communications AB)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [60136 2016-11-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Plugin Install] => C:\Program Files (x86)\QuickTime\Plugins\DeleteMe1.exe [86016 2016-04-05] ()
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\SpybotSearchDestroy2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\Run: [Xvid] => C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-21] (Piriform Ltd)
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATINFE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATINFE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\Run: [EPLTarget\P0000000000000002] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATINFE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2876704 2016-12-20] (Valve Corporation)
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\SpybotSearchDestroy2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017142205740\...\Run: [Xvid] => C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017142205740\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-21] (Piriform Ltd)
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017142205740\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATINFE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017142205740\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATINFE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017142205740\...\Run: [EPLTarget\P0000000000000002] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATINFE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017142205740\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2876704 2016-12-20] (Valve Corporation)
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017142205740\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017142205740\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\SpybotSearchDestroy2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017142413452\...\Run: [Xvid] => C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017142413452\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-21] (Piriform Ltd)
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017142413452\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATINFE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017142413452\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATINFE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017142413452\...\Run: [EPLTarget\P0000000000000002] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATINFE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017142413452\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2876704 2016-12-20] (Valve Corporation)
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017142413452\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017142413452\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\SpybotSearchDestroy2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-1412286257-1942420214-3619319362-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-01212017141955985\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-21-1412286257-1942420214-3619319362-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-01212017141955985\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1412286257-1942420214-3619319362-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-01212017141955985\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1412286257-1942420214-3619319362-1007-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-01212017141956045\...\RunOnce: [Uninstall 17.3.6381.0405\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Leo\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64"
HKU\S-1-5-21-1412286257-1942420214-3619319362-1007-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-01212017141956045\...\RunOnce: [Uninstall 17.3.6381.0405] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Leo\AppData\Local\Microsoft\OneDrive\17.3.6381.0405"
HKU\S-1-5-21-1412286257-1942420214-3619319362-1007-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-01212017141956045\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1412286257-1942420214-3619319362-1007-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-01212017141956045\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-01212017141956158\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [01Mediencenter_InSync] -> {77BC4082-DB5F-439A-8DC8-F9E24A63B0DE} => C:\Users\hans\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll [2013-04-18] (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: [02Mediencenter_ToSync] -> {528EE335-5034-4EFC-834E-63E5F02D2BC2} => C:\Users\hans\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll [2013-04-18] (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: [03Mediencenter_Failed] -> {6066ADF0-9EB0-43E5-ADB6-990F5A3B979C} => C:\Users\hans\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll [2013-04-18] (Deutsche Telekom AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk [2014-02-03]
ShortcutTarget: phase-6 Reminder.lnk -> C:\Program Files (x86)\phase-6\phase-6\reminder\reminder.exe (phase-6)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Philips GoGear SA4VBE Device Manager.lnk [2013-06-14]
ShortcutTarget: Philips GoGear SA4VBE Device Manager.lnk -> C:\Program Files (x86)\Philips\GoGear SA4VBE Device Manager\GoGear_SA4VBE_DeviceManager.exe (Philips)
Startup: C:\Users\hans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk [2012-07-27]
ShortcutTarget: Samsung SSD Magician.lnk -> C:\Program Files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe (Samsung Electronics.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{280df009-71d1-45e6-bca3-de9ca51bc6ef}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{ec71dbf0-98cf-4b04-8ee2-cceb81b9b1a9}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017142205740\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017142413452\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKLM -> {1F0C0E4A-72C8-4560-9612-27AD083921F1} URL = hxxp://webtip.ch/cgi-bin/amz_track/tracker_de.pl?loc=search&search={searchTerms}
SearchScopes: HKLM-x32 -> {1F0C0E4A-72C8-4560-9612-27AD083921F1} URL = hxxp://webtip.ch/cgi-bin/amz_track/tracker_de.pl?loc=search&search={searchTerms}
SearchScopes: HKU\S-1-5-21-1412286257-1942420214-3619319362-1000 -> {1F0C0E4A-72C8-4560-9612-27AD083921F1} URL = hxxp://webtip.ch/cgi-bin/amz_track/tracker_de.pl?loc=search&search={searchTerms}
SearchScopes: HKU\S-1-5-21-1412286257-1942420214-3619319362-1000 -> {47F43F50-68E2-4F28-B949-26EE0EC9C505} URL = hxxp://www.buyertools.net/cgi-bin/preispiraten_de/nph.fcgi?qry_str={searchTerms}&category=deutsch&how=and&searchtype=simple&Web=on&wiki_tab=on&wiki_tab_old=+CHECKED&ebay_tab=on&ebay_tab_old=+CHECKED&shoppingcom_tab=on&shoppingcom_tab_old=+CHECKED&pirat_tab=on&pirat_tab_old=+CHECKED&JavaScript=enabled&submit=SUCHEN
SearchScopes: HKU\S-1-5-21-1412286257-1942420214-3619319362-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017142205740 -> {1F0C0E4A-72C8-4560-9612-27AD083921F1} URL = hxxp://webtip.ch/cgi-bin/amz_track/tracker_de.pl?loc=search&search={searchTerms}
SearchScopes: HKU\S-1-5-21-1412286257-1942420214-3619319362-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017142205740 -> {47F43F50-68E2-4F28-B949-26EE0EC9C505} URL = hxxp://www.buyertools.net/cgi-bin/preispiraten_de/nph.fcgi?qry_str={searchTerms}&category=deutsch&how=and&searchtype=simple&Web=on&wiki_tab=on&wiki_tab_old=+CHECKED&ebay_tab=on&ebay_tab_old=+CHECKED&shoppingcom_tab=on&shoppingcom_tab_old=+CHECKED&pirat_tab=on&pirat_tab_old=+CHECKED&JavaScript=enabled&submit=SUCHEN
SearchScopes: HKU\S-1-5-21-1412286257-1942420214-3619319362-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017142205740 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKU\S-1-5-21-1412286257-1942420214-3619319362-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017142413452 -> {1F0C0E4A-72C8-4560-9612-27AD083921F1} URL = hxxp://webtip.ch/cgi-bin/amz_track/tracker_de.pl?loc=search&search={searchTerms}
SearchScopes: HKU\S-1-5-21-1412286257-1942420214-3619319362-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017142413452 -> {47F43F50-68E2-4F28-B949-26EE0EC9C505} URL = hxxp://www.buyertools.net/cgi-bin/preispiraten_de/nph.fcgi?qry_str={searchTerms}&category=deutsch&how=and&searchtype=simple&Web=on&wiki_tab=on&wiki_tab_old=+CHECKED&ebay_tab=on&ebay_tab_old=+CHECKED&shoppingcom_tab=on&shoppingcom_tab_old=+CHECKED&pirat_tab=on&pirat_tab_old=+CHECKED&JavaScript=enabled&submit=SUCHEN
SearchScopes: HKU\S-1-5-21-1412286257-1942420214-3619319362-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017142413452 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (Seiko Epson Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-03] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-03] (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (Seiko Epson Corporation)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\hans\AppData\Roaming\Songbird2\Profiles\f8yv4x3u.default [2017-01-21]
FF Extension: (Philips GoGear Device Manager) - C:\Users\hans\AppData\Roaming\Songbird2\Profiles\f8yv4x3u.default\Extensions\gogear@songbirdnest.com [2013-06-11] [ist nicht signiert]
FF Extension: (German (de) Language Pack) - C:\Users\hans\AppData\Roaming\Songbird2\Profiles\f8yv4x3u.default\Extensions\langpack-de@songbirdnest.com [2013-06-11] [ist nicht signiert]
FF Extension: (MSC Device Support) - C:\Users\hans\AppData\Roaming\Songbird2\Profiles\f8yv4x3u.default\Extensions\msc@songbirdnest.com [2013-06-11] [ist nicht signiert]
FF Extension: (MTP Device Support) - C:\Users\hans\AppData\Roaming\Songbird2\Profiles\f8yv4x3u.default\Extensions\mtp@songbirdnest.com [2013-06-11] [ist nicht signiert]
FF Extension: (Kein Name) - C:\Program Files (x86)\Songbird\extensions\albumart@songbirdnest.com [nicht gefunden]
FF Extension: (Kein Name) - C:\Program Files (x86)\Songbird\extensions\gonzo@songbirdnest.com [nicht gefunden]
FF Extension: (Kein Name) - C:\Program Files (x86)\Songbird\extensions\philips-addon-manager@songbirdnest.com [nicht gefunden]
FF Extension: (Kein Name) - C:\Program Files (x86)\Songbird\extensions\pinkmartini@songbirdnest.com [nicht gefunden]
FF Extension: (Kein Name) - C:\Program Files (x86)\Songbird\extensions\purplerain@songbirdnest.com [nicht gefunden]
FF Extension: (Kein Name) - C:\Program Files (x86)\Songbird\extensions\sharing@songbirdnest.com [nicht gefunden]
FF Extension: (Kein Name) - C:\Program Files (x86)\Songbird\extensions\soundboard@songbirdnest.com [nicht gefunden]
FF ProfilePath: C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default [2017-01-21]
FF Homepage: Mozilla\Firefox\Profiles\cnn104yu.default -> hxxp://www.google.de
FF NetworkProxy: Mozilla\Firefox\Profiles\cnn104yu.default -> type", 0
FF Extension: (Avira Browser Safety) - C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\abs@avira.com [2016-11-23] [ist nicht signiert]
FF Extension: (Brief) - C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\brief@mozdev.org.xpi [2016-06-12]
FF Extension: (Clipple) - C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\clipple@mooz.github.com.xpi [2016-02-17]
FF Extension: (ProxTube) - C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\ich@maltegoetz.de.xpi [2016-10-17]
FF Extension: (Download YouTube Videos, Fast And Simple) - C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\jid1-cHKBMlArKdIVEg@jetpack.xpi [2016-04-30]
FF Extension: (Vlc Kontextmenü) - C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\vlcplaylist@helgatauscher.de.xpi [2016-04-30]
FF Extension: (VLC Youtube Shortcut) - C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\vlc_shortcut@kosan.kosan.xpi [2016-12-01]
FF Extension: (All-in-One Sidebar) - C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2016-04-10]
FF Extension: (Amazon Startcenter) - C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\{144D1513-0819-4538-AD26-D515AF443AE7} [2016-11-26]
FF Extension: (Home Extension) - C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\{2E6861CA-9A88-4B7B-B935-F810DE84D259} [2016-11-26]
FF Extension: (Amazon Statusbar Button) - C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\{32DD6873-2BC0-4E4B-B9A3-0E602AB0DC14} [2016-11-26]
FF Extension: (Real Player Plugin) - C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\{5bde3c21-2fd4-4f4a-8726-253ac3af4675}.xpi [2016-05-19] [ist nicht signiert]
FF Extension: (NoScript) - C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-01-20]
FF Extension: (CSSHelper) - C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\{89e65ea8-9e30-489d-8269-7ba28535378a}.xpi [2015-12-24] [ist nicht signiert]
FF Extension: (Clippings) - C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271} [2016-11-04]
FF Extension: (Biet-O-Matic Firefox Erweiterung) - C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\{B0D70E72-2FC1-4b9f-A3D4-5921C854D906}.xpi [2012-12-08] [ist nicht signiert]
FF Extension: (Preispiraten) - C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\{C8D3D3BE-7ADC-4109-BF8C-6330A9F58B0C} [2016-01-16]
FF Extension: (Adblock Plus) - C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Extension: (Tab Mix Plus) - C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2017-01-14]
FF SearchPlugin: C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\searchplugins\dudende-suche.xml [2012-07-29]
FF SearchPlugin: C:\Users\hans\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\searchplugins\stadtbibliothek-stadt.xml [2016-04-01]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-01-30] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2015-08-18] [ist nicht signiert]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-11] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-09-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-09-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [Keine Datei]
FF Plugin: synology.com/SurveillancePlugin_x86_64 -> C:\Program Files (x86)\Synology\SurveillancePlugin\1.0.0.934\npSurveillancePlugin_x86_64.dll [2016-03-25] (Synology)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-11] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1206147.dll [2013-11-25] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-04-08] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2015-04-08] (Citrix Systems, Inc.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-09-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Keine Datei]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Keine Datei]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Keine Datei]
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @graphisoft.com/GDL Web Plug-in -> C:\Program Files (x86)\GRAPHISOFT\GDLWebControl\npGDLMozilla.dll [2012-06-14] (Graphisoft SE)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-03] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-09-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: synology.com/SurveillancePlugin -> C:\Program Files (x86)\Synology\SurveillancePlugin\1.0.0.934\npSurveillancePlugin.dll [2016-03-25] (Synology)
FF Plugin HKU\S-1-5-21-1412286257-1942420214-3619319362-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-09-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-1412286257-1942420214-3619319362-1000: @sun.com/npsopluginmi;version=1.0 -> C:\Program Files (x86)\OpenOffice.org 3\program [Keine Datei]
FF Plugin HKU\S-1-5-21-1412286257-1942420214-3619319362-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\hans\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-12-03] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1412286257-1942420214-3619319362-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll [2012-12-07] (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-1412286257-1942420214-3619319362-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017142205740: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-09-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-1412286257-1942420214-3619319362-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017142205740: @sun.com/npsopluginmi;version=1.0 -> C:\Program Files (x86)\OpenOffice.org 3\program [Keine Datei]
FF Plugin HKU\S-1-5-21-1412286257-1942420214-3619319362-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017142205740: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\hans\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-12-03] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1412286257-1942420214-3619319362-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017142205740: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll [2012-12-07] (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-1412286257-1942420214-3619319362-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017142413452: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-09-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-1412286257-1942420214-3619319362-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017142413452: @sun.com/npsopluginmi;version=1.0 -> C:\Program Files (x86)\OpenOffice.org 3\program [Keine Datei]
FF Plugin HKU\S-1-5-21-1412286257-1942420214-3619319362-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017142413452: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\hans\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-12-03] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1412286257-1942420214-3619319362-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017142413452: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll [2012-12-07] (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2015-09-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-08-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2016-04-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2016-04-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2016-04-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2016-04-05] (Apple Inc.)

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> chrome://newtab
CHR Profile: C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default [2017-01-21]
CHR Extension: (Google Präsentationen) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-09]
CHR Extension: (Google Docs) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-09]
CHR Extension: (Google Drive) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-29]
CHR Extension: (YouTube) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-29]
CHR Extension: (Google Cast) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-11-20]
CHR Extension: (Google-Suche) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Google Tabellen) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-09]
CHR Extension: (Google Docs Offline) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-20]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-20]
CHR Extension: (Google Mail) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-09]
CHR Extension: (Chrome Media Router) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-20]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [1089592 2016-12-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [476736 2016-12-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [476736 2016-12-15] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1490296 2016-12-15] (Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-07-28] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-02-02] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.04\AsusFanControlService.exe [1473664 2012-07-28] (ASUSTeK Computer Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [350528 2016-11-24] (Avira Operations GmbH & Co. KG)
R2 AXIS Camera Management; C:\Program Files\Axis Communications\AXIS Camera Management 4\AcmService.exe [18432 2015-05-08] (Axis Communications AB) [Datei ist nicht signiert]
R2 chip1click; C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe [91136 2016-10-27] (Chip Digital GmbH) [Datei ist nicht signiert]
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-16] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-15] (SEIKO EPSON CORPORATION)
R2 FoxitReaderService; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe [1659592 2016-11-15] (Foxit Software Inc.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
R2 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [703984 2014-09-22] (SEIKO EPSON CORPORATION)
R2 SDScannerService; C:\Program Files (x86)\SpybotSearchDestroy2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\SpybotSearchDestroy2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\SpybotSearchDestroy2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-11-18] (Microsoft Corporation)
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2015-05-11] () [Datei ist nicht signiert]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
S3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [151352 2016-12-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [153904 2016-12-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [35488 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [78208 2016-06-04] (Avira Operations GmbH & Co. KG)
S3 GenericMount; C:\WINDOWS\System32\DRIVERS\GenericMount.sys [66608 2010-02-12] (Symantec Corporation)
R3 ikbevent; C:\WINDOWS\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
R3 imsevent; C:\WINDOWS\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 WPRO_41_2001; C:\WINDOWS\System32\drivers\WPRO_41_2001.sys [34752 2013-01-28] ()
U3 idsvc; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-01-21 15:20 - 2017-01-21 15:20 - 00044786 _____ C:\Users\hans\Desktop\FRST.txt
2017-01-21 15:15 - 2017-01-21 15:18 - 00001651 _____ C:\Users\hans\Desktop\JRT.txt
2017-01-21 15:10 - 2014-05-19 21:15 - 00450709 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170121-151036.backup
2017-01-21 14:58 - 2017-01-21 15:14 - 01663040 _____ (Malwarebytes) C:\Users\hans\Desktop\JRT.exe
2017-01-21 14:40 - 2017-01-21 14:44 - 00102391 _____ C:\Users\hans\Desktop\Addition_1b.txt
2017-01-21 14:39 - 2017-01-21 14:43 - 00086783 _____ C:\Users\hans\Desktop\FRST_1b.txt
2017-01-21 14:28 - 2017-01-21 14:28 - 00001533 _____ C:\Users\hans\Desktop\mbam.txt
2017-01-21 14:20 - 2017-01-21 14:21 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-01-21 14:20 - 2017-01-21 14:20 - 00176064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-01-21 14:20 - 2017-01-21 14:20 - 00102856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-01-21 14:19 - 2017-01-21 14:19 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-21 14:19 - 2017-01-21 14:19 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-01-21 14:19 - 2017-01-21 14:19 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-21 14:19 - 2017-01-21 14:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-21 14:19 - 2017-01-21 14:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-21 14:19 - 2017-01-21 14:19 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-21 14:19 - 2016-12-14 12:55 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-01-21 14:13 - 2017-01-21 14:13 - 00001066 _____ C:\Users\hans\Desktop\AdwCleaner[C0].txt - Verknüpfung.lnk
2017-01-21 14:04 - 2017-01-21 14:08 - 00000000 ____D C:\AdwCleaner
2017-01-21 14:00 - 2017-01-21 14:00 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2017-01-21 13:58 - 2017-01-21 14:03 - 03988944 _____ C:\Users\hans\Desktop\AdwCleaner_6.042.exe
2017-01-20 21:03 - 2017-01-20 21:03 - 00019360 _____ C:\Users\hans\Desktop\Addition_1.7z
2017-01-20 20:58 - 2017-01-20 20:58 - 00989855 _____ C:\Users\hans\Desktop\AVSCAN-20170119-210753-35D54530_1.zip
2017-01-20 19:26 - 2017-01-21 14:36 - 00102416 _____ C:\Users\hans\Desktop\Addition_1a.txt
2017-01-20 19:25 - 2017-01-21 14:36 - 00086878 _____ C:\Users\hans\Desktop\FRST_1a.txt
2017-01-20 19:24 - 2017-01-21 15:20 - 00000000 ____D C:\FRST
2017-01-20 19:23 - 2017-01-20 19:24 - 02419712 _____ (Farbar) C:\Users\hans\Desktop\FRST64.exe
2017-01-20 19:03 - 2017-01-20 19:03 - 00000475 _____ C:\Users\hans\Desktop\Trojaner.txt
2017-01-16 23:51 - 2014-05-19 21:15 - 00450709 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170116-235155.backup
2017-01-14 19:14 - 2017-01-14 19:14 - 00000000 ____D C:\Users\hans\AppData\Roaming\Amanita-Design.Samorost3
2017-01-14 18:35 - 2017-01-14 18:38 - 00000000 ____D C:\WINDOWS\Microsoft Antimalware
2017-01-10 23:50 - 2014-05-19 21:15 - 00450709 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170110-235007.backup
2017-01-10 21:23 - 2014-05-19 21:15 - 00450709 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170110-212324.backup
2017-01-10 20:16 - 2014-05-19 21:15 - 00450709 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170110-201615.backup
2017-01-10 19:32 - 2016-12-21 09:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-10 19:32 - 2016-12-21 09:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-10 19:32 - 2016-12-21 08:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-10 19:32 - 2016-12-21 08:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-10 19:32 - 2016-12-21 08:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-10 19:32 - 2016-12-21 08:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-10 19:32 - 2016-12-21 08:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-01-10 19:32 - 2016-12-21 08:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-10 19:32 - 2016-12-21 08:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-10 19:32 - 2016-12-21 08:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-10 19:32 - 2016-12-21 08:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-10 19:32 - 2016-12-21 08:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-10 19:32 - 2016-12-21 08:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-10 19:32 - 2016-12-21 07:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-10 19:32 - 2016-12-21 07:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-10 19:32 - 2016-12-21 07:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-10 19:32 - 2016-12-21 07:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-10 19:32 - 2016-12-21 07:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-10 19:32 - 2016-12-21 07:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-10 19:32 - 2016-12-21 07:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-10 19:32 - 2016-12-21 07:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-10 19:32 - 2016-12-21 07:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-01-10 19:32 - 2016-12-21 07:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-10 19:32 - 2016-12-21 06:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-01-10 19:32 - 2016-12-21 06:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-10 19:32 - 2016-12-21 06:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-01-10 19:32 - 2016-12-21 05:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-10 19:32 - 2016-12-21 05:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-10 19:32 - 2016-12-21 05:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-01-10 19:32 - 2016-12-21 05:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-01-10 19:32 - 2016-12-21 05:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-01-10 19:32 - 2016-12-21 05:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-01-10 19:32 - 2016-12-21 05:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-01-10 19:32 - 2016-12-21 05:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-01-10 19:32 - 2016-12-21 05:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-10 19:32 - 2016-12-21 05:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-10 19:32 - 2016-12-21 05:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-01-10 19:32 - 2016-12-21 05:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-01-10 19:32 - 2016-12-21 05:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-01-10 19:32 - 2016-12-21 05:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-01-10 19:32 - 2016-12-21 05:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-10 19:32 - 2016-12-21 05:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-01-10 19:32 - 2016-12-14 06:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-10 19:32 - 2016-12-14 06:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-10 19:32 - 2016-12-14 06:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-01-10 19:32 - 2016-12-14 06:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-01-10 19:32 - 2016-12-14 06:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-01-10 19:32 - 2016-12-14 06:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-01-10 19:32 - 2016-12-14 05:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-10 19:32 - 2016-12-14 05:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-10 19:32 - 2016-12-14 05:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-10 19:32 - 2016-12-14 05:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-10 19:32 - 2016-12-14 05:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-01-10 19:32 - 2016-12-14 05:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-10 19:32 - 2016-12-14 05:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-10 19:32 - 2016-12-14 05:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-01-10 19:32 - 2016-12-14 05:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-10 19:32 - 2016-12-14 05:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-10 19:32 - 2016-12-14 05:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-01-10 19:32 - 2016-12-14 05:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-01-10 19:32 - 2016-12-14 05:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-10 19:32 - 2016-12-14 05:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-01-10 19:32 - 2016-12-14 05:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-10 19:32 - 2016-12-14 05:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-10 19:32 - 2016-12-14 05:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-10 19:32 - 2016-12-14 05:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-10 19:32 - 2016-12-14 05:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-10 19:32 - 2016-12-14 05:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-10 19:32 - 2016-12-14 05:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-10 19:32 - 2016-12-14 05:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-10 19:32 - 2016-11-02 13:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-01-10 19:32 - 2016-11-02 11:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-10 19:32 - 2016-08-02 05:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-01-10 19:31 - 2016-12-21 09:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-10 19:31 - 2016-12-21 08:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-10 19:31 - 2016-12-21 08:45 - 00153952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcmiplugin.dll
2017-01-10 19:31 - 2016-12-21 08:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-10 19:31 - 2016-12-21 08:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-10 19:31 - 2016-12-21 08:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-01-10 19:31 - 2016-12-21 08:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-10 19:31 - 2016-12-21 08:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-10 19:31 - 2016-12-21 08:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-10 19:31 - 2016-12-21 08:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-10 19:31 - 2016-12-21 08:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-10 19:31 - 2016-12-21 08:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-10 19:31 - 2016-12-21 08:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-10 19:31 - 2016-12-21 08:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-01-10 19:31 - 2016-12-21 08:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-10 19:31 - 2016-12-21 08:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-01-10 19:31 - 2016-12-21 08:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-10 19:31 - 2016-12-21 08:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-10 19:31 - 2016-12-21 08:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-10 19:31 - 2016-12-21 08:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-10 19:31 - 2016-12-21 08:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-10 19:31 - 2016-12-21 08:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-01-10 19:31 - 2016-12-21 08:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-10 19:31 - 2016-12-21 08:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-10 19:31 - 2016-12-21 08:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-10 19:31 - 2016-12-21 08:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-01-10 19:31 - 2016-12-21 08:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-01-10 19:31 - 2016-12-21 07:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-10 19:31 - 2016-12-21 07:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-10 19:31 - 2016-12-21 07:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-10 19:31 - 2016-12-21 07:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-10 19:31 - 2016-12-21 07:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-10 19:31 - 2016-12-21 07:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-10 19:31 - 2016-12-21 07:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-10 19:31 - 2016-12-21 07:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-10 19:31 - 2016-12-21 07:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-10 19:31 - 2016-12-21 07:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-10 19:31 - 2016-12-21 06:03 - 00136544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqmigplugin.dll
2017-01-10 19:31 - 2016-12-21 06:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-01-10 19:31 - 2016-12-21 06:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-01-10 19:31 - 2016-12-21 06:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-01-10 19:31 - 2016-12-21 06:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-01-10 19:31 - 2016-12-21 06:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-01-10 19:31 - 2016-12-21 06:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-01-10 19:31 - 2016-12-21 05:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-01-10 19:31 - 2016-12-21 05:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-10 19:31 - 2016-12-21 05:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-01-10 19:31 - 2016-12-21 05:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-01-10 19:31 - 2016-12-21 05:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-01-10 19:31 - 2016-12-21 05:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-01-10 19:31 - 2016-12-21 05:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-01-10 19:31 - 2016-12-21 05:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-01-10 19:31 - 2016-12-21 05:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-01-10 19:31 - 2016-12-21 05:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-01-10 19:31 - 2016-12-21 05:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-01-10 19:31 - 2016-12-21 05:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-01-10 19:31 - 2016-12-14 06:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-10 19:31 - 2016-12-14 06:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-10 19:31 - 2016-12-14 06:33 - 02169184 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-01-10 19:31 - 2016-12-14 06:33 - 01669984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-01-10 19:31 - 2016-12-14 06:33 - 01400160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-01-10 19:31 - 2016-12-14 06:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-10 19:31 - 2016-12-14 06:33 - 01054048 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2017-01-10 19:31 - 2016-12-14 06:33 - 00992096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2017-01-10 19:31 - 2016-12-14 06:33 - 00822624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-01-10 19:31 - 2016-12-14 06:33 - 00813408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-01-10 19:31 - 2016-12-14 06:33 - 00779616 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-01-10 19:31 - 2016-12-14 06:33 - 00752992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-01-10 19:31 - 2016-12-14 06:33 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-01-10 19:31 - 2016-12-14 06:33 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-01-10 19:31 - 2016-12-14 06:33 - 00571744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-01-10 19:31 - 2016-12-14 06:33 - 00513376 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2017-01-10 19:31 - 2016-12-14 06:33 - 00406368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-01-10 19:31 - 2016-12-14 06:33 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2017-01-10 19:31 - 2016-12-14 06:33 - 00190816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVDllSurrogate.exe
2017-01-10 19:31 - 2016-12-14 06:26 - 01469792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-01-10 19:31 - 2016-12-14 06:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-10 19:31 - 2016-12-14 06:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-10 19:31 - 2016-12-14 06:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-10 19:31 - 2016-12-14 06:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-10 19:31 - 2016-12-14 06:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-10 19:31 - 2016-12-14 06:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-10 19:31 - 2016-12-14 06:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-01-10 19:31 - 2016-12-14 06:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-01-10 19:31 - 2016-12-14 06:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-01-10 19:31 - 2016-12-14 05:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-10 19:31 - 2016-12-14 05:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-01-10 19:31 - 2016-12-14 05:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-10 19:31 - 2016-12-14 05:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 19:31 - 2016-12-14 05:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-10 19:31 - 2016-12-14 05:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-10 19:31 - 2016-12-14 05:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-10 19:31 - 2016-12-14 05:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-01-10 19:31 - 2016-12-14 05:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 19:31 - 2016-12-14 05:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-10 19:31 - 2016-12-14 05:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-10 19:31 - 2016-12-14 05:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-10 19:31 - 2016-12-14 05:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-10 19:31 - 2016-12-14 05:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-10 19:31 - 2016-12-14 05:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-10 19:31 - 2016-12-14 05:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-01-10 19:31 - 2016-12-14 05:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-01-10 19:31 - 2016-12-14 05:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-01-10 19:31 - 2016-12-14 05:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-10 19:31 - 2016-12-14 05:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-10 19:31 - 2016-12-14 05:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-01-10 19:31 - 2016-12-14 05:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-01-10 19:31 - 2016-12-14 05:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-01-10 19:31 - 2016-12-14 05:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-10 19:31 - 2016-11-02 12:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-01-10 19:31 - 2016-11-02 11:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-01-10 19:31 - 2016-11-02 11:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-01-09 18:22 - 2014-05-19 21:15 - 00450709 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170109-182203.backup
2017-01-07 15:05 - 2017-01-11 18:51 - 00263016 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-06 19:49 - 2014-05-19 21:15 - 00450709 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170106-194925.backup
2017-01-04 20:25 - 2017-01-04 20:25 - 00001333 _____ C:\Users\hans\Desktop\OOSU10861.exe - Verknüpfung.lnk
2017-01-04 20:21 - 2017-01-04 20:21 - 00681536 _____ (O&O Software GmbH) C:\Program Files (x86)\OOSU10861.exe
2017-01-04 18:35 - 2014-05-19 21:15 - 00450709 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170104-183515.backup
2017-01-04 00:41 - 2014-05-19 21:15 - 00450709 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170104-004142.backup
2017-01-04 00:40 - 2014-05-19 21:15 - 00450709 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170104-004028.backup
2017-01-04 00:33 - 2017-01-04 00:33 - 00000000 ____D C:\Users\hans\Aufnahmen\Documents\ProcAlyzer Dumps
2017-01-04 00:27 - 2017-01-04 00:27 - 00000000 ____D C:\Program Files\Common Files\AV
2017-01-04 00:26 - 2017-01-04 00:36 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-01-04 00:26 - 2017-01-04 00:27 - 00000000 ____D C:\Program Files (x86)\SpybotSearchDestroy2
2017-01-04 00:26 - 2017-01-04 00:26 - 00001401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-01-04 00:26 - 2017-01-04 00:26 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-01-04 00:26 - 2017-01-04 00:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpybotSearchDestroy2
2017-01-04 00:26 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2017-01-03 20:05 - 2017-01-03 20:05 - 00000000 ____D C:\Program Files (x86)\Chip Digital GmbH
2017-01-02 22:39 - 2017-01-02 22:39 - 00003270 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-02 22:38 - 2017-01-02 22:38 - 00000000 ____D C:\Users\Leo\AppData\Roaming\Skype
2016-12-28 19:03 - 2016-12-28 19:03 - 00001189 _____ C:\Users\hans\Desktop\MediathekView.lnk
2016-12-28 19:01 - 2016-12-29 20:58 - 00000000 ____D C:\Users\hans\.mediathek3
2016-12-28 18:58 - 2016-12-28 19:03 - 00000000 ____D C:\Program Files (x86)\MediathekView12
2016-12-28 18:55 - 2017-01-02 20:18 - 00000000 ____D C:\Users\hans\AppData\Roaming\TV-Browser
2016-12-28 18:55 - 2016-12-28 18:55 - 00001989 _____ C:\Users\Public\Desktop\TV-Browser.lnk
2016-12-28 18:55 - 2016-12-28 18:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TV-Browser
2016-12-28 18:55 - 2016-12-28 18:55 - 00000000 ____D C:\Program Files (x86)\TV-Browser
2016-12-27 18:27 - 2017-01-11 20:37 - 00000000 ____D C:\Users\hans\Aufnahmen\Documents\BotaniculaSaves
2016-12-27 15:13 - 2016-12-27 15:13 - 00000222 _____ C:\Users\hans\Desktop\Samorost 3.url
2016-12-27 15:13 - 2016-12-27 15:13 - 00000222 _____ C:\Users\hans\Desktop\Botanicula.url
2016-12-27 15:13 - 2016-12-27 15:13 - 00000221 _____ C:\Users\hans\Desktop\Samorost 2.url
2016-12-27 15:13 - 2016-12-27 15:13 - 00000221 _____ C:\Users\hans\Desktop\Machinarium.url
2016-12-27 15:13 - 2016-12-27 15:13 - 00000000 ____D C:\Users\hans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-12-27 14:34 - 2016-12-27 14:34 - 00000000 ____D C:\Users\hans\AppData\Local\Chromium
2016-12-24 15:36 - 2017-01-03 19:45 - 00016524 ____H C:\Users\Leo\AppData\Local\IconCache.db
2016-12-24 15:34 - 2017-01-02 23:10 - 00000000 ____D C:\Users\Leo\AppData\Local\ConnectedDevicesPlatform
2016-12-24 15:34 - 2016-12-24 15:34 - 00004676 __RSH C:\Users\Leo\ntuser.pol
2016-12-24 15:34 - 2016-12-24 15:34 - 00000174 ___SH C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
2016-12-24 15:34 - 2016-12-24 15:34 - 00000020 ___SH C:\Users\Leo\ntuser.ini
2016-12-24 15:34 - 2016-12-24 15:34 - 00000000 ____D C:\Users\Leo\AppData\Local\Comms
2016-12-24 12:49 - 2016-12-24 12:49 - 00000000 _____ C:\Users\hans\AppData\Roaming\f0aa1a7e-4626-4653-9ccb-fec05ba6b9ce.storage
2016-12-24 12:49 - 2016-12-24 12:49 - 00000000 _____ C:\Users\hans\AppData\Roaming\5a873492-3d40-49ab-846a-bc059a202348.storage
2016-12-23 19:56 - 2016-12-23 19:56 - 11346638 _____ C:\Users\hans\Downloads\Amazon-Music-Download_2016-12-23_19-56.zip

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-01-21 14:17 - 2016-11-18 18:38 - 03246596 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-21 14:17 - 2016-07-16 23:51 - 01404304 _____ C:\WINDOWS\system32\perfh007.dat
2017-01-21 14:17 - 2016-07-16 23:51 - 00361998 _____ C:\WINDOWS\system32\perfc007.dat
2017-01-21 14:16 - 2012-07-27 20:37 - 00000000 _____ C:\WINDOWS\Path.idx
2017-01-21 14:11 - 2016-03-06 11:45 - 00000000 ____D C:\Program Files (x86)\Steam
2017-01-21 14:11 - 2012-07-27 19:31 - 01048576 _____ C:\WINDOWS\PE_Rom.dll
2017-01-21 14:10 - 2015-05-19 22:05 - 00000000 __SHD C:\Users\hans\IntelGraphicsProfiles
2017-01-21 14:09 - 2016-07-16 07:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-01-21 14:09 - 2015-06-16 19:22 - 00000000 ____D C:\ProgramData\firebird
2017-01-21 14:08 - 2016-11-18 18:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-21 14:08 - 2016-07-16 07:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-01-21 14:07 - 2016-11-18 18:55 - 00000008 __RSH C:\Users\hans\ntuser.pol
2017-01-21 14:07 - 2016-11-18 18:39 - 00000000 ____D C:\Users\hans
2017-01-21 14:07 - 2013-12-27 15:25 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-01-21 14:00 - 2016-11-18 18:39 - 00000000 ____D C:\Users\DefaultAppPool
2017-01-20 19:04 - 2012-11-06 22:55 - 00000000 ____D C:\Users\hans\AppData\Roaming\Notepad++
2017-01-20 19:03 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-20 18:37 - 2016-11-18 18:33 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-20 18:05 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-17 19:54 - 2015-11-08 11:57 - 00000000 ____D C:\Users\hans\Aufnahmen\Documents\Registry CC_Cleaner
2017-01-16 23:54 - 2015-10-15 18:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-16 21:12 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-14 19:52 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-01-11 18:52 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-11 18:52 - 2015-10-23 20:52 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-11 18:51 - 2013-10-09 12:21 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-11 07:54 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-11 07:54 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-11 07:54 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-11 07:54 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-11 07:54 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-11 07:54 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-01-11 01:47 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-01-11 01:47 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-01-10 21:01 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-10 20:59 - 2013-08-16 22:43 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-10 20:57 - 2012-07-28 17:25 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-07 15:07 - 2016-11-18 18:39 - 00000000 ____D C:\Users\Mcx1-DELFINE
2017-01-07 15:07 - 2016-11-18 18:39 - 00000000 ____D C:\Users\Leo
2017-01-05 17:40 - 2010-11-21 04:27 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-01-04 01:47 - 2016-11-18 18:45 - 00003858 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-01-03 20:05 - 2012-07-28 16:00 - 00000000 ____D C:\Users\hans\AppData\Local\Downloaded Installations
2017-01-03 19:45 - 2016-12-03 14:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-01-03 19:45 - 2012-09-07 16:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-02 22:41 - 2015-12-03 19:27 - 00000000 ____D C:\Users\Leo\AppData\Local\Packages
2017-01-02 22:39 - 2016-03-06 11:43 - 00002418 _____ C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-02 22:39 - 2016-03-06 11:43 - 00000000 ___RD C:\Users\Leo\OneDrive
2017-01-02 22:38 - 2015-06-07 17:59 - 00000000 __SHD C:\Users\Leo\IntelGraphicsProfiles
2016-12-31 20:36 - 2014-01-25 15:21 - 00000000 ____D C:\Users\hans\AppData\Roaming\KeePass
2016-12-31 13:23 - 2016-12-10 13:37 - 00000000 ____D C:\ProgramData\Foxit Software
2016-12-31 13:23 - 2009-07-14 04:20 - 00000000 ___RD C:\Users\Public\Documents
2016-12-31 13:14 - 2012-07-30 21:48 - 00000000 ____D C:\Users\hans\AppData\Roaming\Foxit Software
2016-12-31 12:57 - 2012-07-28 16:00 - 00000000 ____D C:\ProgramData\Sonos,_Inc
2016-12-28 19:03 - 2015-07-24 14:57 - 00000000 ____D C:\Users\hans\AppData\Roaming\vlc
2016-12-27 16:02 - 2016-03-06 11:57 - 00000000 ____D C:\Users\hans\AppData\Local\Steam
2016-12-27 14:32 - 2016-03-06 11:45 - 00001036 _____ C:\Users\Public\Desktop\Steam.lnk
2016-12-27 14:32 - 2016-03-06 11:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-12-24 15:42 - 2016-12-03 14:44 - 00000000 ____D C:\WINDOWS\Minidump
2016-12-24 15:36 - 2016-11-18 18:39 - 00524288 ___SH C:\Users\Leo\NTUSER.DAT{22c1e74d-adb5-11e6-a28c-dd852ca2b43d}.TMContainer00000000000000000001.regtrans-ms
2016-12-24 15:36 - 2016-11-18 18:39 - 00065536 ___SH C:\Users\Leo\NTUSER.DAT{22c1e74d-adb5-11e6-a28c-dd852ca2b43d}.TM.blf
2016-12-24 15:36 - 2016-11-18 18:39 - 00000000 ____D C:\Users\Leo\AppData\Local
2016-12-24 15:34 - 2016-11-18 18:39 - 00000000 ___RD C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2016-12-24 15:34 - 2015-05-03 14:21 - 00000282 ___SH C:\Users\Leo\Downloads\desktop.ini
2016-12-24 15:34 - 2015-05-03 14:21 - 00000282 ___SH C:\Users\Leo\Desktop\desktop.ini
2016-12-24 15:34 - 2015-05-03 14:21 - 00000174 ___SH C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
2016-12-24 15:34 - 2015-05-03 14:21 - 00000000 ___RD C:\Users\Leo\Searches
2016-12-24 15:34 - 2015-05-03 14:21 - 00000000 ___RD C:\Users\Leo\Contacts
2016-12-24 15:34 - 2015-05-03 14:21 - 00000000 ___RD C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2016-12-24 15:34 - 2015-05-03 14:21 - 00000000 ___RD C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2016-12-24 15:34 - 2015-05-03 14:20 - 00000000 ___RD C:\Users\Leo\Videos
2016-12-24 15:34 - 2015-05-03 14:20 - 00000000 ___RD C:\Users\Leo\Saved Games
2016-12-24 15:34 - 2015-05-03 14:20 - 00000000 ___RD C:\Users\Leo\Pictures
2016-12-24 15:34 - 2015-05-03 14:20 - 00000000 ___RD C:\Users\Leo\Music
2016-12-24 15:34 - 2015-05-03 14:20 - 00000000 ___RD C:\Users\Leo\Links
2016-12-24 15:34 - 2015-05-03 14:20 - 00000000 ___RD C:\Users\Leo\Favorites
2016-12-24 15:34 - 2015-05-03 14:20 - 00000000 ___RD C:\Users\Leo\Downloads
2016-12-24 15:34 - 2015-05-03 14:20 - 00000000 ___RD C:\Users\Leo\Documents
2016-12-24 15:34 - 2015-05-03 14:20 - 00000000 ___RD C:\Users\Leo\Desktop
2016-12-23 00:13 - 2016-07-16 12:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-23 00:13 - 2016-07-16 12:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-22 20:53 - 2015-12-28 19:04 - 00000000 ____D C:\Users\hans\Aufnahmen\Documents\My Digital Editions

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2017-01-04 20:21 - 2017-01-04 20:21 - 0681536 _____ (O&O Software GmbH) C:\Program Files (x86)\OOSU10861.exe
2015-11-01 17:56 - 2015-11-01 17:56 - 0000000 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-12-24 12:49 - 2016-12-24 12:49 - 0000000 _____ () C:\Users\hans\AppData\Roaming\5a873492-3d40-49ab-846a-bc059a202348.storage
2015-05-25 10:28 - 2015-05-25 10:28 - 0000093 _____ () C:\Users\hans\AppData\Roaming\ARCompanion.log
2016-12-24 12:49 - 2016-12-24 12:49 - 0000000 _____ () C:\Users\hans\AppData\Roaming\f0aa1a7e-4626-4653-9ccb-fec05ba6b9ce.storage
2014-02-07 19:26 - 2014-02-07 19:26 - 0000044 _____ () C:\Users\hans\AppData\Roaming\WB.CFG
2012-09-23 14:57 - 2016-06-22 20:06 - 0012800 _____ () C:\Users\hans\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-29 11:00 - 2013-12-29 11:00 - 0000093 _____ () C:\Users\hans\AppData\Local\fusioncache.dat
2016-01-30 16:21 - 2016-01-30 16:47 - 0000026 _____ () C:\Users\hans\AppData\Local\isoworkshop.ini
2013-02-09 18:39 - 2013-02-09 18:40 - 0000600 _____ () C:\Users\hans\AppData\Local\PUTTY.RND
2012-07-28 01:07 - 2012-09-14 22:37 - 0007597 _____ () C:\Users\hans\AppData\Local\Resmon.ResmonCfg
2013-09-25 18:08 - 2016-01-30 16:12 - 0000085 ___SH () C:\ProgramData\.zreglib
2012-07-29 16:35 - 2012-07-29 18:52 - 0000297 _____ () C:\ProgramData\Gpu.log

Einige Dateien in TEMP:
====================
C:\Users\hans\AppData\Local\Temp\ginstall.dll


==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-01-14 18:48

==================== Ende von FRST.txt ============================
         
__________________

Alt 21.01.2017, 15:59   #4
laocoon
 
Windows10: Trojanerfunde TR/Crypt.ZPACK.opknz + TR/Crypt.ZPACK.gezb + TR/Crypt.Xpack.400358 + TR/Dropper.A.40051 + TR/Dropper.A.40034 - Standard

Windows10: Trojanerfunde TR/Crypt.ZPACK.opknz + TR/Crypt.ZPACK.gezb + TR/Crypt.Xpack.400358 + TR/Dropper.A.40051 + TR/Dropper.A.40034



...und hier die letzte LOG (Addition):

Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 18-01-2017
durchgeführt von hans (21-01-2017 15:20:46)
Gestartet von C:\Users\hans\Desktop
Windows 10 Pro Version 1607 (X64) (2016-11-18 17:46:59)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-1412286257-1942420214-3619319362-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1412286257-1942420214-3619319362-1006 - Limited - Enabled)
DefaultAccount (S-1-5-21-1412286257-1942420214-3619319362-503 - Limited - Disabled)
Gast (S-1-5-21-1412286257-1942420214-3619319362-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1412286257-1942420214-3619319362-1004 - Limited - Enabled)
hans (S-1-5-21-1412286257-1942420214-3619319362-1000 - Administrator - Enabled) => C:\Users\hans
Leo (S-1-5-21-1412286257-1942420214-3619319362-1007 - Limited - Enabled) => C:\Users\Leo
Mcx1-DELFINE (S-1-5-21-1412286257-1942420214-3619319362-1002 - Limited - Enabled) => C:\Users\Mcx1-DELFINE

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AAVUpdateManager (HKLM-x32\...\{0D410F4D-9009-43F8-9DF1-BDADCE7FC43F}) (Version: 3.00.0000 - Akademische Arbeitsgemeinschaft)
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.3 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 4.4 64-bit (HKLM\...\{11A955CD-4398-405A-886D-E464C3618FBF}) (Version: 4.4.1 - Adobe)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.6.147 - Adobe Systems, Inc.)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 1.04.02 - ASUSTeK Computer Inc.)
Amazon Kindle (HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\Amazon Kindle) (Version:  - Amazon)
Amazon Kindle (HKU\S-1-5-21-1412286257-1942420214-3619319362-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017142205740\...\Amazon Kindle) (Version:  - Amazon)
Amazon Kindle (HKU\S-1-5-21-1412286257-1942420214-3619319362-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017142413452\...\Amazon Kindle) (Version:  - Amazon)
Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Anno 1602 (HKLM-x32\...\ANNO1602) (Version:  - )
ape@map (HKLM-x32\...\{660ACE0D-40F7-47E0-BDF2-5ED0E0293BEC}) (Version: 3.6.0 - Onyx Technologie OG)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AquaSoft DiaShow 9 Ultimate (HKLM-x32\...\AquaSoft DiaShow 9 Ultimate) (Version: 9.5.16 - AquaSoft)
ArchiCAD 16 GER (HKLM\...\001FFF2FFF16FF00FF0201F01F02F000-R1) (Version: 16.0 - GRAPHISOFT)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version:  - )
ASUS PC Diagnostics (HKLM-x32\...\{D709005F-D8DC-42A8-8435-5AE880ECAF82}) (Version: 1.2.5 - ASUSTeK Computer Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.24.146 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{707e8edf-9482-4417-ae39-c9b5fe605e87}) (Version: 1.2.76.27124 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.76.27124 - Avira Operations GmbH & Co. KG) Hidden
AXIS Camera Companion 3.11 (HKLM\...\{A6FE3FFD-BD70-4FD6-A436-62417F0A81EB}_is1) (Version: 3.11.001 - Axis Communications AB)
Biet-O-Matic v2.14.8 (HKLM-x32\...\Biet-O-Matic v2.14.8) (Version: 2.14.8 - BOM Development Team)
Botanicula (HKLM\...\Steam App 207690) (Version:  - Amanita Design)
calibre 64bit (HKLM\...\{D8905AF6-9F72-4BD8-BF37-51C5760B3CD5}) (Version: 2.48.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform)
chip 1-click download service (HKLM-x32\...\{503CA94E-0834-4CEE-AD92-BA17AF4E809A}) (Version: 3.6.9.0 - Chip Digital GmbH)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.2.100.14 - Citrix Systems, Inc.)
Coast Guard (HKLM-x32\...\Steam App 361200) (Version:  - Reality Twist GmbH)
Cuttermaran 1.70 (HKLM-x32\...\{5F499D33-546A-442B-B0F9-4C58F3B5B6E3}) (Version: 1.7.0 - toarnold)
Easy Photo Scan (HKLM-x32\...\{1A6DED1E-A024-455D-AA82-203D6B3B0CBC}) (Version: 1.00.0006 - Seiko Epson Corporation)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print 2 (HKLM-x32\...\{07AA1C7F-E8CA-4FDC-B975-BC9EBC22B6DE}) (Version: 2.7.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-225 Series Printer Uninstall (HKLM\...\EPSON XP-225 Series) (Version:  - SEIKO EPSON Corporation)
EPSON-Handbücher (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.50.0.0 - SEIKO EPSON CORPORATION)
EpsonNet Print (HKLM\...\{15A0F113-BF2C-4C12-8AA8-42AE0D9AE1C9}) (Version: 3.1.2.0 - SEIKO EPSON Corporation)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
FileZilla Client 3.9.0.5 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.5 - Tim Kosse)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.1.4.1208 - Foxit Software Inc.)
Garmin BaseCamp (HKLM-x32\...\{23A4DBD1-D847-4957-995D-8B1CC527E2E2}) (Version: 4.6.2.0 - Garmin Ltd or its subsidiaries)
Garmin MapSource (HKLM-x32\...\{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}) (Version: 6.16.3 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
GoGear SA4VBE Device Manager (HKLM-x32\...\{E7CA2FE9-1BDB-455D-83A3-0B0D1466EAF9}) (Version: 1.00 - Ihr Firmenname)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel(R) Network Connections 20.0.10.0 (HKLM\...\PROSetDX) (Version: 20.0.10.0 - Intel)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel(R) Smart Connect Technology 2.0 x64 (HKLM\...\{54F8B6C7-9B25-4E85-A1E0-26CFB80DE787}) (Version: 2.0.1083.0 - Intel)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version:  - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JONA TA1 (HKLM-x32\...\JONA TA1_is1) (Version:  - Jübermann Verlag)
Kobo (HKLM-x32\...\Kobo) (Version: 4.0.5579 - Rakuten Kobo Inc.)
LameXP v4.07 (HKLM-x32\...\{FBD7A67D-D700-4043-B54F-DD106D00F308}) (Version: 4.07 Final-1 [Build #1286] - LoRd_MuldeR <mulder2@gmx.de>)
LibreOffice 4.1 Help Pack (German) (HKLM-x32\...\{43295475-62CA-4F25-B46C-43C59258780E}) (Version: 4.1.4.2 - The Document Foundation)
LibreOffice 4.3.7.2 (HKLM-x32\...\{8ED4A1FC-56CF-414C-A9AB-A37714AA9EA7}) (Version: 4.3.7.2 - The Document Foundation)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Machinarium (HKLM\...\Steam App 40700) (Version:  - Amanita Design)
Malwarebytes Version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
Mediencenter 3.8.9799.6 (HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\Mediencenter) (Version: 3.8.9799.6 - Deutsche Telekom AG)
Mediencenter 3.8.9799.6 (HKU\S-1-5-21-1412286257-1942420214-3619319362-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017142205740\...\Mediencenter) (Version: 3.8.9799.6 - Deutsche Telekom AG)
Mediencenter 3.8.9799.6 (HKU\S-1-5-21-1412286257-1942420214-3619319362-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017142413452\...\Mediencenter) (Version: 3.8.9799.6 - Deutsche Telekom AG)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1412286257-1942420214-3619319362-1007-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-01212017141956045\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
Mozilla Firefox 45.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 de)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.6.0.6200 - Mozilla)
Mozilla Thunderbird 45.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.6.0 (x86 de)) (Version: 45.6.0 - Mozilla)
Mp3tag v2.59a (HKLM-x32\...\Mp3tag) (Version: v2.59a - Florian Heidenreich)
MyEpson Portal (HKLM-x32\...\MyEpson Portal) (Version:  - SEIKO EPSON Corporation)
MyEpson Portal (x32 Version: 1.1.1.0 - SEIKO EPSON CORPORATION) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.2 - )
NVIDIA PhysX v8.05.26 (HKLM-x32\...\{11AE6807-50D2-4F59-82B3-2C3E695E94C2}) (Version: 8.05.26 - NVIDIA Corporation)
Online Plug-in (x32 Version: 14.2.100.14 - Citrix Systems, Inc.) Hidden
OnlineFotoservice (HKLM-x32\...\OnlineFotoservice) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.1.1 - pdfforge)
phase-6 2.3.4 (HKLM-x32\...\phase-6) (Version: 2.3.4 - phase-6)
Philips Media Convertor v1.2   (HKLM-x32\...\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}) (Version: 4.45 -  )
Photo Station Uploader (remove only) (HKLM-x32\...\Photo Station Uploader) (Version:  - Synology)
PHOTOfunSTUDIO 6.5 BD Edition (HKLM-x32\...\{AD5B7E20-00E1-4B7B-84DC-53F5CEFFA367}) (Version: 6.05.818 - Panasonic Corporation)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
POIbase 2.0.22 (HKLM-x32\...\POIbase_is1) (Version:  - POIbase)
Preispiraten (HKLM-x32\...\{5384EA8A-FECA-4D6E-B7B4-3D4D9D47E5DF}) (Version: 6 - metaspinner net GmbH)
Preispiraten 7 (HKLM-x32\...\{D746E113-378A-45A2-8EB0-DF00BD2454DE}) (Version: 7.1.1.0 - metaspinner net GmbH)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 9.2 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6570 - Realtek Semiconductor Corp.)
Republic Heroes (HKLM-x32\...\{5612C844-55BC-4B77-82C2-A2E28962418E}) (Version: 1.00.0000 - LucasArts)
Samorost 2 (HKLM\...\Steam App 40720) (Version:  - Amanita Design)
Samorost 3 (HKLM\...\Steam App 421120) (Version:  - Amanita Design)
SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.6 - Seagate Technology)
Self-Service Plug-in (x32 Version: 4.2.100.5943 - Citrix Systems, Inc.) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
Sonos Controller (HKLM-x32\...\{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}) (Version: 34.7.35161 - Sonos, Inc.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Steuer-Ratgeber 2016-2017 (HKLM-x32\...\{2D99CB45-87EE-4834-BB15-5DD59A024E4C}) (Version: 16.11.6 - Wolters Kluwer Deutschland GmbH)
Steuer-Spar-Erklärung 2009 (HKLM-x32\...\{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}) (Version: 14.01.0000 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2010 (HKLM-x32\...\{CE23D66A-B4D8-468B-B932-41159FA54E14}) (Version: 15.18 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2011 (HKLM-x32\...\{9F5FD796-86F0-4360-85F8-D54C0F5411EB}) (Version: 16.19.11 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2012 (HKLM-x32\...\{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}) (Version: 17.14 - Wolters Kluwer Deutschland GmbH)
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.11.11 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.14.99 - Akademische Arbeitsgemeinschaft)
SteuerSparErklärung 2015 (HKLM-x32\...\{312C0E08-8F94-4536-AAF6-3413F784AC5F}) (Version: 20.42.175 - Akademische Arbeitsgemeinschaft)
SteuerSparErklärung 2016 (HKLM-x32\...\{D331D50C-C578-423B-8BC7-94D3133CE315}) (Version: 21.37.107 - Akademische Arbeitsgemeinschaft)
SteuerSparErklärung 2017  (HKLM-x32\...\{45815686-22F8-4D24-872D-E481A654B230}) (Version: 22.20.35 - Wolters Kluwer Deutschland GmbH)
SurveillancePlugin (HKLM-x32\...\{DD3D6671-165A-4823-AB2F-F73316EE0C71}) (Version: 1.0.0.934 - Synology)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version:  - )
TomTom MyDrive Connect 4.1.1.2797 (HKLM-x32\...\MyDriveConnect) (Version: 4.1.1.2797 - TomTom)
TV-Browser 3.4.4 (HKLM-x32\...\tvbrowser) (Version: 3.4.4 - TV-Browser Team)
Unity Web Player (HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-1412286257-1942420214-3619319362-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017142205740\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-1412286257-1942420214-3619319362-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017142413452\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
XMedia Recode Version 3.3.5.7 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.3.5.7 - XMedia Recode)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-1412286257-1942420214-3619319362-1000_Classes\CLSID\{268502F4-815D-4358-A8D6-B783FDB58EF0}\InprocServer32 -> C:\Users\hans\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.ContextMenuHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-1412286257-1942420214-3619319362-1000_Classes\CLSID\{528EE335-5034-4EFC-834E-63E5F02D2BC2}\InprocServer32 -> C:\Users\hans\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-1412286257-1942420214-3619319362-1000_Classes\CLSID\{6066ADF0-9EB0-43E5-ADB6-990F5A3B979C}\InprocServer32 -> C:\Users\hans\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-1412286257-1942420214-3619319362-1000_Classes\CLSID\{77BC4082-DB5F-439A-8DC8-F9E24A63B0DE}\InprocServer32 -> C:\Users\hans\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-1412286257-1942420214-3619319362-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0249BE9D-7295-48C9-8EA3-41C4636235D7} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1412286257-1942420214-3619319362-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {0817A928-B064-4348-858D-6102DAB0D531} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {085E3A32-ECDB-4286-93A6-BE96375339A6} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0FCEB1D2-4C5F-43A9-9BB9-189967BC4C32} - System32\Tasks\{1857F86E-A91E-42F3-98CD-513ABEF090DF} => D:\Setup\Setup.exe
Task: {1930B07F-67A5-419A-B34A-063D0A9F256C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {1C3443F6-171D-4A09-83F7-F32D1478114C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {1DB28F69-B61F-4BA9-8695-DCE839D6FF72} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr.exe [2011-09-09] ()
Task: {2038D09C-5622-43D7-8758-4C878C8A60D4} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {2A7EAD93-6364-4194-B89C-A305D34BB5EE} - System32\Tasks\{A0932F3B-7471-4D67-857B-092DD058D72E} => msiexec.exe /package "C:\Users\hans\Downloads\MicrosoftFixit50123.msi"
Task: {2B3DAD67-1F2B-47D9-979F-D9DCCCB9DAD7} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {2BB73430-C81E-4FF3-9D0A-19019A784E95} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {2C49CF5F-8B53-4CC6-8DAA-D8D47C4C729B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {2C6F490F-329D-4E0D-8E9A-156FE30A0CD0} - System32\Tasks\{D9BC4299-7B8A-46FE-95D0-B0FB0F052CA8} => pcalua.exe -a C:\Users\hans\Downloads\irfanview_plugins_433_setup.exe -d C:\Users\hans\Downloads
Task: {32AE5F22-5189-4C51-9DAB-8840F5580A8A} - System32\Tasks\ASUS\i-Setup225236 => C:\Windows\Chipset\AsusSetup.exe [2010-09-08] (ASUSTeK Computer Inc.)
Task: {33135665-B856-4771-B1C0-995F02BDABFE} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-01-10] (Microsoft Corporation)
Task: {33B04117-EF5A-4814-AEE4-7C88C14ADAB9} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {3A38A368-F25C-4142-8202-17C71E472428} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-DELFINE => C:\WINDOWS\ehome\McxTask.exe
Task: {3AFE325C-F25F-4804-89C3-74D568FFB074} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1412286257-1942420214-3619319362-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {3BF6D36E-AC15-4EFD-840B-EBBD5575D133} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/uninstall.html?aaa=KICMJMOJLMJJHMMMMJOMCNMMJMOJIMCNLMOMJJOJCNNJJJOMJMCNOJPMKMJJMJLMNMNJLMOMPMLJJNJICMIMCNGMCNNMFMGMCNOMOMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMFMOMPMJNHICMEKMICNJJCKJNBJCMFLAJKJNIIJJNKJCMJNNICMJNDJCMLJKJ"
Task: {3C1A87E2-487C-4F64-904B-98FA2CBD98E7} - System32\Tasks\{B2308464-6499-4ABC-929A-920DF196783A} => pcalua.exe -a C:\Users\hans\Downloads\Intel_MEI_V8001262_XPVistaWin7\setup.exe -d C:\Users\hans\Downloads\Intel_MEI_V8001262_XPVistaWin7
Task: {3D1299CA-6366-4630-9EDE-416941473940} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3D55EEDE-13C3-4151-AE28-BC0E9F25B815} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK Computer Inc.)
Task: {3DE316FA-36A0-4E43-A65C-BA97CDCAD874} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {42A3DC6D-3D60-4101-8260-C4FA4D6DDA4C} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {49A6CF7B-717F-46E6-9D08-BF1D4BC16702} - System32\Tasks\EPSON XP-225 Series Update {400C43AB-2E87-4983-A887-86105496B879} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSNFE.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {4A50958A-A184-434E-9E12-8EAC3B86D9E1} - System32\Tasks\{CD547849-DBC6-4B5E-AB12-A6920D3B22CE} => D:\Setup\Setup.exe
Task: {4A573E16-E200-4F13-A290-25BEC00FBD22} - System32\Tasks\{911A89DB-DBD8-4A27-858E-C4642650E149} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {4CF1F731-41FC-4216-B898-C521E67F32D4} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {4EA532CD-77F3-47B4-9D5D-888BF06C06FB} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4F94B588-442D-4357-ADF0-CF6CE0C72462} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {50C0C005-93EF-42E4-84A2-AAB670263950} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {528CABAF-43C9-4AE7-B180-3FDD73E01148} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1412286257-1942420214-3619319362-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {5297443F-2E27-4209-86E3-9315B15FBFBF} - System32\Tasks\{F321C931-35DF-4923-94CE-B26E767B491C} => D:\Setup\Setup.exe
Task: {54A56059-C42A-4057-81C8-8BCE697EC1F7} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {589F8A18-086F-4C5A-A2C2-634E5BBEFC25} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {598E6758-D5FD-435E-BF77-6E4F26749D99} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {5BA370C3-34A9-4DAC-8EE1-9962A0DE9E18} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {5C26B83E-986B-4626-BDD9-F77615EC0D4A} - System32\Tasks\ASUS\ASUS Network iControl Help Execute => C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelpEntry.exe [2012-05-02] (ASUSTeK Computer Inc.)
Task: {6492A934-A224-48E9-A4D7-66553F0C1E45} - System32\Tasks\{B50D7758-3420-49B0-8664-92A5FB1F6CC9} => pcalua.exe -a C:\Users\hans\Downloads\IRST_V11101006_XPWin7\Install\setup.exe -d C:\Users\hans\Downloads\IRST_V11101006_XPWin7\Install
Task: {64CB2651-4108-408F-A02E-13600C88F694} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {65D515D0-F153-4DE1-887E-FA3FC1B06D18} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1412286257-1942420214-3619319362-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {66DC2431-A42B-43D2-904C-518845E25722} - System32\Tasks\EPSON XP-225 Series Update {001F270C-F9BB-470F-B086-11C7F0EF0C45} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSNFE.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {7A9B340A-D2F3-4EE4-8817-6A6C7ABD0905} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {7E7476F9-7924-4351-8879-DE143BE5C861} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {82CD644B-6699-4A98-8530-1DC3028DA2A5} - System32\Tasks\{0049431D-45DD-4925-B4D3-C8F7996C2C5F} => D:\Setup\Setup.exe
Task: {887D0F05-A015-462B-899F-00230E3D665E} - System32\Tasks\EPSON XP-225 Series Update {8E8C44D1-647B-4702-87C3-50BD8D890228} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSNFE.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {8CDC8717-D6E5-4E71-939C-26AD26E5716C} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1412286257-1942420214-3619319362-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {8D1A707C-742F-43D1-9B39-61D39A92946A} - System32\Tasks\ASUS\ASUS DigiPowerControl Help => C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe [2012-03-06] (ASUSTeK Computer Inc.)
Task: {8FA53CBD-4278-4AF4-9E4C-A027261C9FE7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {987D7137-1BB0-4471-85DE-80DDD02C91C3} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {990ADD2E-3761-41EE-B369-18BB4398F8D9} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {9BAA51D7-1BB0-4978-A852-2C7ECD84B6E6} - System32\Tasks\EPSON XP-225 Series Update {D4D7AC37-2892-4C94-87B6-70E2D581C285} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSNFE.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {9D62EB8A-EE4B-4AED-A74F-2188219A43B0} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {A0F66942-84FE-4673-82C9-330DF19BF862} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\SpybotSearchDestroy2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {A54BDE5D-A31F-4891-9B21-B7070CA3E40C} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {A55FB450-1D64-42B4-8762-0C696CB4B384} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\hans\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {AE7FC220-2C08-4928-9F1A-A9D80A9F21ED} - System32\Tasks\ASUS\ASUS WiFi GO! Server Execute => C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFi GO! Server.exe [2012-04-19] (ASUSTeK Computer Inc.)
Task: {B6A1F721-876D-41AD-9C0B-30D2B79446FA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\SpybotSearchDestroy2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {B71C4802-D847-40F6-BEEA-AC0CDA6DA5FC} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {BB07BFF0-CE0F-46FC-B250-22BDD6033EF1} - System32\Tasks\{BFA096D1-2D1E-4E62-A764-91FA3BAB5A2B} => D:\Setup\Setup.exe
Task: {C183258E-D8AC-400E-9B40-61EA48128590} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C307EB96-F435-4A95-8D4D-C02C361D0E44} - System32\Tasks\ASUS\i-Setup204402 => C:\Windows\Chipset\AsusSetup.exe [2010-09-08] (ASUSTeK Computer Inc.)
Task: {C41353BE-8F62-4E96-9B38-1BF1856EB93D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-11] (Adobe Systems Incorporated)
Task: {C41DF22E-22E0-423D-BC74-FB1E2D81E455} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C5319865-C6CC-4B39-8C63-6EAA72C05F28} - System32\Tasks\{125039C6-08E7-4D3A-B032-A1C55F876595} => pcalua.exe -a C:\Users\hans\Downloads\Intel_USB3_V104225_Win7\Intel\SetupUSB3_Dell.exe -d C:\Users\hans\Downloads\Intel_USB3_V104225_Win7\Intel
Task: {CD9C0807-169B-4A49-BD91-F4F0B80165EA} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E1518AFD-7206-4F48-8036-5443ACAF7C7B} - System32\Tasks\{7E7A9016-FAAC-4DA4-8547-F849B4804155} => D:\Setup\Setup.exe
Task: {E23AFAFC-35F8-4B25-9586-ED2C1030F76D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-21] (Piriform Ltd)
Task: {E2C1F8A8-B6FD-4C06-8EF6-84D63F4BA583} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\SpybotSearchDestroy2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {EF4C2A81-37BA-424D-A992-D95965244269} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F1426AEF-C1DF-42BE-9061-5FA83A524639} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {FD23DDF3-51C0-45CC-A8B6-C52977A7CC8C} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FEB5880F-C3AC-4C5A-9B81-7315BA6F9CA2} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\EPSON XP-225 Series Update {001F270C-F9BB-470F-B086-11C7F0EF0C45}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSNFE.EXE :/EXE:{001F270C-F9BB-470F-B086-11C7F0EF0C45} /F:Update  WORKGROUP\DELFINE$ ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON XP-225 Series Update {400C43AB-2E87-4983-A887-86105496B879}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSNFE.EXE :/EXE:{400C43AB-2E87-4983-A887-86105496B879} /F:Update  WORKGROUP\DELFINE$ ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON XP-225 Series Update {8E8C44D1-647B-4702-87C3-50BD8D890228}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSNFE.EXE :/EXE:{8E8C44D1-647B-4702-87C3-50BD8D890228} /F:Update  SYSTEM ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON XP-225 Series Update {D4D7AC37-2892-4C94-87B6-70E2D581C285}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSNFE.EXE :/EXE:{D4D7AC37-2892-4C94-87B6-70E2D581C285} /F:Update  WORKGROUP\DELFINE$ ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-15 18:13 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2008-10-24 15:35 - 2008-10-24 15:35 - 00128296 _____ () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2012-07-28 20:23 - 2012-07-28 20:23 - 00920736 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2015-05-11 08:12 - 2015-05-11 08:12 - 00248736 _____ () C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
2016-12-15 18:13 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-11-18 18:57 - 2016-11-18 18:57 - 01864384 _____ () C:\Users\hans\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2014-11-25 04:22 - 2014-11-25 04:22 - 00035328 _____ () C:\Program Files (x86)\Synology\Photo Station Uploader\ShellExtHandler.dll
2012-06-18 16:24 - 2012-06-18 16:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2016-11-18 18:31 - 2016-11-18 18:31 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 19:31 - 2016-12-21 08:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-10 19:31 - 2016-12-21 07:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 19:31 - 2016-12-21 07:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-10 19:31 - 2016-12-21 07:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 19:31 - 2016-12-21 07:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 19:31 - 2016-12-21 07:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2012-07-28 20:23 - 2017-01-21 14:08 - 00031232 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2012-07-28 20:23 - 2010-06-29 09:58 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2017-01-04 00:26 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\SpybotSearchDestroy2\snlThirdParty150.bpl
2017-01-04 00:26 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\SpybotSearchDestroy2\snlFileFormats150.bpl
2017-01-04 00:26 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\SpybotSearchDestroy2\DEC150.bpl
2017-01-04 00:26 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\SpybotSearchDestroy2\sqlite3.dll
2017-01-04 00:26 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\SpybotSearchDestroy2\av\BDSmartDB.dll
2012-07-27 22:18 - 2012-02-01 15:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\apemap.com -> hxxp://apemap.com
IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\europacasino.com -> www.europacasino.com
IE trusted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017142205740\...\apemap.com -> hxxp://apemap.com
IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017142205740\...\europacasino.com -> www.europacasino.com
IE trusted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017142413452\...\apemap.com -> hxxp://apemap.com
IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017142413452\...\europacasino.com -> www.europacasino.com
IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-01212017141955985\...\europacasino.com -> www.europacasino.com

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2017-01-21 15:10 - 00000938 ____R C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017142205696\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017142413404\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017142205717\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017142413426\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\hans\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017142205740\Control Panel\Desktop\\Wallpaper -> C:\Users\hans\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017142413452\Control Panel\Desktop\\Wallpaper -> C:\Users\hans\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-1412286257-1942420214-3619319362-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-01212017141955985\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-1412286257-1942420214-3619319362-1007-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-01212017141956045\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-01212017141956158\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO 6.5 BD Edition.lnk => C:\Windows\pss\PHOTOfunSTUDIO 6.5 BD Edition.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^hans^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Mediencenter.lnk => C:\Windows\pss\Mediencenter.lnk.Startup
MSCONFIG\startupfolder: C:^Users^hans^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Persbackup.lnk => C:\Windows\pss\Persbackup.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Greenshot => C:\Program Files (x86)\Greenshot\Greenshot.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Plugin Install => C:\Program Files (x86)\QuickTime\Plugins\DeleteMe1.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
HKLM\...\StartupApproved\StartupFolder: => "phase-6 Reminder.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Philips GoGear SA4VBE Device Manager.lnk"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "EvtMgr6"
HKLM\...\StartupApproved\Run: => "XboxStat"
HKLM\...\StartupApproved\Run32: => "AXIS Camera Management Service Control"
HKLM\...\StartupApproved\Run32: => "ConnectionCenter"
HKLM\...\StartupApproved\Run32: => "Redirector"
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKLM\...\StartupApproved\Run32: => "ASUS WiFi GO! FileTransfer Execute"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "QuickTime Plugin Install"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\StartupApproved\Run: => "Xvid"
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\StartupApproved\Run: => "EPLTarget\P0000000000000002"
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\StartupApproved\Run: => "EPLTarget\P0000000000000001"
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\StartupApproved\Run: => "MyDriveConnect.exe"
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017142205740\...\StartupApproved\Run: => "Xvid"
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017142205740\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017142205740\...\StartupApproved\Run: => "EPLTarget\P0000000000000002"
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017142205740\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017142205740\...\StartupApproved\Run: => "EPLTarget\P0000000000000001"
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017142205740\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017142205740\...\StartupApproved\Run: => "MyDriveConnect.exe"
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017142413452\...\StartupApproved\Run: => "Xvid"
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017142413452\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017142413452\...\StartupApproved\Run: => "EPLTarget\P0000000000000002"
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017142413452\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017142413452\...\StartupApproved\Run: => "EPLTarget\P0000000000000001"
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017142413452\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017142413452\...\StartupApproved\Run: => "MyDriveConnect.exe"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => LPort=808
FirewallRules: [{CFEA598E-2120-49BD-96EB-F0797B9EA7C8}] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{4C965A15-EEDE-47E3-BE20-17D816B75B7D}] => C:\Program Files (x86)\Steam\SteamApps\common\Coast Guard\Coastguard_1.0.6_PC.exe
FirewallRules: [{CDB0D96B-E705-4D90-B5EF-A1D1D9C3F3C8}] => C:\Program Files (x86)\Steam\SteamApps\common\Coast Guard\Coastguard_1.0.6_PC.exe
FirewallRules: [{2858D5BA-5A6B-4521-9837-907FE731E845}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{6C0E01C2-82D4-4630-A346-D494D4BF9859}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{B8A98421-2E17-48BF-9044-D9A72C76753B}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C3B9808A-18A2-4000-AA9E-10377986AFF5}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{3BC405A3-DBD1-4A99-A6E1-25BB589F47F5}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{18FCC2DF-3675-435F-8C2F-AFC180AA8F9A}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{6BD828FC-85B2-48F2-B7AC-C1D03ABE92F7}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{B62BDB5D-59B9-49C2-A061-4660A76E4190}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{76EB755A-C217-43B9-AB97-AB3CC5E71743}] => C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{CCE6530F-DE47-4769-A10D-27A7540B991E}] => C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{D12CF48D-EBD2-46CC-8155-9AA00557844B}] => D:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{4E668EC6-B1DC-409C-BECA-8124D618E1CF}] => D:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{00B2002E-FA13-4754-A981-7DB171C676DE}] => C:\Program Files (x86)\LucasArts\Republic Heroes\Republic Heroes.exe
FirewallRules: [{C87FC343-DCCB-4E95-ABDF-5572E80780C3}] => C:\Program Files (x86)\LucasArts\Republic Heroes\Republic Heroes.exe
FirewallRules: [UDP Query User{0FDA4A02-B43E-408F-8E26-AF9624B0F30C}E:\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => E:\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{2ABA1A74-557F-4E81-9D5B-1B1401564B2A}E:\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => E:\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{6C4922AE-E233-419B-8DBC-4B815F3876A3}] => C:\program files\axis communications\axis camera companion\cameracompanion.exe
FirewallRules: [{93C98DA4-0F4C-4BD2-B7D0-6602A4343BA2}] => C:\program files\axis communications\axis camera companion\cameracompanion.exe
FirewallRules: [UDP Query User{4D5F1667-5107-42B2-BB47-7504A4EEA166}C:\program files\axis communications\axis camera companion\cameracompanion.exe] => C:\program files\axis communications\axis camera companion\cameracompanion.exe
FirewallRules: [TCP Query User{B0D1AADC-A38C-4367-812B-4FA7F451D03E}C:\program files\axis communications\axis camera companion\cameracompanion.exe] => C:\program files\axis communications\axis camera companion\cameracompanion.exe
FirewallRules: [{BBA8BB8A-8C56-4186-9A17-F58B679B9330}] => LPort=55762
FirewallRules: [{128173FE-022E-49B3-9230-2BFE75578837}] => LPort=55762
FirewallRules: [{19740856-4ABF-4673-8D95-B8CE1E14596E}] => C:\Program Files\Axis Communications\AXIS Camera Management 4\AcmService.exe
FirewallRules: [{694695CC-2D3C-44C4-A20E-857210FD5B05}] => C:\Program Files\Axis Communications\AXIS Camera Management 4\AcmService.exe
FirewallRules: [{F78A78E0-6842-4FD1-846E-1055ACEDEC28}] => C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFi GO! Server.exe
FirewallRules: [{1D3E53FC-FEB1-4D76-9B5F-CAF7D29BDD58}] => C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFi GO! Server.exe
FirewallRules: [{4A85EC4E-CA2A-477B-8209-123E1A2CC477}] => C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
FirewallRules: [{9B8F944B-779C-4D7C-B60C-E4430C7B1B2E}] => C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
FirewallRules: [{AC68BF19-DDD2-4BD0-B8AF-3D5707C8AAEB}] => C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{ADA90A78-3D5E-48AF-9773-270DF8CFEA51}] => C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{02D5DF53-C1B5-4179-9EE3-27F6898D6A5E}C:\program files (x86)\mozilla firefox\plugin-container.exe] => C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{4EF02AFA-1136-41A6-BB32-936CCCB422B5}C:\program files (x86)\mozilla firefox\plugin-container.exe] => C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{31B3ED73-72C6-46DC-83B1-8F0B0CB048EB}] => LPort=55762
FirewallRules: [{D2DC905A-8E48-495B-AC17-4137F8F6261A}] => C:\Program Files\Axis Communications\AXIS Camera Management 4\AcmService.exe
FirewallRules: [{F3E053F5-4F0D-4034-976F-8B8C5853734C}] => C:\program files\axis\iputility_4_03\iputility.exe
FirewallRules: [{798B26A8-9282-4DBD-88FC-B040746D94C9}] => C:\program files\axis\iputility_4_03\iputility.exe
FirewallRules: [UDP Query User{6E780017-A414-4393-9EB7-13B2FA88FC63}C:\program files\axis\iputility_4_03\iputility.exe] => C:\program files\axis\iputility_4_03\iputility.exe
FirewallRules: [TCP Query User{82D02BC4-776E-4E18-8177-14D2745B15D1}C:\program files\axis\iputility_4_03\iputility.exe] => C:\program files\axis\iputility_4_03\iputility.exe
FirewallRules: [UDP Query User{5BBB9608-DEB7-435C-9370-DBC64EF5650F}C:\program files (x86)\synology\photo station uploader\mediauploader.exe] => C:\program files (x86)\synology\photo station uploader\mediauploader.exe
FirewallRules: [TCP Query User{C7859D18-786F-4F43-A999-E718E3BC0598}C:\program files (x86)\synology\photo station uploader\mediauploader.exe] => C:\program files (x86)\synology\photo station uploader\mediauploader.exe
FirewallRules: [{81942376-FD3B-4197-A5A3-89CB0984D46C}] => C:\Program Files\GRAPHISOFT\ArchiCAD 16\GSQuickTimeServer\GSQTServer.exe
FirewallRules: [{9B131A22-6841-44D8-89CE-39BA585B3BE3}] => C:\Program Files\GRAPHISOFT\ArchiCAD 16\GSQuickTimeServer\GSQTServer.exe
FirewallRules: [{23C8C8A9-FC95-4C51-8F3C-E3CDB09152D9}] => C:\Program Files\GRAPHISOFT\ArchiCAD 16\ArchiCAD.exe
FirewallRules: [{1B92B901-0E0B-4D9A-A645-E4ECE9540FC7}] => C:\Program Files\GRAPHISOFT\ArchiCAD 16\ArchiCAD.exe
FirewallRules: [UDP Query User{2B527D4A-0979-457F-B058-075015E17305}C:\program files (x86)\synology\assistant\dsassistant.exe] => C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [TCP Query User{105EAD33-28FC-4C63-B822-AB44F05655DE}C:\program files (x86)\synology\assistant\dsassistant.exe] => C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [{75ED169F-8DB5-4722-AE89-62FBBE854CFC}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1D998D3D-8223-4636-8E86-93BB795A5251}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{58C69C3A-61EA-4304-B4AE-22645655BCFC}C:\program files (x86)\libreoffice 4\program\soffice.bin] => C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [TCP Query User{865866B1-1E9C-4956-8759-D34CFC12010C}C:\program files (x86)\libreoffice 4\program\soffice.bin] => C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [{9D3AAA88-B102-4C34-933E-DB87929112D2}] => C:\Program Files (x86)\Landwirtschafts Simulator 2013\x86\FarmingSimulator2013Game.exe
FirewallRules: [{929A6AAF-167E-43A7-A3EC-32CBABCBB555}] => C:\Program Files (x86)\Landwirtschafts Simulator 2013\x86\FarmingSimulator2013Game.exe
FirewallRules: [{7DFC10B0-0681-458B-A43D-EC50AF205D70}] => C:\Program Files (x86)\Landwirtschafts Simulator 2013\x64\FarmingSimulator2013Game.exe
FirewallRules: [{C6C41DC4-E8DF-4325-BE97-2E0A13C61E8B}] => C:\Program Files (x86)\Landwirtschafts Simulator 2013\x64\FarmingSimulator2013Game.exe
FirewallRules: [UDP Query User{9863F51A-9F33-4EED-947B-48DD508D4AE0}C:\program files (x86)\axis ip utility\iputility.exe] => C:\program files (x86)\axis ip utility\iputility.exe
FirewallRules: [TCP Query User{1B25536D-2C58-4612-9D5B-DB592E4A2180}C:\program files (x86)\axis ip utility\iputility.exe] => C:\program files (x86)\axis ip utility\iputility.exe
FirewallRules: [{26662F94-2CB6-4FC1-988F-6C1E507975F9}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [UDP Query User{58C41409-AD2A-4345-949A-ADFA74409CDE}C:\program files (x86)\libreoffice 4\program\soffice.bin] => C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [TCP Query User{B3C179A6-A120-4F10-AF01-6CD611E51EE1}C:\program files (x86)\libreoffice 4\program\soffice.bin] => C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [{88ECABB1-1106-4C1E-9FAF-C87FFD18161C}] => C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{52FBE9EE-8381-4817-A952-EDBB6F370CB6}] => C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{4502015C-A434-41EE-95D7-A2D838B57A90}] => C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [UDP Query User{DEEED9A7-9523-49B8-9244-507870026302}C:\program files (x86)\sonos\sonos.exe] => C:\program files (x86)\sonos\sonos.exe
FirewallRules: [TCP Query User{09E65D64-70E4-41AA-952F-986512849EE9}C:\program files (x86)\sonos\sonos.exe] => C:\program files (x86)\sonos\sonos.exe
FirewallRules: [{85A002EC-2129-446E-9994-A0648882749F}] => C:\Program Files (x86)\Landwirtschafts Simulator 2013\FarmingSimulator2013Game.exe
FirewallRules: [{1F925845-E9BC-4367-8DB7-A17DF3158B6E}] => C:\Program Files (x86)\Landwirtschafts Simulator 2013\FarmingSimulator2013Game.exe
FirewallRules: [{95E3DF19-75C5-4910-8600-E54DB2BA14B2}] => C:\Program Files (x86)\Landwirtschafts Simulator 2013\FarmingSimulator2013.exe
FirewallRules: [{CF5845A4-DA21-4D17-A082-7784FF2BAC3F}] => C:\Program Files (x86)\Landwirtschafts Simulator 2013\FarmingSimulator2013.exe
FirewallRules: [UDP Query User{5792E9B3-FFB7-4B7F-A380-AF689C88A395}C:\program files (x86)\sonos\sonos.exe] => C:\program files (x86)\sonos\sonos.exe
FirewallRules: [TCP Query User{7A221A22-8A8D-4140-9606-39CC99A01605}C:\program files (x86)\sonos\sonos.exe] => C:\program files (x86)\sonos\sonos.exe
FirewallRules: [{A26F450C-21E8-4DF8-8B62-70CB5E7E4567}] => LPort=1900
FirewallRules: [{34CC79E2-F383-4D87-8818-547E8D7F0200}] => LPort=2869
FirewallRules: [{D2DE30F6-F42D-42E8-B0D2-219826D24BB4}] => LPort=1900
FirewallRules: [{2CF937F4-5179-463C-AAEE-1F112CC58FF4}] => LPort=2869
FirewallRules: [{3E60C3E3-7427-4A42-A9A8-AF7054B81E72}] => C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFi GO! Server.exe
FirewallRules: [{1F0D96FB-7BEB-4845-9196-91D7E06FE233}] => C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFi GO! Server.exe
FirewallRules: [{1CDE3F3E-E8DA-4ED0-8D19-D71C70B58D15}] => C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
FirewallRules: [{5CCCE6DC-E887-4C7F-B150-29019F842CDF}] => C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
FirewallRules: [{F91DF143-BBF6-4B90-B3A4-7FEA128BD50E}] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{E7FF8417-CAFF-4360-8B34-DA3705F1E73A}] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [TCP Query User{3CA283B0-2D1B-413D-B14C-2580B98122D6}C:\program files (x86)\lucasarts\republic heroes\republic heroes.exe] => C:\program files (x86)\lucasarts\republic heroes\republic heroes.exe
FirewallRules: [UDP Query User{D3AC3942-8448-4305-97FE-331E2A7BC1C4}C:\program files (x86)\lucasarts\republic heroes\republic heroes.exe] => C:\program files (x86)\lucasarts\republic heroes\republic heroes.exe
FirewallRules: [{05D4D977-A8CC-4B50-9A90-756CF1B3AB2B}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{21F58B97-C510-47B5-BD53-239CE0F71F4B}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{4283E0B8-392A-4FB4-B295-106215253441}C:\program files\calibre2\calibre.exe] => C:\program files\calibre2\calibre.exe
FirewallRules: [UDP Query User{BF3696CE-3FA7-49E5-833A-4D86A657822D}C:\program files\calibre2\calibre.exe] => C:\program files\calibre2\calibre.exe
FirewallRules: [{FF63FAD8-D474-44A4-AA51-F58A42C00306}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{DCC98276-F24F-448D-9EC9-620155D7A640}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{557627F4-27F5-49D6-9119-312F7D3128BE}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{64738188-1200-4C95-99BD-2C40DCB9EF65}] => C:\Program Files (x86)\Steam\SteamApps\common\Samorost 3\Samorost3.exe
FirewallRules: [{AF2E70D4-7865-4CBA-BD8B-7AD73130B938}] => C:\Program Files (x86)\Steam\SteamApps\common\Samorost 3\Samorost3.exe
FirewallRules: [{B32E2895-40E5-48D9-9186-86446853A75F}] => C:\Program Files (x86)\Steam\SteamApps\common\Samorost 2\Samorost2.exe
FirewallRules: [{3B668DD2-CADE-4143-A9CA-3AF1CDFE4C19}] => C:\Program Files (x86)\Steam\SteamApps\common\Samorost 2\Samorost2.exe
FirewallRules: [{ECE267E4-302C-42FB-B7E1-8AE558BA20BF}] => C:\Program Files (x86)\Steam\SteamApps\common\Machinarium\machinarium.exe
FirewallRules: [{0B884826-CB58-484E-AF4E-313A7A6CD39E}] => C:\Program Files (x86)\Steam\SteamApps\common\Machinarium\machinarium.exe
FirewallRules: [{4816642A-ADD8-4A47-A5CC-2A3122BB21CE}] => C:\Program Files (x86)\Steam\SteamApps\common\Botanicula\Botanicula.exe
FirewallRules: [{695EE251-1EB8-40B9-8AEB-88C571A80838}] => C:\Program Files (x86)\Steam\SteamApps\common\Botanicula\Botanicula.exe
FirewallRules: [{A37D5FA7-A129-4D8F-8732-97DDD989548A}] => C:\Program Files (x86)\TV-Browser\tvbrowser.exe
FirewallRules: [{2ABE9ADD-AAEF-460D-9301-037298C09095}] => C:\Program Files (x86)\TV-Browser\tvbrowser.exe
FirewallRules: [{DD2F7BE4-70B6-470D-ABB3-231089F1CF88}] => C:\Program Files (x86)\TV-Browser\tvbrowser_noDD.exe
FirewallRules: [{CD16978F-0136-4BB0-B654-0B9EC1F81C71}] => C:\Program Files (x86)\TV-Browser\tvbrowser_noDD.exe
FirewallRules: [{AEB41CB8-6BAB-4D98-883D-F9767B833EB5}] => C:\Program Files (x86)\Java\jre1.8.0_101\bin\java.exe
FirewallRules: [{5BFE816A-70B4-4D79-A040-59B116D149C8}] => C:\Program Files (x86)\Java\jre1.8.0_101\bin\java.exe
FirewallRules: [{57CD24E7-7BC5-48A0-9C88-57C46915E449}] => C:\Program Files (x86)\Java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [{830A058F-2F77-4DB3-9E7D-05F42BF255A0}] => C:\Program Files (x86)\Java\jre1.8.0_101\bin\javaw.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot-S&D 2 Tray Icon
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\SpybotSearchDestroy2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\SpybotSearchDestroy2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\SpybotSearchDestroy2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\SpybotSearchDestroy2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Wiederherstellungspunkte =========================

19-01-2017 21:16:22 Geplanter Prüfpunkt
21-01-2017 15:14:41 JRT Pre-Junkware Removal

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (01/21/2017 03:14:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (01/21/2017 02:15:41 PM) (Source: Microsoft-Windows-EFS) (EventID: 4401) (User: DELFINE)
Description: 7.488: Der EFS-DienstÂ*konnte keinen Benutzer für „Unternehmensdatenschutz“ bereitstellen. Fehlercode: 0x80070005.

Error: (01/21/2017 12:23:57 PM) (Source: Microsoft-Windows-EFS) (EventID: 4401) (User: DELFINE)
Description: 7.488: Der EFS-DienstÂ*konnte keinen Benutzer für „Unternehmensdatenschutz“ bereitstellen. Fehlercode: 0x80070005.

Error: (01/20/2017 06:42:07 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.

Error: (01/20/2017 07:31:31 AM) (Source: ESENT) (EventID: 489) (User: )
Description: CCleaner64 (12536) Der Versuch, die Datei "C:\Users\hans\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error: (01/19/2017 09:16:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (01/19/2017 06:34:52 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.

Error: (01/19/2017 06:17:48 PM) (Source: Microsoft-Windows-EFS) (EventID: 4401) (User: DELFINE)
Description: 7.488: Der EFS-DienstÂ*konnte keinen Benutzer für „Unternehmensdatenschutz“ bereitstellen. Fehlercode: 0x80070005.

Error: (01/17/2017 08:04:48 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.

Error: (01/17/2017 07:50:52 PM) (Source: Microsoft-Windows-EFS) (EventID: 4401) (User: DELFINE)
Description: 7.488: Der EFS-DienstÂ*konnte keinen Benutzer für „Unternehmensdatenschutz“ bereitstellen. Fehlercode: 0x80070005.


Systemfehler:
=============
Error: (01/21/2017 02:22:59 PM) (Source: DCOM) (EventID: 10010) (User: DELFINE)
Description: Der Server "{37998346-3765-45B1-8C66-AA88CA6B20B8}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (01/21/2017 02:20:59 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Plattformdienst für verbundene Geräte" wurde mit folgendem Fehler beendet: 
Unbekannter Fehler

Error: (01/21/2017 02:20:59 PM) (Source: DCOM) (EventID: 10010) (User: DELFINE)
Description: Der Server "{37998346-3765-45B1-8C66-AA88CA6B20B8}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (01/21/2017 02:18:59 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Plattformdienst für verbundene Geräte" wurde mit folgendem Fehler beendet: 
Unbekannter Fehler

Error: (01/21/2017 02:12:58 PM) (Source: DCOM) (EventID: 10010) (User: DELFINE)
Description: Der Server "{37998346-3765-45B1-8C66-AA88CA6B20B8}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (01/21/2017 02:11:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Plattformdienst für verbundene Geräte" wurde mit folgendem Fehler beendet: 
Unbekannter Fehler

Error: (01/21/2017 02:10:58 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Plattformdienst für verbundene Geräte" wurde mit folgendem Fehler beendet: 
Unbekannter Fehler

Error: (01/21/2017 02:10:48 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 und der APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (01/21/2017 02:08:59 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "chip1click" hat einen ungültigen aktuellen Status gemeldet: 0

Error: (01/21/2017 02:08:59 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "chip1click" hat einen ungültigen aktuellen Status gemeldet: 0


CodeIntegrity:
===================================
  Date: 2017-01-15 19:41:51.878
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-15 19:41:51.850
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-15 19:41:51.820
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-15 19:41:51.793
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-15 19:41:51.765
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-15 19:41:51.738
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-15 19:41:51.703
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-15 19:41:51.647
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-15 19:41:51.605
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-15 19:41:51.560
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Prozentuale Nutzung des RAM: 18%
Installierter physikalischer RAM: 16067.15 MB
Verfügbarer physikalischer RAM: 13165.4 MB
Summe virtueller Speicher: 32451.15 MB
Verfügbarer virtueller Speicher: 29071.05 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:214.14 GB) (Free:82.67 GB) NTFS
Drive e: () (Removable) (Total:59.61 GB) (Free:46.66 GB) FAT32
Drive x: (Volume) (Fixed) (Total:931.39 GB) (Free:418.82 GB) NTFS
Drive y: (Volume) (Fixed) (Total:931.39 GB) (Free:280.24 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 85B79A05)

Partition: GPT.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 85B79A0A)

Partition: GPT.

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 2106B09D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=214.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 8 (Size: 59.6 GB) (Disk ID: 00000000)

Partition: GPT.

==================== Ende von Addition.txt ============================
         
Hallo Matthias,
...als Zusatzinfo wären ev. noch folgende Angaben von Interesse:

Als "Schutzprogramme" habe ich bei mir laufen
- die Windows-Firewall
- Windows-Defender
- Avira free Antivirus
- Spybot Search and Destroy, freeware

Das ist wahrscheinlich in einigen Punkten suboptimales Doppelgemoppel.
Und Avira sowie SS&D werden ja auch kritisiert...
Was wäre denn annähernd ok? Vor lauter Tipps und "Panikmache" installiert unsereins ja doch einfach so drauf los ;>)
VG

Alt 21.01.2017, 21:01   #5
M-K-D-B
/// TB-Ausbilder
 
Windows10: Trojanerfunde TR/Crypt.ZPACK.opknz + TR/Crypt.ZPACK.gezb + TR/Crypt.Xpack.400358 + TR/Dropper.A.40051 + TR/Dropper.A.40034 - Standard

Windows10: Trojanerfunde TR/Crypt.ZPACK.opknz + TR/Crypt.ZPACK.gezb + TR/Crypt.Xpack.400358 + TR/Dropper.A.40051 + TR/Dropper.A.40034



Servus,






wir entfernen die letzten Reste und kontrollieren nochmal alles.



Hinweis: Der Suchlauf mit ESET kann länger dauern.



Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
CloseProcesses:
Task: {0817A928-B064-4348-858D-6102DAB0D531} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {0FCEB1D2-4C5F-43A9-9BB9-189967BC4C32} - System32\Tasks\{1857F86E-A91E-42F3-98CD-513ABEF090DF} => D:\Setup\Setup.exe
Task: {1930B07F-67A5-419A-B34A-063D0A9F256C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {1C3443F6-171D-4A09-83F7-F32D1478114C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {2C49CF5F-8B53-4CC6-8DAA-D8D47C4C729B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {4A50958A-A184-434E-9E12-8EAC3B86D9E1} - System32\Tasks\{CD547849-DBC6-4B5E-AB12-A6920D3B22CE} => D:\Setup\Setup.exe
Task: {4A573E16-E200-4F13-A290-25BEC00FBD22} - System32\Tasks\{911A89DB-DBD8-4A27-858E-C4642650E149} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {4CF1F731-41FC-4216-B898-C521E67F32D4} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {8FA53CBD-4278-4AF4-9E4C-A027261C9FE7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {BB07BFF0-CE0F-46FC-B250-22BDD6033EF1} - System32\Tasks\{BFA096D1-2D1E-4E62-A764-91FA3BAB5A2B} => D:\Setup\Setup.exe
Task: {E1518AFD-7206-4F48-8036-5443ACAF7C7B} - System32\Tasks\{7E7A9016-FAAC-4DA4-8547-F849B4804155} => D:\Setup\Setup.exe
Task: {FEB5880F-C3AC-4C5A-9B81-7315BA6F9CA2} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
FirewallRules: [{A37D5FA7-A129-4D8F-8732-97DDD989548A}] => C:\Program Files (x86)\TV-Browser\tvbrowser.exe
FirewallRules: [{2ABE9ADD-AAEF-460D-9301-037298C09095}] => C:\Program Files (x86)\TV-Browser\tvbrowser.exe
FirewallRules: [{DD2F7BE4-70B6-470D-ABB3-231089F1CF88}] => C:\Program Files (x86)\TV-Browser\tvbrowser_noDD.exe
FirewallRules: [{CD16978F-0136-4BB0-B654-0B9EC1F81C71}] => C:\Program Files (x86)\TV-Browser\tvbrowser_noDD.exe
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.







Schritt 2

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset







Schritt 3
Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
  • Starte die HitmanPro.exe
  • Klicke auf
  • Entferne den Haken bei
  • Klicke auf
    und
  • Akzeptiere die Lizenzbedingungen und klicke auf
  • Klicke auf

    und auf
  • Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
    und speichere die Logdatei auf Deinem Desktop.
  • Schließe HitmanPro und poste mir das Log.

 







Schritt 4
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Untersuchen.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.





Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?







Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die Logdatei von ESET,
  • die Logdatei von HitmanPro,
  • die beiden neuen Logdateien von FRST,
  • die Beantwortung der gestellten Fragen.

__________________
Gruß
M-K-D-B


==========================================================
offline vom 22.12.2018 bis 01.01.2019
==========================================================

Das Trojaner-Board unterstützen

Alt 22.01.2017, 13:23   #6
laocoon
 
Windows10: Trojanerfunde TR/Crypt.ZPACK.opknz + TR/Crypt.ZPACK.gezb + TR/Crypt.Xpack.400358 + TR/Dropper.A.40051 + TR/Dropper.A.40034 - Standard

Windows10: Trojanerfunde TR/Crypt.ZPACK.opknz + TR/Crypt.ZPACK.gezb + TR/Crypt.Xpack.400358 + TR/Dropper.A.40051 + TR/Dropper.A.40034



Hallo Matthias,

vorweg: Der Rechner scheint wie zuvor ganz normal zu laufen.
Anlass, Euch um Hilfe zu bitten, waren die genannten Meldungen von Avira mit den (bisher inaktiven?) 5 Trojanern (innerhalb von Backup-Zip-Dateien in ungeöffneten Mail-Anhängen versteckt; soweit ich das beurteilen kann).
Bin gespannt auf Deine Einschätzung.

Anbei wie gewünscht die Log-Dateien.
Das Addition-Log schicke ich wg. deren Größe gesondert.

von FRST-Fix:

Code:
ATTFilter
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 18-01-2017
durchgeführt von Joerg (21-01-2017 22:02:56) Run:1
Gestartet von C:\Users\Joerg\Desktop
Geladene Profile: Joerg & Mcx1-DELFINE & Leo &  (Verfügbare Profile: Joerg & Mcx1-DELFINE & Leo & DefaultAppPool)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
start
CloseProcesses:
Task: {0817A928-B064-4348-858D-6102DAB0D531} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {0FCEB1D2-4C5F-43A9-9BB9-189967BC4C32} - System32\Tasks\{1857F86E-A91E-42F3-98CD-513ABEF090DF} => D:\Setup\Setup.exe
Task: {1930B07F-67A5-419A-B34A-063D0A9F256C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {1C3443F6-171D-4A09-83F7-F32D1478114C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {2C49CF5F-8B53-4CC6-8DAA-D8D47C4C729B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {4A50958A-A184-434E-9E12-8EAC3B86D9E1} - System32\Tasks\{CD547849-DBC6-4B5E-AB12-A6920D3B22CE} => D:\Setup\Setup.exe
Task: {4A573E16-E200-4F13-A290-25BEC00FBD22} - System32\Tasks\{911A89DB-DBD8-4A27-858E-C4642650E149} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {4CF1F731-41FC-4216-B898-C521E67F32D4} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {8FA53CBD-4278-4AF4-9E4C-A027261C9FE7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {BB07BFF0-CE0F-46FC-B250-22BDD6033EF1} - System32\Tasks\{BFA096D1-2D1E-4E62-A764-91FA3BAB5A2B} => D:\Setup\Setup.exe
Task: {E1518AFD-7206-4F48-8036-5443ACAF7C7B} - System32\Tasks\{7E7A9016-FAAC-4DA4-8547-F849B4804155} => D:\Setup\Setup.exe
Task: {FEB5880F-C3AC-4C5A-9B81-7315BA6F9CA2} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
FirewallRules: [{A37D5FA7-A129-4D8F-8732-97DDD989548A}] => C:\Program Files (x86)\TV-Browser\tvbrowser.exe
FirewallRules: [{2ABE9ADD-AAEF-460D-9301-037298C09095}] => C:\Program Files (x86)\TV-Browser\tvbrowser.exe
FirewallRules: [{DD2F7BE4-70B6-470D-ABB3-231089F1CF88}] => C:\Program Files (x86)\TV-Browser\tvbrowser_noDD.exe
FirewallRules: [{CD16978F-0136-4BB0-B654-0B9EC1F81C71}] => C:\Program Files (x86)\TV-Browser\tvbrowser_noDD.exe
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
*****************

Prozesse erfolgreich geschlossen.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0817A928-B064-4348-858D-6102DAB0D531} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0817A928-B064-4348-858D-6102DAB0D531} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0FCEB1D2-4C5F-43A9-9BB9-189967BC4C32} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0FCEB1D2-4C5F-43A9-9BB9-189967BC4C32} => Schlüssel erfolgreich entfernt
C:\WINDOWS\System32\Tasks\{1857F86E-A91E-42F3-98CD-513ABEF090DF} => erfolgreich verschoben
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1857F86E-A91E-42F3-98CD-513ABEF090DF} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1930B07F-67A5-419A-B34A-063D0A9F256C} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1930B07F-67A5-419A-B34A-063D0A9F256C} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1C3443F6-171D-4A09-83F7-F32D1478114C} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C3443F6-171D-4A09-83F7-F32D1478114C} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2C49CF5F-8B53-4CC6-8DAA-D8D47C4C729B} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C49CF5F-8B53-4CC6-8DAA-D8D47C4C729B} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4A50958A-A184-434E-9E12-8EAC3B86D9E1} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A50958A-A184-434E-9E12-8EAC3B86D9E1} => Schlüssel erfolgreich entfernt
C:\WINDOWS\System32\Tasks\{CD547849-DBC6-4B5E-AB12-A6920D3B22CE} => erfolgreich verschoben
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CD547849-DBC6-4B5E-AB12-A6920D3B22CE} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4A573E16-E200-4F13-A290-25BEC00FBD22} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A573E16-E200-4F13-A290-25BEC00FBD22} => Schlüssel erfolgreich entfernt
C:\WINDOWS\System32\Tasks\{911A89DB-DBD8-4A27-858E-C4642650E149} => erfolgreich verschoben
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{911A89DB-DBD8-4A27-858E-C4642650E149} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4CF1F731-41FC-4216-B898-C521E67F32D4} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4CF1F731-41FC-4216-B898-C521E67F32D4} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8FA53CBD-4278-4AF4-9E4C-A027261C9FE7} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8FA53CBD-4278-4AF4-9E4C-A027261C9FE7} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BB07BFF0-CE0F-46FC-B250-22BDD6033EF1} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB07BFF0-CE0F-46FC-B250-22BDD6033EF1} => Schlüssel erfolgreich entfernt
C:\WINDOWS\System32\Tasks\{BFA096D1-2D1E-4E62-A764-91FA3BAB5A2B} => erfolgreich verschoben
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BFA096D1-2D1E-4E62-A764-91FA3BAB5A2B} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E1518AFD-7206-4F48-8036-5443ACAF7C7B} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1518AFD-7206-4F48-8036-5443ACAF7C7B} => Schlüssel erfolgreich entfernt
C:\WINDOWS\System32\Tasks\{7E7A9016-FAAC-4DA4-8547-F849B4804155} => erfolgreich verschoben
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7E7A9016-FAAC-4DA4-8547-F849B4804155} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FEB5880F-C3AC-4C5A-9B81-7315BA6F9CA2} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FEB5880F-C3AC-4C5A-9B81-7315BA6F9CA2} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => Schlüssel erfolgreich entfernt
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A37D5FA7-A129-4D8F-8732-97DDD989548A} => Wert erfolgreich entfernt
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2ABE9ADD-AAEF-460D-9301-037298C09095} => Wert erfolgreich entfernt
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DD2F7BE4-70B6-470D-ABB3-231089F1CF88} => Wert erfolgreich entfernt
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CD16978F-0136-4BB0-B654-0B9EC1F81C71} => Wert erfolgreich entfernt

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017161819861\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017161819861\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017162626746\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212017162626746\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt


========= Ende von RemoveProxy: =========


========= ipconfig /flushdns =========


Windows-IP-Konfiguration

Der DNS-Aufl”sungscache wurde geleert.

========= Ende von CMD: =========


========= netsh winsock reset =========


Der Winsock-Katalog wurde zurckgesetzt.
Sie mssen den Computer neu starten, um den Vorgang abzuschlieáen.


========= Ende von CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 1685408 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 68328370 B
Java, Flash, Steam htmlcache => 6895200 B
Windows/system/drivers => 101408 B
Edge => 0 B
Chrome => 447488 B
Firefox => 83147333 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6168 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 29578 B
NetworkService => 21576 B
Joerg => 32228505 B
Mcx1-DELFINE => 1853 B
Leo => 22213893 B
DefaultAppPool => 6168 B

RecycleBin => 3542786 B
EmptyTemp: => 208.5 MB temporäre Dateien entfernt.

================================


Das System musste neu gestartet werden.

==== Ende von Fixlog 22:03:09 ====
         

von ESET:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=d56c86f0591b834a986f85ce93a9e3ca
# end=init
# utc_time=2017-01-21 09:10:59
# local_time=2017-01-21 10:10:59 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 32144
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=d56c86f0591b834a986f85ce93a9e3ca
# end=updated
# utc_time=2017-01-21 09:15:32
# local_time=2017-01-21 10:15:32 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=d56c86f0591b834a986f85ce93a9e3ca
# engine=32144
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2017-01-22 10:27:45
# local_time=2017-01-22 11:27:45 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='Avira Antivirus'
# compatibility_mode=1815 16777213 100 97 68570 77579810 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 76723 16411481 0 0
# scanned=487166
# found=0
# cleaned=0
# scan_time=47532
         

von HitmanPro:

Code:
ATTFilter
Code:
ATTFilter
HitmanPro 3.7.15.281
www.hitmanpro.com

   Computer name . . . . : DELFINE
   Windows . . . . . . . : 10.0.0.14393.X64/8
   User name . . . . . . : DELFINE\Joerg
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2017-01-22 12:35:14
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 1m 38s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 4

   Objects scanned . . . : 2.782.921
   Files scanned . . . . : 92.016
   Remnants scanned  . . : 736.024 files / 1.954.881 keys

Suspicious files ____________________________________________________________

   C:\Users\Joerg\Desktop\FRST64.exe
      Size . . . . . . . : 2.419.712 bytes
      Age  . . . . . . . : 1.7 days (2017-01-20 19:23:12)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : A6F5705974D580CD90356F383715E682E824FFE3E81E121AA97181C7CD7414AC
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.


Potential Unwanted Programs _________________________________________________

   HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar)
   HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar)
   HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\SOFTWARE\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro)
         

FRST von FRST:

Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 22-01-2017
durchgeführt von Joerg (Administrator) auf DELFINE (22-01-2017 12:41:48)
Gestartet von C:\Users\Joerg\Desktop
Geladene Profile: Joerg & Mcx1-DELFINE & Leo & DefaultAppPool (Verfügbare Profile: Joerg & Mcx1-DELFINE & Leo & DefaultAppPool)
Platform: Windows 10 Pro Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.04\AsusFanControlService.exe
(Chip Digital GmbH) C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe
(Axis Communications AB) C:\Program Files\Axis Communications\AXIS Camera Management 4\AcmService.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\SpybotSearchDestroy2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\SpybotSearchDestroy2\SDUpdSvc.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\SpybotSearchDestroy2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFi GO! Server.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetiCtrlTray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AsDLNAServerReal.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Dominik Reichl) E:\KeePass-2.35\KeePass.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-26] (Logitech, Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-27] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [ASUS WiFi GO! FileTransfer Execute] => C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFile\WiFileTransfer.exe [1376896 2012-04-12] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [917576 2016-12-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [407904 2015-04-08] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153952 2015-04-08] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [AXIS Camera Management Service Control] => C:\Program Files\Axis Communications\AXIS Camera Management 4\AcmAdmin.exe [1834160 2015-05-08] (Axis Communications AB)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [60136 2016-11-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Plugin Install] => C:\Program Files (x86)\QuickTime\Plugins\DeleteMe1.exe [86016 2016-04-05] ()
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\SpybotSearchDestroy2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\Run: [Xvid] => C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-21] (Piriform Ltd)
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATINFE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATINFE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\Run: [EPLTarget\P0000000000000002] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATINFE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2876704 2016-12-20] (Valve Corporation)
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\SpybotSearchDestroy2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-1412286257-1942420214-3619319362-1002\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-21-1412286257-1942420214-3619319362-1002\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1412286257-1942420214-3619319362-1002\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1412286257-1942420214-3619319362-1007\...\RunOnce: [Uninstall 17.3.6381.0405\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Leo\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64"
HKU\S-1-5-21-1412286257-1942420214-3619319362-1007\...\RunOnce: [Uninstall 17.3.6381.0405] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Leo\AppData\Local\Microsoft\OneDrive\17.3.6381.0405"
HKU\S-1-5-21-1412286257-1942420214-3619319362-1007\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1412286257-1942420214-3619319362-1007\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk [2014-02-03]
ShortcutTarget: phase-6 Reminder.lnk -> C:\Program Files (x86)\phase-6\phase-6\reminder\reminder.exe (phase-6)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Philips GoGear SA4VBE Device Manager.lnk [2013-06-14]
ShortcutTarget: Philips GoGear SA4VBE Device Manager.lnk -> C:\Program Files (x86)\Philips\GoGear SA4VBE Device Manager\GoGear_SA4VBE_DeviceManager.exe (Philips)
Startup: C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk [2012-07-27]
ShortcutTarget: Samsung SSD Magician.lnk -> C:\Program Files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe (Samsung Electronics.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{280df009-71d1-45e6-bca3-de9ca51bc6ef}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{ec71dbf0-98cf-4b04-8ee2-cceb81b9b1a9}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKLM -> {1F0C0E4A-72C8-4560-9612-27AD083921F1} URL = hxxp://webtip.ch/cgi-bin/amz_track/tracker_de.pl?loc=search&search={searchTerms}
SearchScopes: HKLM-x32 -> {1F0C0E4A-72C8-4560-9612-27AD083921F1} URL = hxxp://webtip.ch/cgi-bin/amz_track/tracker_de.pl?loc=search&search={searchTerms}
SearchScopes: HKU\S-1-5-21-1412286257-1942420214-3619319362-1000 -> {1F0C0E4A-72C8-4560-9612-27AD083921F1} URL = hxxp://webtip.ch/cgi-bin/amz_track/tracker_de.pl?loc=search&search={searchTerms}
SearchScopes: HKU\S-1-5-21-1412286257-1942420214-3619319362-1000 -> {47F43F50-68E2-4F28-B949-26EE0EC9C505} URL = hxxp://www.buyertools.net/cgi-bin/preispiraten_de/nph.fcgi?qry_str={searchTerms}&category=deutsch&how=and&searchtype=simple&Web=on&wiki_tab=on&wiki_tab_old=+CHECKED&ebay_tab=on&ebay_tab_old=+CHECKED&shoppingcom_tab=on&shoppingcom_tab_old=+CHECKED&pirat_tab=on&pirat_tab_old=+CHECKED&JavaScript=enabled&submit=SUCHEN
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (Seiko Epson Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-21] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-21] (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (Seiko Epson Corporation)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Joerg\AppData\Roaming\Songbird2\Profiles\f8yv4x3u.default [2017-01-21]
FF Extension: (Philips GoGear Device Manager) - C:\Users\Joerg\AppData\Roaming\Songbird2\Profiles\f8yv4x3u.default\Extensions\gogear@songbirdnest.com [2013-06-11] [ist nicht signiert]
FF Extension: (German (de) Language Pack) - C:\Users\Joerg\AppData\Roaming\Songbird2\Profiles\f8yv4x3u.default\Extensions\langpack-de@songbirdnest.com [2013-06-11] [ist nicht signiert]
FF Extension: (MSC Device Support) - C:\Users\Joerg\AppData\Roaming\Songbird2\Profiles\f8yv4x3u.default\Extensions\msc@songbirdnest.com [2013-06-11] [ist nicht signiert]
FF Extension: (MTP Device Support) - C:\Users\Joerg\AppData\Roaming\Songbird2\Profiles\f8yv4x3u.default\Extensions\mtp@songbirdnest.com [2013-06-11] [ist nicht signiert]
FF Extension: (Kein Name) - C:\Program Files (x86)\Songbird\extensions\albumart@songbirdnest.com [nicht gefunden]
FF Extension: (Kein Name) - C:\Program Files (x86)\Songbird\extensions\gonzo@songbirdnest.com [nicht gefunden]
FF Extension: (Kein Name) - C:\Program Files (x86)\Songbird\extensions\philips-addon-manager@songbirdnest.com [nicht gefunden]
FF Extension: (Kein Name) - C:\Program Files (x86)\Songbird\extensions\pinkmartini@songbirdnest.com [nicht gefunden]
FF Extension: (Kein Name) - C:\Program Files (x86)\Songbird\extensions\purplerain@songbirdnest.com [nicht gefunden]
FF Extension: (Kein Name) - C:\Program Files (x86)\Songbird\extensions\sharing@songbirdnest.com [nicht gefunden]
FF Extension: (Kein Name) - C:\Program Files (x86)\Songbird\extensions\soundboard@songbirdnest.com [nicht gefunden]
FF ProfilePath: C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default [2017-01-22]
FF Homepage: Mozilla\Firefox\Profiles\cnn104yu.default -> hxxp://www.google.de
FF Extension: (Avira Browser Safety) - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\abs@avira.com.xpi [2017-01-21]
FF Extension: (Brief) - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\brief@mozdev.org.xpi [2016-06-12]
FF Extension: (Clipple) - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\clipple@mooz.github.com.xpi [2016-02-17]
FF Extension: (ProxTube) - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\ich@maltegoetz.de.xpi [2016-10-17]
FF Extension: (Download YouTube Videos, Fast And Simple) - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\jid1-cHKBMlArKdIVEg@jetpack.xpi [2016-04-30]
FF Extension: (Ebay & Amazon Search Menu Add-on) - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\jid1-XZ3VqwTEfisocw@jetpack.xpi [2017-01-21]
FF Extension: (Vlc Kontextmenü) - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\vlcplaylist@helgatauscher.de.xpi [2016-04-30]
FF Extension: (VLC Youtube Shortcut) - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\vlc_shortcut@kosan.kosan.xpi [2016-12-01]
FF Extension: (All-in-One Sidebar) - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2017-01-21]
FF Extension: (Home Extension) - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\{2E6861CA-9A88-4B7B-B935-F810DE84D259} [2016-11-26]
FF Extension: (NoScript) - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-01-20]
FF Extension: (Adblock Plus) - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Extension: (Tab Mix Plus) - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2017-01-14]
FF SearchPlugin: C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\searchplugins\dudende-suche.xml [2012-07-29]
FF SearchPlugin: C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\cnn104yu.default\searchplugins\stadtbibliothek-stadt.xml [2016-04-01]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-01-30] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2015-08-18] [ist nicht signiert]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-11] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-09-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-09-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [Keine Datei]
FF Plugin: synology.com/SurveillancePlugin_x86_64 -> C:\Program Files (x86)\Synology\SurveillancePlugin\1.0.0.934\npSurveillancePlugin_x86_64.dll [2016-03-25] (Synology)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-11] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1206147.dll [2013-11-25] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-04-08] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2015-04-08] (Citrix Systems, Inc.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-09-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Keine Datei]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Keine Datei]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Keine Datei]
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @graphisoft.com/GDL Web Plug-in -> C:\Program Files (x86)\GRAPHISOFT\GDLWebControl\npGDLMozilla.dll [2012-06-14] (Graphisoft SE)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-21] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-09-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: synology.com/SurveillancePlugin -> C:\Program Files (x86)\Synology\SurveillancePlugin\1.0.0.934\npSurveillancePlugin.dll [2016-03-25] (Synology)
FF Plugin HKU\S-1-5-21-1412286257-1942420214-3619319362-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-09-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-1412286257-1942420214-3619319362-1000: @sun.com/npsopluginmi;version=1.0 -> C:\Program Files (x86)\OpenOffice.org 3\program [Keine Datei]
FF Plugin HKU\S-1-5-21-1412286257-1942420214-3619319362-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Joerg\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-12-03] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1412286257-1942420214-3619319362-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll [2012-12-07] (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2015-09-08] (Tracker Software Products (Canada) Ltd.)

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> chrome://newtab
CHR Profile: C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default [2017-01-21]
CHR Extension: (Google Präsentationen) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-09]
CHR Extension: (Google Docs) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-09]
CHR Extension: (Google Drive) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-29]
CHR Extension: (YouTube) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-29]
CHR Extension: (Google Cast) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-11-20]
CHR Extension: (Google-Suche) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Google Tabellen) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-09]
CHR Extension: (Google Docs Offline) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-20]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-20]
CHR Extension: (Google Mail) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-09]
CHR Extension: (Chrome Media Router) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-20]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [1089592 2016-12-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [476736 2016-12-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [476736 2016-12-15] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1490296 2016-12-15] (Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-07-28] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-02-02] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.04\AsusFanControlService.exe [1473664 2012-07-28] (ASUSTeK Computer Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [350528 2016-11-24] (Avira Operations GmbH & Co. KG)
R2 AXIS Camera Management; C:\Program Files\Axis Communications\AXIS Camera Management 4\AcmService.exe [18432 2015-05-08] (Axis Communications AB) [Datei ist nicht signiert]
R2 chip1click; C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe [91136 2016-10-27] (Chip Digital GmbH) [Datei ist nicht signiert]
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-16] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-15] (SEIKO EPSON CORPORATION)
R2 FoxitReaderService; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe [1659592 2016-11-15] (Foxit Software Inc.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
R2 SDScannerService; C:\Program Files (x86)\SpybotSearchDestroy2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\SpybotSearchDestroy2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\SpybotSearchDestroy2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-11-18] (Microsoft Corporation)
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2015-05-11] () [Datei ist nicht signiert]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
S3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [151352 2016-12-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [153904 2016-12-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [35488 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [78208 2016-06-04] (Avira Operations GmbH & Co. KG)
S3 GenericMount; C:\WINDOWS\System32\DRIVERS\GenericMount.sys [66608 2010-02-12] (Symantec Corporation)
R3 ikbevent; C:\WINDOWS\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
R3 imsevent; C:\WINDOWS\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 WPRO_41_2001; C:\WINDOWS\System32\drivers\WPRO_41_2001.sys [34752 2013-01-28] ()
U3 idsvc; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-01-22 12:38 - 2017-01-22 12:38 - 00000000 ____D C:\Users\Joerg\Desktop\FRST-OlderVersion
2017-01-22 12:34 - 2017-01-22 12:37 - 00000000 ____D C:\ProgramData\HitmanPro
2017-01-22 12:32 - 2017-01-22 12:33 - 11581544 _____ (SurfRight B.V.) C:\Users\Joerg\Desktop\HitmanPro_x64.exe
2017-01-21 22:09 - 2017-01-21 22:10 - 02870984 _____ (ESET) C:\Users\Joerg\Desktop\esetsmartinstaller_deu.exe
2017-01-21 22:02 - 2017-01-21 22:03 - 00011900 _____ C:\Users\Joerg\Desktop\Fixlog.txt
2017-01-21 22:02 - 2017-01-21 22:02 - 00121453 _____ C:\Users\Joerg\Desktop\Addition2.txt
2017-01-21 22:02 - 2017-01-21 22:02 - 00087418 _____ C:\Users\Joerg\Desktop\FRST2.txt
2017-01-21 20:00 - 2017-01-22 12:25 - 00000000 ____D C:\Users\Joerg\AppData\LocalLow\Mozilla
2017-01-21 19:51 - 2017-01-21 19:51 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Oracle
2017-01-21 19:50 - 2017-01-21 19:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-01-21 19:50 - 2017-01-21 19:49 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-01-21 16:40 - 2017-01-21 15:10 - 00000938 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170121-164047.backup
2017-01-21 16:17 - 2017-01-21 15:10 - 00000938 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170121-161757.backup
2017-01-21 16:04 - 2017-01-21 15:10 - 00000938 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170121-160439.backup
2017-01-21 16:02 - 2017-01-21 15:10 - 00000938 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170121-160235.backup
2017-01-21 15:41 - 2017-01-21 15:10 - 00000938 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20170121-154119.backup
2017-01-21 15:20 - 2017-01-22 12:41 - 00034811 _____ C:\Users\Joerg\Desktop\FRST.txt
2017-01-21 15:20 - 2017-01-21 21:59 - 00121453 _____ C:\Users\Joerg\Desktop\Addition.txt
2017-01-21 15:15 - 2017-01-21 15:18 - 00001651 _____ C:\Users\Joerg\Desktop\JRT.txt
2017-01-21 15:10 - 2014-05-19 21:15 - 00450709 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170121-151036.backup
2017-01-21 14:58 - 2017-01-21 15:14 - 01663040 _____ (Malwarebytes) C:\Users\Joerg\Desktop\JRT.exe
2017-01-21 14:40 - 2017-01-21 14:44 - 00102391 _____ C:\Users\Joerg\Desktop\Addition_1b.txt
2017-01-21 14:39 - 2017-01-21 14:43 - 00086783 _____ C:\Users\Joerg\Desktop\FRST_1b.txt
2017-01-21 14:28 - 2017-01-21 14:28 - 00001533 _____ C:\Users\Joerg\Desktop\mbam.txt
2017-01-21 14:20 - 2017-01-21 22:04 - 00102856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-01-21 14:20 - 2017-01-21 22:04 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-01-21 14:20 - 2017-01-21 15:28 - 00176064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-01-21 14:19 - 2017-01-21 22:04 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-01-21 14:19 - 2017-01-21 22:03 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-21 14:19 - 2017-01-21 14:19 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-21 14:19 - 2017-01-21 14:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-21 14:19 - 2017-01-21 14:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-21 14:19 - 2017-01-21 14:19 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-21 14:19 - 2016-12-14 12:55 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-01-21 14:13 - 2017-01-21 14:13 - 00001066 _____ C:\Users\Joerg\Desktop\AdwCleaner[C0].txt - Verknüpfung.lnk
2017-01-21 14:04 - 2017-01-21 14:08 - 00000000 ____D C:\AdwCleaner
2017-01-21 14:00 - 2017-01-21 14:00 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2017-01-21 13:58 - 2017-01-21 14:03 - 03988944 _____ C:\Users\Joerg\Desktop\AdwCleaner_6.042.exe
2017-01-20 21:03 - 2017-01-20 21:03 - 00019360 _____ C:\Users\Joerg\Desktop\Addition_1.7z
2017-01-20 20:58 - 2017-01-20 20:58 - 00989855 _____ C:\Users\Joerg\Desktop\AVSCAN-20170119-210753-35D54530_1.zip
2017-01-20 19:26 - 2017-01-21 14:36 - 00102416 _____ C:\Users\Joerg\Desktop\Addition_1a.txt
2017-01-20 19:25 - 2017-01-21 14:36 - 00086878 _____ C:\Users\Joerg\Desktop\FRST_1a.txt
2017-01-20 19:24 - 2017-01-22 12:41 - 00000000 ____D C:\FRST
2017-01-20 19:23 - 2017-01-22 12:38 - 02420736 _____ (Farbar) C:\Users\Joerg\Desktop\FRST64.exe
2017-01-20 19:03 - 2017-01-20 19:03 - 00000475 _____ C:\Users\Joerg\Desktop\Trojaner.txt
2017-01-16 23:51 - 2014-05-19 21:15 - 00450709 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170116-235155.backup
2017-01-14 19:14 - 2017-01-14 19:14 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Amanita-Design.Samorost3
2017-01-14 18:35 - 2017-01-14 18:38 - 00000000 ____D C:\WINDOWS\Microsoft Antimalware
2017-01-10 23:50 - 2014-05-19 21:15 - 00450709 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170110-235007.backup
2017-01-10 21:23 - 2014-05-19 21:15 - 00450709 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170110-212324.backup
2017-01-10 20:16 - 2014-05-19 21:15 - 00450709 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170110-201615.backup
2017-01-10 19:32 - 2016-12-21 09:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-10 19:32 - 2016-12-21 09:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-10 19:32 - 2016-12-21 08:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-10 19:32 - 2016-12-21 08:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-10 19:32 - 2016-12-21 08:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-10 19:32 - 2016-12-21 08:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-10 19:32 - 2016-12-21 08:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-01-10 19:32 - 2016-12-21 08:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-10 19:32 - 2016-12-21 08:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-10 19:32 - 2016-12-21 08:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-10 19:32 - 2016-12-21 08:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-10 19:32 - 2016-12-21 08:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-10 19:32 - 2016-12-21 08:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-10 19:32 - 2016-12-21 07:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-10 19:32 - 2016-12-21 07:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-10 19:32 - 2016-12-21 07:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-10 19:32 - 2016-12-21 07:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-10 19:32 - 2016-12-21 07:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-10 19:32 - 2016-12-21 07:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-10 19:32 - 2016-12-21 07:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-10 19:32 - 2016-12-21 07:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-10 19:32 - 2016-12-21 07:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-01-10 19:32 - 2016-12-21 07:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-10 19:32 - 2016-12-21 06:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-01-10 19:32 - 2016-12-21 06:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-10 19:32 - 2016-12-21 06:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-01-10 19:32 - 2016-12-21 05:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-10 19:32 - 2016-12-21 05:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-10 19:32 - 2016-12-21 05:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-01-10 19:32 - 2016-12-21 05:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-01-10 19:32 - 2016-12-21 05:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-01-10 19:32 - 2016-12-21 05:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-01-10 19:32 - 2016-12-21 05:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-01-10 19:32 - 2016-12-21 05:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-01-10 19:32 - 2016-12-21 05:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-10 19:32 - 2016-12-21 05:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-10 19:32 - 2016-12-21 05:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-01-10 19:32 - 2016-12-21 05:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-01-10 19:32 - 2016-12-21 05:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-01-10 19:32 - 2016-12-21 05:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-01-10 19:32 - 2016-12-21 05:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-10 19:32 - 2016-12-21 05:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-01-10 19:32 - 2016-12-14 06:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-10 19:32 - 2016-12-14 06:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-10 19:32 - 2016-12-14 06:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-01-10 19:32 - 2016-12-14 06:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-01-10 19:32 - 2016-12-14 06:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-01-10 19:32 - 2016-12-14 06:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-01-10 19:32 - 2016-12-14 05:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-10 19:32 - 2016-12-14 05:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-10 19:32 - 2016-12-14 05:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-10 19:32 - 2016-12-14 05:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-10 19:32 - 2016-12-14 05:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-01-10 19:32 - 2016-12-14 05:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-10 19:32 - 2016-12-14 05:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-10 19:32 - 2016-12-14 05:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-01-10 19:32 - 2016-12-14 05:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-10 19:32 - 2016-12-14 05:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-10 19:32 - 2016-12-14 05:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-01-10 19:32 - 2016-12-14 05:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-01-10 19:32 - 2016-12-14 05:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-10 19:32 - 2016-12-14 05:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-01-10 19:32 - 2016-12-14 05:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-10 19:32 - 2016-12-14 05:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-10 19:32 - 2016-12-14 05:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-10 19:32 - 2016-12-14 05:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-10 19:32 - 2016-12-14 05:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-10 19:32 - 2016-12-14 05:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-10 19:32 - 2016-12-14 05:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-10 19:32 - 2016-12-14 05:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-10 19:32 - 2016-11-02 13:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-01-10 19:32 - 2016-11-02 11:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-10 19:32 - 2016-08-02 05:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-01-10 19:31 - 2016-12-21 09:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-10 19:31 - 2016-12-21 08:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-10 19:31 - 2016-12-21 08:45 - 00153952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcmiplugin.dll
2017-01-10 19:31 - 2016-12-21 08:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-10 19:31 - 2016-12-21 08:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-10 19:31 - 2016-12-21 08:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-01-10 19:31 - 2016-12-21 08:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-10 19:31 - 2016-12-21 08:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-10 19:31 - 2016-12-21 08:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-10 19:31 - 2016-12-21 08:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-10 19:31 - 2016-12-21 08:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-10 19:31 - 2016-12-21 08:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-10 19:31 - 2016-12-21 08:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-10 19:31 - 2016-12-21 08:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-01-10 19:31 - 2016-12-21 08:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-10 19:31 - 2016-12-21 08:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-01-10 19:31 - 2016-12-21 08:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-10 19:31 - 2016-12-21 08:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-10 19:31 - 2016-12-21 08:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-10 19:31 - 2016-12-21 08:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-10 19:31 - 2016-12-21 08:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-10 19:31 - 2016-12-21 08:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-01-10 19:31 - 2016-12-21 08:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-10 19:31 - 2016-12-21 08:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-10 19:31 - 2016-12-21 08:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-10 19:31 - 2016-12-21 08:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-01-10 19:31 - 2016-12-21 08:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-01-10 19:31 - 2016-12-21 07:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-10 19:31 - 2016-12-21 07:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-10 19:31 - 2016-12-21 07:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-10 19:31 - 2016-12-21 07:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-10 19:31 - 2016-12-21 07:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-10 19:31 - 2016-12-21 07:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-10 19:31 - 2016-12-21 07:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-10 19:31 - 2016-12-21 07:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-10 19:31 - 2016-12-21 07:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-10 19:31 - 2016-12-21 07:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-10 19:31 - 2016-12-21 06:03 - 00136544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqmigplugin.dll
2017-01-10 19:31 - 2016-12-21 06:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-01-10 19:31 - 2016-12-21 06:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-01-10 19:31 - 2016-12-21 06:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-01-10 19:31 - 2016-12-21 06:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-01-10 19:31 - 2016-12-21 06:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-01-10 19:31 - 2016-12-21 06:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-01-10 19:31 - 2016-12-21 05:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-01-10 19:31 - 2016-12-21 05:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-10 19:31 - 2016-12-21 05:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-01-10 19:31 - 2016-12-21 05:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-01-10 19:31 - 2016-12-21 05:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-01-10 19:31 - 2016-12-21 05:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-01-10 19:31 - 2016-12-21 05:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-01-10 19:31 - 2016-12-21 05:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-01-10 19:31 - 2016-12-21 05:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-01-10 19:31 - 2016-12-21 05:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-01-10 19:31 - 2016-12-21 05:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-01-10 19:31 - 2016-12-21 05:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-01-10 19:31 - 2016-12-14 06:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-10 19:31 - 2016-12-14 06:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-10 19:31 - 2016-12-14 06:33 - 02169184 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-01-10 19:31 - 2016-12-14 06:33 - 01669984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-01-10 19:31 - 2016-12-14 06:33 - 01400160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-01-10 19:31 - 2016-12-14 06:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-10 19:31 - 2016-12-14 06:33 - 01054048 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2017-01-10 19:31 - 2016-12-14 06:33 - 00992096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2017-01-10 19:31 - 2016-12-14 06:33 - 00822624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-01-10 19:31 - 2016-12-14 06:33 - 00813408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-01-10 19:31 - 2016-12-14 06:33 - 00779616 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-01-10 19:31 - 2016-12-14 06:33 - 00752992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-01-10 19:31 - 2016-12-14 06:33 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-01-10 19:31 - 2016-12-14 06:33 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-01-10 19:31 - 2016-12-14 06:33 - 00571744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-01-10 19:31 - 2016-12-14 06:33 - 00513376 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2017-01-10 19:31 - 2016-12-14 06:33 - 00406368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-01-10 19:31 - 2016-12-14 06:33 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2017-01-10 19:31 - 2016-12-14 06:33 - 00190816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVDllSurrogate.exe
2017-01-10 19:31 - 2016-12-14 06:26 - 01469792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-01-10 19:31 - 2016-12-14 06:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-10 19:31 - 2016-12-14 06:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-10 19:31 - 2016-12-14 06:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-10 19:31 - 2016-12-14 06:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-10 19:31 - 2016-12-14 06:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-10 19:31 - 2016-12-14 06:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-10 19:31 - 2016-12-14 06:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-01-10 19:31 - 2016-12-14 06:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-01-10 19:31 - 2016-12-14 06:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-01-10 19:31 - 2016-12-14 05:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-10 19:31 - 2016-12-14 05:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-01-10 19:31 - 2016-12-14 05:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-10 19:31 - 2016-12-14 05:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 19:31 - 2016-12-14 05:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-10 19:31 - 2016-12-14 05:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-10 19:31 - 2016-12-14 05:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-10 19:31 - 2016-12-14 05:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-01-10 19:31 - 2016-12-14 05:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 19:31 - 2016-12-14 05:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-10 19:31 - 2016-12-14 05:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-10 19:31 - 2016-12-14 05:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-10 19:31 - 2016-12-14 05:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-10 19:31 - 2016-12-14 05:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-10 19:31 - 2016-12-14 05:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-10 19:31 - 2016-12-14 05:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-01-10 19:31 - 2016-12-14 05:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-01-10 19:31 - 2016-12-14 05:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-01-10 19:31 - 2016-12-14 05:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-10 19:31 - 2016-12-14 05:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-10 19:31 - 2016-12-14 05:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-01-10 19:31 - 2016-12-14 05:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-01-10 19:31 - 2016-12-14 05:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-01-10 19:31 - 2016-12-14 05:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-10 19:31 - 2016-11-02 12:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-01-10 19:31 - 2016-11-02 11:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-01-10 19:31 - 2016-11-02 11:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-01-09 18:22 - 2014-05-19 21:15 - 00450709 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170109-182203.backup
2017-01-07 15:05 - 2017-01-11 18:51 - 00263016 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-06 19:49 - 2014-05-19 21:15 - 00450709 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170106-194925.backup
2017-01-04 20:25 - 2017-01-04 20:25 - 00001333 _____ C:\Users\Joerg\Desktop\OOSU10861.exe - Verknüpfung.lnk
2017-01-04 20:21 - 2017-01-04 20:21 - 00681536 _____ (O&O Software GmbH) C:\Program Files (x86)\OOSU10861.exe
2017-01-04 18:35 - 2014-05-19 21:15 - 00450709 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170104-183515.backup
2017-01-04 00:41 - 2014-05-19 21:15 - 00450709 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170104-004142.backup
2017-01-04 00:40 - 2014-05-19 21:15 - 00450709 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170104-004028.backup
2017-01-04 00:33 - 2017-01-04 00:33 - 00000000 ____D C:\Users\Joerg\Aufnahmen\Documents\ProcAlyzer Dumps
2017-01-04 00:27 - 2017-01-04 00:27 - 00000000 ____D C:\Program Files\Common Files\AV
2017-01-04 00:26 - 2017-01-04 00:36 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-01-04 00:26 - 2017-01-04 00:27 - 00000000 ____D C:\Program Files (x86)\SpybotSearchDestroy2
2017-01-04 00:26 - 2017-01-04 00:26 - 00001401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-01-04 00:26 - 2017-01-04 00:26 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-01-04 00:26 - 2017-01-04 00:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpybotSearchDestroy2
2017-01-04 00:26 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2017-01-03 20:05 - 2017-01-03 20:05 - 00000000 ____D C:\Program Files (x86)\Chip Digital GmbH
2017-01-02 22:39 - 2017-01-02 22:39 - 00003270 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-02 22:38 - 2017-01-02 22:38 - 00000000 ____D C:\Users\Leo\AppData\Roaming\Skype
2016-12-28 19:03 - 2016-12-28 19:03 - 00001189 _____ C:\Users\Joerg\Desktop\MediathekView.lnk
2016-12-28 19:01 - 2016-12-29 20:58 - 00000000 ____D C:\Users\Joerg\.mediathek3
2016-12-28 18:58 - 2016-12-28 19:03 - 00000000 ____D C:\Program Files (x86)\MediathekView12
2016-12-28 18:55 - 2017-01-21 20:17 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\TV-Browser
2016-12-28 18:55 - 2016-12-28 18:55 - 00001989 _____ C:\Users\Public\Desktop\TV-Browser.lnk
2016-12-28 18:55 - 2016-12-28 18:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TV-Browser
2016-12-28 18:55 - 2016-12-28 18:55 - 00000000 ____D C:\Program Files (x86)\TV-Browser
2016-12-27 18:27 - 2017-01-11 20:37 - 00000000 ____D C:\Users\Joerg\Aufnahmen\Documents\BotaniculaSaves
2016-12-27 15:13 - 2016-12-27 15:13 - 00000222 _____ C:\Users\Joerg\Desktop\Samorost 3.url
2016-12-27 15:13 - 2016-12-27 15:13 - 00000222 _____ C:\Users\Joerg\Desktop\Botanicula.url
2016-12-27 15:13 - 2016-12-27 15:13 - 00000221 _____ C:\Users\Joerg\Desktop\Samorost 2.url
2016-12-27 15:13 - 2016-12-27 15:13 - 00000221 _____ C:\Users\Joerg\Desktop\Machinarium.url
2016-12-27 15:13 - 2016-12-27 15:13 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-12-27 14:34 - 2016-12-27 14:34 - 00000000 ____D C:\Users\Joerg\AppData\Local\Chromium
2016-12-24 15:36 - 2017-01-03 19:45 - 00016524 ____H C:\Users\Leo\AppData\Local\IconCache.db
2016-12-24 15:34 - 2017-01-02 23:10 - 00000000 ____D C:\Users\Leo\AppData\Local\ConnectedDevicesPlatform
2016-12-24 15:34 - 2016-12-24 15:34 - 00004676 __RSH C:\Users\Leo\ntuser.pol
2016-12-24 15:34 - 2016-12-24 15:34 - 00000174 ___SH C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
2016-12-24 15:34 - 2016-12-24 15:34 - 00000020 ___SH C:\Users\Leo\ntuser.ini
2016-12-24 15:34 - 2016-12-24 15:34 - 00000000 ____D C:\Users\Leo\AppData\Local\Comms
2016-12-24 12:49 - 2016-12-24 12:49 - 00000000 _____ C:\Users\Joerg\AppData\Roaming\f0aa1a7e-4626-4653-9ccb-fec05ba6b9ce.storage
2016-12-24 12:49 - 2016-12-24 12:49 - 00000000 _____ C:\Users\Joerg\AppData\Roaming\5a873492-3d40-49ab-846a-bc059a202348.storage
2016-12-23 19:56 - 2016-12-23 19:56 - 11346638 _____ C:\Users\Joerg\Downloads\Amazon-Music-Download_2016-12-23_19-56.zip

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-01-22 12:25 - 2016-11-18 18:33 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-22 10:51 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-22 10:51 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-21 22:11 - 2016-11-18 18:38 - 03421736 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-21 22:11 - 2016-07-16 23:51 - 01498432 _____ C:\WINDOWS\system32\perfh007.dat
2017-01-21 22:11 - 2016-07-16 23:51 - 00389106 _____ C:\WINDOWS\system32\perfc007.dat
2017-01-21 22:09 - 2012-07-27 20:37 - 00000000 _____ C:\WINDOWS\Path.idx
2017-01-21 22:04 - 2015-05-19 22:05 - 00000000 __SHD C:\Users\Joerg\IntelGraphicsProfiles
2017-01-21 22:04 - 2012-07-27 19:31 - 01048576 _____ C:\WINDOWS\PE_Rom.dll
2017-01-21 22:03 - 2016-11-18 18:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-21 22:03 - 2016-07-16 07:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-01-21 22:03 - 2015-10-15 18:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-21 22:03 - 2015-06-16 19:22 - 00000000 ____D C:\ProgramData\firebird
2017-01-21 19:55 - 2013-08-24 10:17 - 00000000 ____D C:\Program Files (x86)\QuickTime
2017-01-21 19:50 - 2013-12-07 15:08 - 00000000 ____D C:\ProgramData\Oracle
2017-01-21 19:49 - 2013-06-24 22:31 - 00000000 ____D C:\Program Files (x86)\Java
2017-01-21 16:15 - 2015-08-18 14:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2017-01-21 16:15 - 2015-08-18 14:22 - 00000000 ____D C:\Program Files (x86)\epson
2017-01-21 16:15 - 2015-08-18 14:17 - 00000000 ____D C:\ProgramData\Epson
2017-01-21 16:07 - 2016-03-06 11:45 - 00000000 ____D C:\Program Files (x86)\Steam
2017-01-21 14:09 - 2016-07-16 07:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-01-21 14:07 - 2016-11-18 18:55 - 00000008 __RSH C:\Users\Joerg\ntuser.pol
2017-01-21 14:07 - 2016-11-18 18:39 - 00000000 ____D C:\Users\Joerg
2017-01-21 14:07 - 2013-12-27 15:25 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-01-21 14:00 - 2016-11-18 18:39 - 00000000 ____D C:\Users\DefaultAppPool
2017-01-20 19:04 - 2012-11-06 22:55 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Notepad++
2017-01-17 19:54 - 2015-11-08 11:57 - 00000000 ____D C:\Users\Joerg\Aufnahmen\Documents\Registry CC_Cleaner
2017-01-16 21:12 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-14 19:52 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-01-11 18:52 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-11 18:52 - 2015-10-23 20:52 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-11 18:51 - 2013-10-09 12:21 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-11 07:55 - 2016-11-18 18:39 - 00000000 ____D C:\Users\Leo
2017-01-11 07:54 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-11 07:54 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-11 07:54 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-11 07:54 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-11 07:54 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-11 07:54 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-01-11 01:47 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-01-11 01:47 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-01-10 21:01 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-10 20:59 - 2013-08-16 22:43 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-10 20:57 - 2012-07-28 17:25 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-07 15:07 - 2016-11-18 18:39 - 00000000 ____D C:\Users\Mcx1-DELFINE
2017-01-05 17:40 - 2010-11-21 04:27 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-01-04 01:47 - 2016-11-18 18:45 - 00003858 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-01-03 20:05 - 2012-07-28 16:00 - 00000000 ____D C:\Users\Joerg\AppData\Local\Downloaded Installations
2017-01-03 19:45 - 2016-12-03 14:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-01-03 19:45 - 2012-09-07 16:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-02 22:41 - 2015-12-03 19:27 - 00000000 ____D C:\Users\Leo\AppData\Local\Packages
2017-01-02 22:39 - 2016-03-06 11:43 - 00002418 _____ C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-02 22:39 - 2016-03-06 11:43 - 00000000 ___RD C:\Users\Leo\OneDrive
2017-01-02 22:38 - 2015-06-07 17:59 - 00000000 __SHD C:\Users\Leo\IntelGraphicsProfiles
2016-12-31 20:36 - 2014-01-25 15:21 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\KeePass
2016-12-31 13:23 - 2016-12-10 13:37 - 00000000 ____D C:\ProgramData\Foxit Software
2016-12-31 13:23 - 2009-07-14 04:20 - 00000000 ___RD C:\Users\Public\Documents
2016-12-31 13:14 - 2012-07-30 21:48 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Foxit Software
2016-12-31 12:57 - 2012-07-28 16:00 - 00000000 ____D C:\ProgramData\Sonos,_Inc
2016-12-28 19:03 - 2015-07-24 14:57 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\vlc
2016-12-27 16:02 - 2016-03-06 11:57 - 00000000 ____D C:\Users\Joerg\AppData\Local\Steam
2016-12-27 14:32 - 2016-03-06 11:45 - 00001036 _____ C:\Users\Public\Desktop\Steam.lnk
2016-12-27 14:32 - 2016-03-06 11:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-12-24 15:42 - 2016-12-03 14:44 - 00000000 ____D C:\WINDOWS\Minidump
2016-12-24 15:36 - 2016-11-18 18:39 - 00524288 ___SH C:\Users\Leo\NTUSER.DAT{22c1e74d-adb5-11e6-a28c-dd852ca2b43d}.TMContainer00000000000000000001.regtrans-ms
2016-12-24 15:36 - 2016-11-18 18:39 - 00065536 ___SH C:\Users\Leo\NTUSER.DAT{22c1e74d-adb5-11e6-a28c-dd852ca2b43d}.TM.blf
2016-12-24 15:36 - 2016-11-18 18:39 - 00000000 ____D C:\Users\Leo\AppData\Local
2016-12-24 15:34 - 2016-11-18 18:39 - 00000000 ___RD C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2016-12-24 15:34 - 2015-05-03 14:21 - 00000282 ___SH C:\Users\Leo\Downloads\desktop.ini
2016-12-24 15:34 - 2015-05-03 14:21 - 00000282 ___SH C:\Users\Leo\Desktop\desktop.ini
2016-12-24 15:34 - 2015-05-03 14:21 - 00000174 ___SH C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
2016-12-24 15:34 - 2015-05-03 14:21 - 00000000 ___RD C:\Users\Leo\Searches
2016-12-24 15:34 - 2015-05-03 14:21 - 00000000 ___RD C:\Users\Leo\Contacts
2016-12-24 15:34 - 2015-05-03 14:21 - 00000000 ___RD C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2016-12-24 15:34 - 2015-05-03 14:21 - 00000000 ___RD C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2016-12-24 15:34 - 2015-05-03 14:20 - 00000000 ___RD C:\Users\Leo\Videos
2016-12-24 15:34 - 2015-05-03 14:20 - 00000000 ___RD C:\Users\Leo\Saved Games
2016-12-24 15:34 - 2015-05-03 14:20 - 00000000 ___RD C:\Users\Leo\Pictures
2016-12-24 15:34 - 2015-05-03 14:20 - 00000000 ___RD C:\Users\Leo\Music
2016-12-24 15:34 - 2015-05-03 14:20 - 00000000 ___RD C:\Users\Leo\Links
2016-12-24 15:34 - 2015-05-03 14:20 - 00000000 ___RD C:\Users\Leo\Favorites
2016-12-24 15:34 - 2015-05-03 14:20 - 00000000 ___RD C:\Users\Leo\Downloads
2016-12-24 15:34 - 2015-05-03 14:20 - 00000000 ___RD C:\Users\Leo\Documents
2016-12-24 15:34 - 2015-05-03 14:20 - 00000000 ___RD C:\Users\Leo\Desktop
2016-12-23 00:13 - 2016-07-16 12:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-23 00:13 - 2016-07-16 12:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2017-01-04 20:21 - 2017-01-04 20:21 - 0681536 _____ (O&O Software GmbH) C:\Program Files (x86)\OOSU10861.exe
2015-11-01 17:56 - 2015-11-01 17:56 - 0000000 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-12-24 12:49 - 2016-12-24 12:49 - 0000000 _____ () C:\Users\Joerg\AppData\Roaming\5a873492-3d40-49ab-846a-bc059a202348.storage
2015-05-25 10:28 - 2015-05-25 10:28 - 0000093 _____ () C:\Users\Joerg\AppData\Roaming\ARCompanion.log
2016-12-24 12:49 - 2016-12-24 12:49 - 0000000 _____ () C:\Users\Joerg\AppData\Roaming\f0aa1a7e-4626-4653-9ccb-fec05ba6b9ce.storage
2014-02-07 19:26 - 2014-02-07 19:26 - 0000044 _____ () C:\Users\Joerg\AppData\Roaming\WB.CFG
2012-09-23 14:57 - 2016-06-22 20:06 - 0012800 _____ () C:\Users\Joerg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-29 11:00 - 2013-12-29 11:00 - 0000093 _____ () C:\Users\Joerg\AppData\Local\fusioncache.dat
2016-01-30 16:21 - 2016-01-30 16:47 - 0000026 _____ () C:\Users\Joerg\AppData\Local\isoworkshop.ini
2013-02-09 18:39 - 2013-02-09 18:40 - 0000600 _____ () C:\Users\Joerg\AppData\Local\PUTTY.RND
2012-07-28 01:07 - 2012-09-14 22:37 - 0007597 _____ () C:\Users\Joerg\AppData\Local\Resmon.ResmonCfg
2013-09-25 18:08 - 2016-01-30 16:12 - 0000085 ___SH () C:\ProgramData\.zreglib
2012-07-29 16:35 - 2012-07-29 18:52 - 0000297 _____ () C:\ProgramData\Gpu.log

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-01-21 18:56

==================== Ende von FRST.txt ============================
         

Alt 22.01.2017, 13:26   #7
laocoon
 
Windows10: Trojanerfunde TR/Crypt.ZPACK.opknz + TR/Crypt.ZPACK.gezb + TR/Crypt.Xpack.400358 + TR/Dropper.A.40051 + TR/Dropper.A.40034 - Standard

Windows10: Trojanerfunde TR/Crypt.ZPACK.opknz + TR/Crypt.ZPACK.gezb + TR/Crypt.Xpack.400358 + TR/Dropper.A.40051 + TR/Dropper.A.40034



...und hier das Addition-Log als Nachzügler:

von Addition:

Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 22-01-2017
durchgeführt von Joerg (22-01-2017 12:42:08)
Gestartet von C:\Users\Joerg\Desktop
Windows 10 Pro Version 1607 (X64) (2016-11-18 17:46:59)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-1412286257-1942420214-3619319362-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1412286257-1942420214-3619319362-1006 - Limited - Enabled)
DefaultAccount (S-1-5-21-1412286257-1942420214-3619319362-503 - Limited - Disabled)
Gast (S-1-5-21-1412286257-1942420214-3619319362-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1412286257-1942420214-3619319362-1004 - Limited - Enabled)
Joerg (S-1-5-21-1412286257-1942420214-3619319362-1000 - Administrator - Enabled) => C:\Users\Joerg
Leo (S-1-5-21-1412286257-1942420214-3619319362-1007 - Limited - Enabled) => C:\Users\Leo
Mcx1-DELFINE (S-1-5-21-1412286257-1942420214-3619319362-1002 - Limited - Enabled) => C:\Users\Mcx1-DELFINE

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AAVUpdateManager (HKLM-x32\...\{0D410F4D-9009-43F8-9DF1-BDADCE7FC43F}) (Version: 3.00.0000 - Akademische Arbeitsgemeinschaft)
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.3 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 4.4 64-bit (HKLM\...\{11A955CD-4398-405A-886D-E464C3618FBF}) (Version: 4.4.1 - Adobe)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.6.147 - Adobe Systems, Inc.)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 1.04.02 - ASUSTeK Computer Inc.)
Amazon Kindle (HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\Amazon Kindle) (Version:  - Amazon)
Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Anno 1602 (HKLM-x32\...\ANNO1602) (Version:  - )
ape@map (HKLM-x32\...\{660ACE0D-40F7-47E0-BDF2-5ED0E0293BEC}) (Version: 3.6.0 - Onyx Technologie OG)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AquaSoft DiaShow 9 Ultimate (HKLM-x32\...\AquaSoft DiaShow 9 Ultimate) (Version: 9.5.16 - AquaSoft)
ArchiCAD 16 GER (HKLM\...\001FFF2FFF16FF00FF0201F01F02F000-R1) (Version: 16.0 - GRAPHISOFT)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version:  - )
ASUS PC Diagnostics (HKLM-x32\...\{D709005F-D8DC-42A8-8435-5AE880ECAF82}) (Version: 1.2.5 - ASUSTeK Computer Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.24.146 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{707e8edf-9482-4417-ae39-c9b5fe605e87}) (Version: 1.2.76.27124 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.76.27124 - Avira Operations GmbH & Co. KG) Hidden
AXIS Camera Companion 3.11 (HKLM\...\{A6FE3FFD-BD70-4FD6-A436-62417F0A81EB}_is1) (Version: 3.11.001 - Axis Communications AB)
Biet-O-Matic v2.14.8 (HKLM-x32\...\Biet-O-Matic v2.14.8) (Version: 2.14.8 - BOM Development Team)
Botanicula (HKLM\...\Steam App 207690) (Version:  - Amanita Design)
calibre 64bit (HKLM\...\{D8905AF6-9F72-4BD8-BF37-51C5760B3CD5}) (Version: 2.48.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform)
chip 1-click download service (HKLM-x32\...\{503CA94E-0834-4CEE-AD92-BA17AF4E809A}) (Version: 3.6.9.0 - Chip Digital GmbH)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.2.100.14 - Citrix Systems, Inc.)
Coast Guard (HKLM-x32\...\Steam App 361200) (Version:  - Reality Twist GmbH)
Cuttermaran 1.70 (HKLM-x32\...\{5F499D33-546A-442B-B0F9-4C58F3B5B6E3}) (Version: 1.7.0 - toarnold)
Easy Photo Scan (HKLM-x32\...\{1A6DED1E-A024-455D-AA82-203D6B3B0CBC}) (Version: 1.00.0006 - Seiko Epson Corporation)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print 2 (HKLM-x32\...\{07AA1C7F-E8CA-4FDC-B975-BC9EBC22B6DE}) (Version: 2.7.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-225 Series Printer Uninstall (HKLM\...\EPSON XP-225 Series) (Version:  - SEIKO EPSON Corporation)
EPSON-Handbücher (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.50.0.0 - SEIKO EPSON CORPORATION)
EpsonNet Print (HKLM\...\{15A0F113-BF2C-4C12-8AA8-42AE0D9AE1C9}) (Version: 3.1.2.0 - SEIKO EPSON Corporation)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
FileZilla Client 3.9.0.5 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.5 - Tim Kosse)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.1.4.1208 - Foxit Software Inc.)
Garmin BaseCamp (HKLM-x32\...\{23A4DBD1-D847-4957-995D-8B1CC527E2E2}) (Version: 4.6.2.0 - Garmin Ltd or its subsidiaries)
Garmin MapSource (HKLM-x32\...\{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}) (Version: 6.16.3 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
GoGear SA4VBE Device Manager (HKLM-x32\...\{E7CA2FE9-1BDB-455D-83A3-0B0D1466EAF9}) (Version: 1.00 - Ihr Firmenname)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel(R) Network Connections 20.0.10.0 (HKLM\...\PROSetDX) (Version: 20.0.10.0 - Intel)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel(R) Smart Connect Technology 2.0 x64 (HKLM\...\{54F8B6C7-9B25-4E85-A1E0-26CFB80DE787}) (Version: 2.0.1083.0 - Intel)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version:  - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Kobo (HKLM-x32\...\Kobo) (Version: 4.0.5579 - Rakuten Kobo Inc.)
LameXP v4.07 (HKLM-x32\...\{FBD7A67D-D700-4043-B54F-DD106D00F308}) (Version: 4.07 Final-1 [Build #1286] - LoRd_MuldeR <mulder2@gmx.de>)
LibreOffice 4.1 Help Pack (German) (HKLM-x32\...\{43295475-62CA-4F25-B46C-43C59258780E}) (Version: 4.1.4.2 - The Document Foundation)
LibreOffice 4.3.7.2 (HKLM-x32\...\{8ED4A1FC-56CF-414C-A9AB-A37714AA9EA7}) (Version: 4.3.7.2 - The Document Foundation)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Machinarium (HKLM\...\Steam App 40700) (Version:  - Amanita Design)
Malwarebytes Version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1412286257-1942420214-3619319362-1007\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
Mozilla Firefox 50.1.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 de)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.6.0.6200 - Mozilla)
Mozilla Thunderbird 45.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.6.0 (x86 de)) (Version: 45.6.0 - Mozilla)
Mp3tag v2.59a (HKLM-x32\...\Mp3tag) (Version: v2.59a - Florian Heidenreich)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.2 - )
NVIDIA PhysX v8.05.26 (HKLM-x32\...\{11AE6807-50D2-4F59-82B3-2C3E695E94C2}) (Version: 8.05.26 - NVIDIA Corporation)
Online Plug-in (x32 Version: 14.2.100.14 - Citrix Systems, Inc.) Hidden
OnlineFotoservice (HKLM-x32\...\OnlineFotoservice) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.1.1 - pdfforge)
phase-6 2.3.4 (HKLM-x32\...\phase-6) (Version: 2.3.4 - phase-6)
Philips Media Convertor v1.2   (HKLM-x32\...\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}) (Version: 4.45 -  )
Photo Station Uploader (remove only) (HKLM-x32\...\Photo Station Uploader) (Version:  - Synology)
PHOTOfunSTUDIO 6.5 BD Edition (HKLM-x32\...\{AD5B7E20-00E1-4B7B-84DC-53F5CEFFA367}) (Version: 6.05.818 - Panasonic Corporation)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
POIbase 2.0.22 (HKLM-x32\...\POIbase_is1) (Version:  - POIbase)
Preispiraten (HKLM-x32\...\{5384EA8A-FECA-4D6E-B7B4-3D4D9D47E5DF}) (Version: 6 - metaspinner net GmbH)
Preispiraten 7 (HKLM-x32\...\{D746E113-378A-45A2-8EB0-DF00BD2454DE}) (Version: 7.1.1.0 - metaspinner net GmbH)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 9.2 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6570 - Realtek Semiconductor Corp.)
Republic Heroes (HKLM-x32\...\{5612C844-55BC-4B77-82C2-A2E28962418E}) (Version: 1.00.0000 - LucasArts)
Samorost 2 (HKLM\...\Steam App 40720) (Version:  - Amanita Design)
Samorost 3 (HKLM\...\Steam App 421120) (Version:  - Amanita Design)
SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.6 - Seagate Technology)
Self-Service Plug-in (x32 Version: 4.2.100.5943 - Citrix Systems, Inc.) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
Sonos Controller (HKLM-x32\...\{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}) (Version: 34.7.35161 - Sonos, Inc.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Steuer-Ratgeber 2016-2017 (HKLM-x32\...\{2D99CB45-87EE-4834-BB15-5DD59A024E4C}) (Version: 16.11.6 - Wolters Kluwer Deutschland GmbH)
Steuer-Spar-Erklärung 2009 (HKLM-x32\...\{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}) (Version: 14.01.0000 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2010 (HKLM-x32\...\{CE23D66A-B4D8-468B-B932-41159FA54E14}) (Version: 15.18 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2011 (HKLM-x32\...\{9F5FD796-86F0-4360-85F8-D54C0F5411EB}) (Version: 16.19.11 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2012 (HKLM-x32\...\{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}) (Version: 17.14 - Wolters Kluwer Deutschland GmbH)
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.11.11 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.14.99 - Akademische Arbeitsgemeinschaft)
SteuerSparErklärung 2015 (HKLM-x32\...\{312C0E08-8F94-4536-AAF6-3413F784AC5F}) (Version: 20.42.175 - Akademische Arbeitsgemeinschaft)
SteuerSparErklärung 2016 (HKLM-x32\...\{D331D50C-C578-423B-8BC7-94D3133CE315}) (Version: 21.37.107 - Akademische Arbeitsgemeinschaft)
SteuerSparErklärung 2017  (HKLM-x32\...\{45815686-22F8-4D24-872D-E481A654B230}) (Version: 22.20.35 - Wolters Kluwer Deutschland GmbH)
SurveillancePlugin (HKLM-x32\...\{DD3D6671-165A-4823-AB2F-F73316EE0C71}) (Version: 1.0.0.934 - Synology)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version:  - )
TomTom MyDrive Connect 4.1.1.2797 (HKLM-x32\...\MyDriveConnect) (Version: 4.1.1.2797 - TomTom)
TV-Browser 3.4.4 (HKLM-x32\...\tvbrowser) (Version: 3.4.4 - TV-Browser Team)
Unity Web Player (HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
XMedia Recode Version 3.3.5.7 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.3.5.7 - XMedia Recode)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-1412286257-1942420214-3619319362-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0249BE9D-7295-48C9-8EA3-41C4636235D7} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1412286257-1942420214-3619319362-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {085E3A32-ECDB-4286-93A6-BE96375339A6} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1DB28F69-B61F-4BA9-8695-DCE839D6FF72} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr.exe [2011-09-09] ()
Task: {2038D09C-5622-43D7-8758-4C878C8A60D4} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {2A7EAD93-6364-4194-B89C-A305D34BB5EE} - System32\Tasks\{A0932F3B-7471-4D67-857B-092DD058D72E} => msiexec.exe /package "C:\Users\Joerg\Downloads\MicrosoftFixit50123.msi"
Task: {2B3DAD67-1F2B-47D9-979F-D9DCCCB9DAD7} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {2BB73430-C81E-4FF3-9D0A-19019A784E95} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {2C6F490F-329D-4E0D-8E9A-156FE30A0CD0} - System32\Tasks\{D9BC4299-7B8A-46FE-95D0-B0FB0F052CA8} => pcalua.exe -a C:\Users\Joerg\Downloads\irfanview_plugins_433_setup.exe -d C:\Users\Joerg\Downloads
Task: {32AE5F22-5189-4C51-9DAB-8840F5580A8A} - System32\Tasks\ASUS\i-Setup225236 => C:\Windows\Chipset\AsusSetup.exe [2010-09-08] (ASUSTeK Computer Inc.)
Task: {33135665-B856-4771-B1C0-995F02BDABFE} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-01-10] (Microsoft Corporation)
Task: {33B04117-EF5A-4814-AEE4-7C88C14ADAB9} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {3A38A368-F25C-4142-8202-17C71E472428} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-DELFINE => C:\WINDOWS\ehome\McxTask.exe
Task: {3AFE325C-F25F-4804-89C3-74D568FFB074} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1412286257-1942420214-3619319362-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {3BF6D36E-AC15-4EFD-840B-EBBD5575D133} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/uninstall.html?aaa=KICMJMOJLMJJHMMMMJOMCNMMJMOJIMCNLMOMJJOJCNNJJJOMJMCNOJPMKMJJMJLMNMNJLMOMPMLJJNJICMIMCNGMCNNMFMGMCNOMOMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMFMOMPMJNHICMEKMICNJJCKJNBJCMFLAJKJNIIJJNKJCMJNNICMJNDJCMLJKJ"
Task: {3C1A87E2-487C-4F64-904B-98FA2CBD98E7} - System32\Tasks\{B2308464-6499-4ABC-929A-920DF196783A} => pcalua.exe -a C:\Users\Joerg\Downloads\Intel_MEI_V8001262_XPVistaWin7\setup.exe -d C:\Users\Joerg\Downloads\Intel_MEI_V8001262_XPVistaWin7
Task: {3D1299CA-6366-4630-9EDE-416941473940} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3D55EEDE-13C3-4151-AE28-BC0E9F25B815} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK Computer Inc.)
Task: {3DE316FA-36A0-4E43-A65C-BA97CDCAD874} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {42A3DC6D-3D60-4101-8260-C4FA4D6DDA4C} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {49A6CF7B-717F-46E6-9D08-BF1D4BC16702} - System32\Tasks\EPSON XP-225 Series Update {400C43AB-2E87-4983-A887-86105496B879} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSNFE.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {4EA532CD-77F3-47B4-9D5D-888BF06C06FB} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4F94B588-442D-4357-ADF0-CF6CE0C72462} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {50C0C005-93EF-42E4-84A2-AAB670263950} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {528CABAF-43C9-4AE7-B180-3FDD73E01148} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1412286257-1942420214-3619319362-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {5297443F-2E27-4209-86E3-9315B15FBFBF} - System32\Tasks\{F321C931-35DF-4923-94CE-B26E767B491C} => D:\Setup\Setup.exe
Task: {54A56059-C42A-4057-81C8-8BCE697EC1F7} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {589F8A18-086F-4C5A-A2C2-634E5BBEFC25} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {598E6758-D5FD-435E-BF77-6E4F26749D99} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {5BA370C3-34A9-4DAC-8EE1-9962A0DE9E18} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {5C26B83E-986B-4626-BDD9-F77615EC0D4A} - System32\Tasks\ASUS\ASUS Network iControl Help Execute => C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelpEntry.exe [2012-05-02] (ASUSTeK Computer Inc.)
Task: {6492A934-A224-48E9-A4D7-66553F0C1E45} - System32\Tasks\{B50D7758-3420-49B0-8664-92A5FB1F6CC9} => pcalua.exe -a C:\Users\Joerg\Downloads\IRST_V11101006_XPWin7\Install\setup.exe -d C:\Users\Joerg\Downloads\IRST_V11101006_XPWin7\Install
Task: {64CB2651-4108-408F-A02E-13600C88F694} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {65D515D0-F153-4DE1-887E-FA3FC1B06D18} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1412286257-1942420214-3619319362-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {66DC2431-A42B-43D2-904C-518845E25722} - System32\Tasks\EPSON XP-225 Series Update {001F270C-F9BB-470F-B086-11C7F0EF0C45} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSNFE.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {7A9B340A-D2F3-4EE4-8817-6A6C7ABD0905} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {7E7476F9-7924-4351-8879-DE143BE5C861} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {82CD644B-6699-4A98-8530-1DC3028DA2A5} - System32\Tasks\{0049431D-45DD-4925-B4D3-C8F7996C2C5F} => D:\Setup\Setup.exe
Task: {887D0F05-A015-462B-899F-00230E3D665E} - System32\Tasks\EPSON XP-225 Series Update {8E8C44D1-647B-4702-87C3-50BD8D890228} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSNFE.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {8CDC8717-D6E5-4E71-939C-26AD26E5716C} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1412286257-1942420214-3619319362-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {8D1A707C-742F-43D1-9B39-61D39A92946A} - System32\Tasks\ASUS\ASUS DigiPowerControl Help => C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe [2012-03-06] (ASUSTeK Computer Inc.)
Task: {987D7137-1BB0-4471-85DE-80DDD02C91C3} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {990ADD2E-3761-41EE-B369-18BB4398F8D9} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {9BAA51D7-1BB0-4978-A852-2C7ECD84B6E6} - System32\Tasks\EPSON XP-225 Series Update {D4D7AC37-2892-4C94-87B6-70E2D581C285} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSNFE.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {9D62EB8A-EE4B-4AED-A74F-2188219A43B0} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {A0F66942-84FE-4673-82C9-330DF19BF862} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\SpybotSearchDestroy2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {A54BDE5D-A31F-4891-9B21-B7070CA3E40C} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {A55FB450-1D64-42B4-8762-0C696CB4B384} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\Joerg\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {AE7FC220-2C08-4928-9F1A-A9D80A9F21ED} - System32\Tasks\ASUS\ASUS WiFi GO! Server Execute => C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFi GO! Server.exe [2012-04-19] (ASUSTeK Computer Inc.)
Task: {B6A1F721-876D-41AD-9C0B-30D2B79446FA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\SpybotSearchDestroy2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {B71C4802-D847-40F6-BEEA-AC0CDA6DA5FC} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {C183258E-D8AC-400E-9B40-61EA48128590} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C307EB96-F435-4A95-8D4D-C02C361D0E44} - System32\Tasks\ASUS\i-Setup204402 => C:\Windows\Chipset\AsusSetup.exe [2010-09-08] (ASUSTeK Computer Inc.)
Task: {C41353BE-8F62-4E96-9B38-1BF1856EB93D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-11] (Adobe Systems Incorporated)
Task: {C41DF22E-22E0-423D-BC74-FB1E2D81E455} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C5319865-C6CC-4B39-8C63-6EAA72C05F28} - System32\Tasks\{125039C6-08E7-4D3A-B032-A1C55F876595} => pcalua.exe -a C:\Users\Joerg\Downloads\Intel_USB3_V104225_Win7\Intel\SetupUSB3_Dell.exe -d C:\Users\Joerg\Downloads\Intel_USB3_V104225_Win7\Intel
Task: {CD9C0807-169B-4A49-BD91-F4F0B80165EA} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E23AFAFC-35F8-4B25-9586-ED2C1030F76D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-21] (Piriform Ltd)
Task: {E2C1F8A8-B6FD-4C06-8EF6-84D63F4BA583} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\SpybotSearchDestroy2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {EF4C2A81-37BA-424D-A992-D95965244269} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F1426AEF-C1DF-42BE-9061-5FA83A524639} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {FD23DDF3-51C0-45CC-A8B6-C52977A7CC8C} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\EPSON XP-225 Series Update {001F270C-F9BB-470F-B086-11C7F0EF0C45}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSNFE.EXE :/EXE:{001F270C-F9BB-470F-B086-11C7F0EF0C45} /F:Update  WORKGROUP\DELFINE$ ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON XP-225 Series Update {400C43AB-2E87-4983-A887-86105496B879}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSNFE.EXE :/EXE:{400C43AB-2E87-4983-A887-86105496B879} /F:Update  WORKGROUP\DELFINE$ ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON XP-225 Series Update {8E8C44D1-647B-4702-87C3-50BD8D890228}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSNFE.EXE :/EXE:{8E8C44D1-647B-4702-87C3-50BD8D890228} /F:Update  SYSTEM ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON XP-225 Series Update {D4D7AC37-2892-4C94-87B6-70E2D581C285}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSNFE.EXE :/EXE:{D4D7AC37-2892-4C94-87B6-70E2D581C285} /F:Update  WORKGROUP\DELFINE$ ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-15 18:13 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2008-10-24 15:35 - 2008-10-24 15:35 - 00128296 _____ () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2012-07-28 20:23 - 2012-07-28 20:23 - 00920736 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2015-05-11 08:12 - 2015-05-11 08:12 - 00248736 _____ () C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
2016-12-15 18:13 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-11-18 18:57 - 2016-11-18 18:57 - 01864384 _____ () C:\Users\Joerg\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2014-11-25 04:22 - 2014-11-25 04:22 - 00035328 _____ () C:\Program Files (x86)\Synology\Photo Station Uploader\ShellExtHandler.dll
2012-06-18 16:24 - 2012-06-18 16:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2016-11-18 18:31 - 2016-11-18 18:31 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 19:31 - 2016-12-21 08:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-10 19:31 - 2016-12-21 07:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 19:31 - 2016-12-21 07:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-10 19:31 - 2016-12-21 07:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 19:31 - 2016-12-21 07:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 19:31 - 2016-12-21 07:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2012-07-28 20:23 - 2017-01-21 22:03 - 00031232 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2012-07-28 20:23 - 2010-06-29 09:58 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2017-01-04 00:26 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\SpybotSearchDestroy2\snlThirdParty150.bpl
2017-01-04 00:26 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\SpybotSearchDestroy2\snlFileFormats150.bpl
2017-01-04 00:26 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\SpybotSearchDestroy2\DEC150.bpl
2017-01-04 00:26 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\SpybotSearchDestroy2\sqlite3.dll
2017-01-04 00:26 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\SpybotSearchDestroy2\av\BDSmartDB.dll
2012-07-28 20:18 - 2012-03-30 17:49 - 00557056 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\MirrorOpSender.dll
2012-07-28 20:18 - 2011-08-16 18:31 - 00229376 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\AudioProjection.dll
2012-07-28 20:18 - 2012-03-03 12:39 - 00184320 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\DLCapPP.dll
2012-07-28 20:18 - 2010-12-14 16:46 - 00067584 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\CoreAudioCap.dll
2012-07-28 20:18 - 2011-08-09 13:52 - 00425984 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\awiscale.DLL
2012-07-28 20:18 - 2012-01-18 21:39 - 00073728 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\IsSupported.dll
2012-07-28 20:18 - 2012-01-12 15:44 - 00475136 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFiGO_HookKey.dll
2012-07-28 20:18 - 2012-04-17 19:35 - 00712704 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiMoveHelp.dll
2012-07-28 20:18 - 2012-04-18 17:15 - 00659456 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\PhoneCtrlAPI.dll
2012-07-27 19:30 - 2011-12-28 18:13 - 00043520 ____N () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll
2012-07-27 19:30 - 2011-09-07 22:23 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll
2012-07-28 20:24 - 2012-05-10 15:38 - 00786432 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\func.dll
2012-07-28 20:24 - 2010-10-05 07:22 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\pngio.dll
2012-07-27 22:18 - 2012-02-01 15:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2016-11-18 18:57 - 2016-11-18 18:57 - 01383616 _____ () C:\Users\Joerg\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

Da befinden sich 7924 mehr Seiten.

IE trusted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\apemap.com -> hxxp://apemap.com
IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\123simsen.com -> www.123simsen.com

Da befinden sich 7925 mehr Seiten.

IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1002\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1002\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1002\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1002\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1002\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1002\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1002\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1002\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1002\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1002\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1002\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1002\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1002\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1002\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1002\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1002\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1002\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1002\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1002\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1002\...\123simsen.com -> www.123simsen.com

Da befinden sich 7925 mehr Seiten.

IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1007\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1007\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1007\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1007\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1007\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1007\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1007\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1007\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1007\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1007\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1007\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1007\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1007\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1007\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1007\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1007\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1007\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1007\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1007\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1412286257-1942420214-3619319362-1007\...\123simsen.com -> www.123simsen.com

Da befinden sich 7924 mehr Seiten.

IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\123simsen.com -> www.123simsen.com

Da befinden sich 7924 mehr Seiten.


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2017-01-21 15:10 - 00000938 ____N C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-1412286257-1942420214-3619319362-1002\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-1412286257-1942420214-3619319362-1007\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO 6.5 BD Edition.lnk => C:\Windows\pss\PHOTOfunSTUDIO 6.5 BD Edition.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Joerg^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Mediencenter.lnk => C:\Windows\pss\Mediencenter.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Joerg^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Persbackup.lnk => C:\Windows\pss\Persbackup.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Greenshot => C:\Program Files (x86)\Greenshot\Greenshot.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Plugin Install => C:\Program Files (x86)\QuickTime\Plugins\DeleteMe1.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
HKLM\...\StartupApproved\StartupFolder: => "phase-6 Reminder.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Philips GoGear SA4VBE Device Manager.lnk"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "EvtMgr6"
HKLM\...\StartupApproved\Run: => "XboxStat"
HKLM\...\StartupApproved\Run32: => "AXIS Camera Management Service Control"
HKLM\...\StartupApproved\Run32: => "ConnectionCenter"
HKLM\...\StartupApproved\Run32: => "Redirector"
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKLM\...\StartupApproved\Run32: => "ASUS WiFi GO! FileTransfer Execute"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "QuickTime Plugin Install"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\StartupApproved\Run: => "Xvid"
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\StartupApproved\Run: => "EPLTarget\P0000000000000002"
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\StartupApproved\Run: => "EPLTarget\P0000000000000001"
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\StartupApproved\Run: => "MyDriveConnect.exe"
HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\...\StartupApproved\Run: => "Steam"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => LPort=808
FirewallRules: [{CFEA598E-2120-49BD-96EB-F0797B9EA7C8}] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{4C965A15-EEDE-47E3-BE20-17D816B75B7D}] => C:\Program Files (x86)\Steam\SteamApps\common\Coast Guard\Coastguard_1.0.6_PC.exe
FirewallRules: [{CDB0D96B-E705-4D90-B5EF-A1D1D9C3F3C8}] => C:\Program Files (x86)\Steam\SteamApps\common\Coast Guard\Coastguard_1.0.6_PC.exe
FirewallRules: [{2858D5BA-5A6B-4521-9837-907FE731E845}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{6C0E01C2-82D4-4630-A346-D494D4BF9859}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{B8A98421-2E17-48BF-9044-D9A72C76753B}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C3B9808A-18A2-4000-AA9E-10377986AFF5}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{3BC405A3-DBD1-4A99-A6E1-25BB589F47F5}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{18FCC2DF-3675-435F-8C2F-AFC180AA8F9A}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{6BD828FC-85B2-48F2-B7AC-C1D03ABE92F7}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{B62BDB5D-59B9-49C2-A061-4660A76E4190}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{76EB755A-C217-43B9-AB97-AB3CC5E71743}] => C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{CCE6530F-DE47-4769-A10D-27A7540B991E}] => C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{D12CF48D-EBD2-46CC-8155-9AA00557844B}] => D:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{4E668EC6-B1DC-409C-BECA-8124D618E1CF}] => D:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{00B2002E-FA13-4754-A981-7DB171C676DE}] => C:\Program Files (x86)\LucasArts\Republic Heroes\Republic Heroes.exe
FirewallRules: [{C87FC343-DCCB-4E95-ABDF-5572E80780C3}] => C:\Program Files (x86)\LucasArts\Republic Heroes\Republic Heroes.exe
FirewallRules: [UDP Query User{0FDA4A02-B43E-408F-8E26-AF9624B0F30C}E:\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => E:\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{2ABA1A74-557F-4E81-9D5B-1B1401564B2A}E:\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => E:\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{6C4922AE-E233-419B-8DBC-4B815F3876A3}] => C:\program files\axis communications\axis camera companion\cameracompanion.exe
FirewallRules: [{93C98DA4-0F4C-4BD2-B7D0-6602A4343BA2}] => C:\program files\axis communications\axis camera companion\cameracompanion.exe
FirewallRules: [UDP Query User{4D5F1667-5107-42B2-BB47-7504A4EEA166}C:\program files\axis communications\axis camera companion\cameracompanion.exe] => C:\program files\axis communications\axis camera companion\cameracompanion.exe
FirewallRules: [TCP Query User{B0D1AADC-A38C-4367-812B-4FA7F451D03E}C:\program files\axis communications\axis camera companion\cameracompanion.exe] => C:\program files\axis communications\axis camera companion\cameracompanion.exe
FirewallRules: [{BBA8BB8A-8C56-4186-9A17-F58B679B9330}] => LPort=55762
FirewallRules: [{128173FE-022E-49B3-9230-2BFE75578837}] => LPort=55762
FirewallRules: [{19740856-4ABF-4673-8D95-B8CE1E14596E}] => C:\Program Files\Axis Communications\AXIS Camera Management 4\AcmService.exe
FirewallRules: [{694695CC-2D3C-44C4-A20E-857210FD5B05}] => C:\Program Files\Axis Communications\AXIS Camera Management 4\AcmService.exe
FirewallRules: [{F78A78E0-6842-4FD1-846E-1055ACEDEC28}] => C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFi GO! Server.exe
FirewallRules: [{1D3E53FC-FEB1-4D76-9B5F-CAF7D29BDD58}] => C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFi GO! Server.exe
FirewallRules: [{4A85EC4E-CA2A-477B-8209-123E1A2CC477}] => C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
FirewallRules: [{9B8F944B-779C-4D7C-B60C-E4430C7B1B2E}] => C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
FirewallRules: [{AC68BF19-DDD2-4BD0-B8AF-3D5707C8AAEB}] => C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{ADA90A78-3D5E-48AF-9773-270DF8CFEA51}] => C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{02D5DF53-C1B5-4179-9EE3-27F6898D6A5E}C:\program files (x86)\mozilla firefox\plugin-container.exe] => C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{4EF02AFA-1136-41A6-BB32-936CCCB422B5}C:\program files (x86)\mozilla firefox\plugin-container.exe] => C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{31B3ED73-72C6-46DC-83B1-8F0B0CB048EB}] => LPort=55762
FirewallRules: [{D2DC905A-8E48-495B-AC17-4137F8F6261A}] => C:\Program Files\Axis Communications\AXIS Camera Management 4\AcmService.exe
FirewallRules: [{F3E053F5-4F0D-4034-976F-8B8C5853734C}] => C:\program files\axis\iputility_4_03\iputility.exe
FirewallRules: [{798B26A8-9282-4DBD-88FC-B040746D94C9}] => C:\program files\axis\iputility_4_03\iputility.exe
FirewallRules: [UDP Query User{6E780017-A414-4393-9EB7-13B2FA88FC63}C:\program files\axis\iputility_4_03\iputility.exe] => C:\program files\axis\iputility_4_03\iputility.exe
FirewallRules: [TCP Query User{82D02BC4-776E-4E18-8177-14D2745B15D1}C:\program files\axis\iputility_4_03\iputility.exe] => C:\program files\axis\iputility_4_03\iputility.exe
FirewallRules: [UDP Query User{5BBB9608-DEB7-435C-9370-DBC64EF5650F}C:\program files (x86)\synology\photo station uploader\mediauploader.exe] => C:\program files (x86)\synology\photo station uploader\mediauploader.exe
FirewallRules: [TCP Query User{C7859D18-786F-4F43-A999-E718E3BC0598}C:\program files (x86)\synology\photo station uploader\mediauploader.exe] => C:\program files (x86)\synology\photo station uploader\mediauploader.exe
FirewallRules: [{81942376-FD3B-4197-A5A3-89CB0984D46C}] => C:\Program Files\GRAPHISOFT\ArchiCAD 16\GSQuickTimeServer\GSQTServer.exe
FirewallRules: [{9B131A22-6841-44D8-89CE-39BA585B3BE3}] => C:\Program Files\GRAPHISOFT\ArchiCAD 16\GSQuickTimeServer\GSQTServer.exe
FirewallRules: [{23C8C8A9-FC95-4C51-8F3C-E3CDB09152D9}] => C:\Program Files\GRAPHISOFT\ArchiCAD 16\ArchiCAD.exe
FirewallRules: [{1B92B901-0E0B-4D9A-A645-E4ECE9540FC7}] => C:\Program Files\GRAPHISOFT\ArchiCAD 16\ArchiCAD.exe
FirewallRules: [UDP Query User{2B527D4A-0979-457F-B058-075015E17305}C:\program files (x86)\synology\assistant\dsassistant.exe] => C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [TCP Query User{105EAD33-28FC-4C63-B822-AB44F05655DE}C:\program files (x86)\synology\assistant\dsassistant.exe] => C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [{75ED169F-8DB5-4722-AE89-62FBBE854CFC}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1D998D3D-8223-4636-8E86-93BB795A5251}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{58C69C3A-61EA-4304-B4AE-22645655BCFC}C:\program files (x86)\libreoffice 4\program\soffice.bin] => C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [TCP Query User{865866B1-1E9C-4956-8759-D34CFC12010C}C:\program files (x86)\libreoffice 4\program\soffice.bin] => C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [{9D3AAA88-B102-4C34-933E-DB87929112D2}] => C:\Program Files (x86)\Landwirtschafts Simulator 2013\x86\FarmingSimulator2013Game.exe
FirewallRules: [{929A6AAF-167E-43A7-A3EC-32CBABCBB555}] => C:\Program Files (x86)\Landwirtschafts Simulator 2013\x86\FarmingSimulator2013Game.exe
FirewallRules: [{7DFC10B0-0681-458B-A43D-EC50AF205D70}] => C:\Program Files (x86)\Landwirtschafts Simulator 2013\x64\FarmingSimulator2013Game.exe
FirewallRules: [{C6C41DC4-E8DF-4325-BE97-2E0A13C61E8B}] => C:\Program Files (x86)\Landwirtschafts Simulator 2013\x64\FarmingSimulator2013Game.exe
FirewallRules: [UDP Query User{9863F51A-9F33-4EED-947B-48DD508D4AE0}C:\program files (x86)\axis ip utility\iputility.exe] => C:\program files (x86)\axis ip utility\iputility.exe
FirewallRules: [TCP Query User{1B25536D-2C58-4612-9D5B-DB592E4A2180}C:\program files (x86)\axis ip utility\iputility.exe] => C:\program files (x86)\axis ip utility\iputility.exe
FirewallRules: [{26662F94-2CB6-4FC1-988F-6C1E507975F9}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [UDP Query User{58C41409-AD2A-4345-949A-ADFA74409CDE}C:\program files (x86)\libreoffice 4\program\soffice.bin] => C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [TCP Query User{B3C179A6-A120-4F10-AF01-6CD611E51EE1}C:\program files (x86)\libreoffice 4\program\soffice.bin] => C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [{88ECABB1-1106-4C1E-9FAF-C87FFD18161C}] => C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{52FBE9EE-8381-4817-A952-EDBB6F370CB6}] => C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{4502015C-A434-41EE-95D7-A2D838B57A90}] => C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [UDP Query User{DEEED9A7-9523-49B8-9244-507870026302}C:\program files (x86)\sonos\sonos.exe] => C:\program files (x86)\sonos\sonos.exe
FirewallRules: [TCP Query User{09E65D64-70E4-41AA-952F-986512849EE9}C:\program files (x86)\sonos\sonos.exe] => C:\program files (x86)\sonos\sonos.exe
FirewallRules: [{85A002EC-2129-446E-9994-A0648882749F}] => C:\Program Files (x86)\Landwirtschafts Simulator 2013\FarmingSimulator2013Game.exe
FirewallRules: [{1F925845-E9BC-4367-8DB7-A17DF3158B6E}] => C:\Program Files (x86)\Landwirtschafts Simulator 2013\FarmingSimulator2013Game.exe
FirewallRules: [{95E3DF19-75C5-4910-8600-E54DB2BA14B2}] => C:\Program Files (x86)\Landwirtschafts Simulator 2013\FarmingSimulator2013.exe
FirewallRules: [{CF5845A4-DA21-4D17-A082-7784FF2BAC3F}] => C:\Program Files (x86)\Landwirtschafts Simulator 2013\FarmingSimulator2013.exe
FirewallRules: [UDP Query User{5792E9B3-FFB7-4B7F-A380-AF689C88A395}C:\program files (x86)\sonos\sonos.exe] => C:\program files (x86)\sonos\sonos.exe
FirewallRules: [TCP Query User{7A221A22-8A8D-4140-9606-39CC99A01605}C:\program files (x86)\sonos\sonos.exe] => C:\program files (x86)\sonos\sonos.exe
FirewallRules: [{A26F450C-21E8-4DF8-8B62-70CB5E7E4567}] => LPort=1900
FirewallRules: [{34CC79E2-F383-4D87-8818-547E8D7F0200}] => LPort=2869
FirewallRules: [{D2DE30F6-F42D-42E8-B0D2-219826D24BB4}] => LPort=1900
FirewallRules: [{2CF937F4-5179-463C-AAEE-1F112CC58FF4}] => LPort=2869
FirewallRules: [{3E60C3E3-7427-4A42-A9A8-AF7054B81E72}] => C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFi GO! Server.exe
FirewallRules: [{1F0D96FB-7BEB-4845-9196-91D7E06FE233}] => C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFi GO! Server.exe
FirewallRules: [{1CDE3F3E-E8DA-4ED0-8D19-D71C70B58D15}] => C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
FirewallRules: [{5CCCE6DC-E887-4C7F-B150-29019F842CDF}] => C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
FirewallRules: [{F91DF143-BBF6-4B90-B3A4-7FEA128BD50E}] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{E7FF8417-CAFF-4360-8B34-DA3705F1E73A}] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [TCP Query User{3CA283B0-2D1B-413D-B14C-2580B98122D6}C:\program files (x86)\lucasarts\republic heroes\republic heroes.exe] => C:\program files (x86)\lucasarts\republic heroes\republic heroes.exe
FirewallRules: [UDP Query User{D3AC3942-8448-4305-97FE-331E2A7BC1C4}C:\program files (x86)\lucasarts\republic heroes\republic heroes.exe] => C:\program files (x86)\lucasarts\republic heroes\republic heroes.exe
FirewallRules: [{05D4D977-A8CC-4B50-9A90-756CF1B3AB2B}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{21F58B97-C510-47B5-BD53-239CE0F71F4B}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{4283E0B8-392A-4FB4-B295-106215253441}C:\program files\calibre2\calibre.exe] => C:\program files\calibre2\calibre.exe
FirewallRules: [UDP Query User{BF3696CE-3FA7-49E5-833A-4D86A657822D}C:\program files\calibre2\calibre.exe] => C:\program files\calibre2\calibre.exe
FirewallRules: [{FF63FAD8-D474-44A4-AA51-F58A42C00306}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{DCC98276-F24F-448D-9EC9-620155D7A640}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{557627F4-27F5-49D6-9119-312F7D3128BE}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{64738188-1200-4C95-99BD-2C40DCB9EF65}] => C:\Program Files (x86)\Steam\SteamApps\common\Samorost 3\Samorost3.exe
FirewallRules: [{AF2E70D4-7865-4CBA-BD8B-7AD73130B938}] => C:\Program Files (x86)\Steam\SteamApps\common\Samorost 3\Samorost3.exe
FirewallRules: [{B32E2895-40E5-48D9-9186-86446853A75F}] => C:\Program Files (x86)\Steam\SteamApps\common\Samorost 2\Samorost2.exe
FirewallRules: [{3B668DD2-CADE-4143-A9CA-3AF1CDFE4C19}] => C:\Program Files (x86)\Steam\SteamApps\common\Samorost 2\Samorost2.exe
FirewallRules: [{ECE267E4-302C-42FB-B7E1-8AE558BA20BF}] => C:\Program Files (x86)\Steam\SteamApps\common\Machinarium\machinarium.exe
FirewallRules: [{0B884826-CB58-484E-AF4E-313A7A6CD39E}] => C:\Program Files (x86)\Steam\SteamApps\common\Machinarium\machinarium.exe
FirewallRules: [{4816642A-ADD8-4A47-A5CC-2A3122BB21CE}] => C:\Program Files (x86)\Steam\SteamApps\common\Botanicula\Botanicula.exe
FirewallRules: [{695EE251-1EB8-40B9-8AEB-88C571A80838}] => C:\Program Files (x86)\Steam\SteamApps\common\Botanicula\Botanicula.exe
FirewallRules: [{AEB41CB8-6BAB-4D98-883D-F9767B833EB5}] => C:\Program Files (x86)\Java\jre1.8.0_101\bin\java.exe
FirewallRules: [{5BFE816A-70B4-4D79-A040-59B116D149C8}] => C:\Program Files (x86)\Java\jre1.8.0_101\bin\java.exe
FirewallRules: [{57CD24E7-7BC5-48A0-9C88-57C46915E449}] => C:\Program Files (x86)\Java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [{830A058F-2F77-4DB3-9E7D-05F42BF255A0}] => C:\Program Files (x86)\Java\jre1.8.0_101\bin\javaw.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot-S&D 2 Tray Icon
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\SpybotSearchDestroy2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\SpybotSearchDestroy2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\SpybotSearchDestroy2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\SpybotSearchDestroy2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Wiederherstellungspunkte =========================

19-01-2017 21:16:22 Geplanter Prüfpunkt
21-01-2017 15:14:41 JRT Pre-Junkware Removal

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (01/22/2017 12:28:08 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.

Error: (01/22/2017 12:27:49 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.

Error: (01/22/2017 12:27:09 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "c:\program files (x86)\eset\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.

Error: (01/21/2017 10:11:58 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.

Error: (01/21/2017 10:11:34 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.

Error: (01/21/2017 10:10:52 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Joerg\Desktop\esetsmartinstaller_deu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.

Error: (01/21/2017 10:10:49 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "c:\users\joerg\desktop\esetsmartinstaller_deu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.

Error: (01/21/2017 10:10:19 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Joerg\Desktop\esetsmartinstaller_deu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.

Error: (01/21/2017 10:10:18 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Joerg\Desktop\esetsmartinstaller_deu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.

Error: (01/21/2017 10:09:13 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Joerg\Desktop\esetsmartinstaller_deu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.


Systemfehler:
=============
Error: (01/21/2017 11:39:51 PM) (Source: DCOM) (EventID: 10010) (User: DELFINE)
Description: Der Server "{37998346-3765-45B1-8C66-AA88CA6B20B8}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (01/21/2017 11:37:51 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Plattformdienst für verbundene Geräte" wurde mit folgendem Fehler beendet: 
Unbekannter Fehler

Error: (01/21/2017 11:37:51 PM) (Source: DCOM) (EventID: 10010) (User: DELFINE)
Description: Der Server "{37998346-3765-45B1-8C66-AA88CA6B20B8}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (01/21/2017 11:35:51 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Plattformdienst für verbundene Geräte" wurde mit folgendem Fehler beendet: 
Unbekannter Fehler

Error: (01/21/2017 10:18:49 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 und der APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (01/21/2017 10:15:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (01/21/2017 10:15:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (01/21/2017 10:15:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (01/21/2017 10:14:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (01/21/2017 10:14:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.


CodeIntegrity:
===================================
  Date: 2017-01-15 19:41:51.878
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-15 19:41:51.850
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-15 19:41:51.820
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-15 19:41:51.793
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-15 19:41:51.765
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-15 19:41:51.738
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-15 19:41:51.703
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-15 19:41:51.647
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-15 19:41:51.605
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-15 19:41:51.560
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Prozentuale Nutzung des RAM: 19%
Installierter physikalischer RAM: 16067.15 MB
Verfügbarer physikalischer RAM: 12928.17 MB
Summe virtueller Speicher: 32451.15 MB
Verfügbarer virtueller Speicher: 28744.64 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:214.14 GB) (Free:82.73 GB) NTFS
Drive e: () (Removable) (Total:59.61 GB) (Free:46.66 GB) FAT32
Drive x: (Volume) (Fixed) (Total:931.39 GB) (Free:418.82 GB) NTFS
Drive y: (Volume) (Fixed) (Total:931.39 GB) (Free:280.24 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 85B79A05)

Partition: GPT.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 85B79A0A)

Partition: GPT.

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 2106B09D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=214.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 8 (Size: 59.6 GB) (Disk ID: 00000000)

Partition: GPT.

==================== Ende von Addition.txt ============================
         

Alt 23.01.2017, 15:22   #8
M-K-D-B
/// TB-Ausbilder
 
Windows10: Trojanerfunde TR/Crypt.ZPACK.opknz + TR/Crypt.ZPACK.gezb + TR/Crypt.Xpack.400358 + TR/Dropper.A.40051 + TR/Dropper.A.40034 - Standard

Windows10: Trojanerfunde TR/Crypt.ZPACK.opknz + TR/Crypt.ZPACK.gezb + TR/Crypt.Xpack.400358 + TR/Dropper.A.40051 + TR/Dropper.A.40034



Servus,


am Besten wäre es, wenn du alle Backups unter
Y:\DELFINE\
selbst (per Hand) löscht und neue anlegst.







Reste entfernen
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
CloseProcesses:
DeleteKey: HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
DeleteKey: HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Unlock: HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\SOFTWARE\Microsoft\Internet Explorer\Approved Extensions
CMD: reg delete "HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\SOFTWARE\Microsoft\Internet Explorer\Approved Extensions" /v {4D2D3B0F-69BE-477A-90F5-FDDB05357975} /f
Reboot:
end
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Die Fixlog von FRST gleich posten, da diese sonst mit DelFix (siehe weiter unten) automatisch entfernt wird!









Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.





Cleanup:
Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.
Hinweis:
DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner anschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.





Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:
[/url] Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.




Sofern du noch unentschieden bist, verwende ein einziges der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:

   
 

Microsoft Security Essentials (MSE) / Windows Defender (WD) ist ab Windows 8 fest eingebaut, wenn du also Windows 8, 8.1 oder 10 und dich für MSE/WD entschieden hast, brauchst du nicht extra MSE/WD zu installieren. Bei Windows 7 muss es aber manuell installiert oder über die Windows Updates als optionales Update bezogen werden. Selbstverständlich ist ein legales/aktiviertes Windows Voraussetzung dafür.




Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.




Optional:
Adblock Plus Kann Banner, Pop-ups, Videowerbung, Tracking und Malware-Seiten blockieren.
NoScript Verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.

Lade Software von einem sauberen Portal wie .
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .




Abschließend noch ein paar grundsätzliche Bemerkungen:
  • Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
  • Lade keine Software von Chip, Softonic oder SourceForge. Die dort angebotene Software wird häufig mit einem sog. "Installer" verteilt, mit dem man sich nur unerwünschte Software oder Adware installiert.
  • Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Selbst Microsoft unterstützt sog. Registry-Cleaner nicht. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.




Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.
__________________
Gruß
M-K-D-B


==========================================================
offline vom 22.12.2018 bis 01.01.2019
==========================================================

Das Trojaner-Board unterstützen

Alt 23.01.2017, 19:39   #9
laocoon
 
Windows10: Trojanerfunde TR/Crypt.ZPACK.opknz + TR/Crypt.ZPACK.gezb + TR/Crypt.Xpack.400358 + TR/Dropper.A.40051 + TR/Dropper.A.40034 - Standard

Windows10: Trojanerfunde TR/Crypt.ZPACK.opknz + TR/Crypt.ZPACK.gezb + TR/Crypt.Xpack.400358 + TR/Dropper.A.40051 + TR/Dropper.A.40034



Hallo Matthias,

anbei die Fixlog.txt (ich gebe nachher noch Rückinfo):

Code:
ATTFilter
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 22-01-2017
durchgeführt von Joerg (23-01-2017 19:33:07) Run:2
Gestartet von C:\Users\Joerg\Desktop
Geladene Profile: Joerg & Mcx1-DELFINE & Leo & DefaultAppPool (Verfügbare Profile: Joerg & Mcx1-DELFINE & Leo & DefaultAppPool)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
start
CloseProcesses:
DeleteKey: HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
DeleteKey: HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Unlock: HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\SOFTWARE\Microsoft\Internet Explorer\Approved Extensions
CMD: reg delete "HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\SOFTWARE\Microsoft\Internet Explorer\Approved Extensions" /v {4D2D3B0F-69BE-477A-90F5-FDDB05357975} /f
Reboot:
end
         
*****************

Prozesse erfolgreich geschlossen.
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C} => Schlüssel erfolgreich entfernt
"HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\SOFTWARE\Microsoft\Internet Explorer\Approved Extensions" => Schlüssel wurde entsperrt

========= reg delete "HKU\S-1-5-21-1412286257-1942420214-3619319362-1000\SOFTWARE\Microsoft\Internet Explorer\Approved Extensions" /v {4D2D3B0F-69BE-477A-90F5-FDDB05357975} /f =========

Der Vorgang wurde erfolgreich beendet.


========= Ende von CMD: =========



Das System musste neu gestartet werden.

==== Ende von Fixlog 19:33:08 ====
         

Alt 23.01.2017, 20:49   #10
M-K-D-B
/// TB-Ausbilder
 
Windows10: Trojanerfunde TR/Crypt.ZPACK.opknz + TR/Crypt.ZPACK.gezb + TR/Crypt.Xpack.400358 + TR/Dropper.A.40051 + TR/Dropper.A.40034 - Standard

Windows10: Trojanerfunde TR/Crypt.ZPACK.opknz + TR/Crypt.ZPACK.gezb + TR/Crypt.Xpack.400358 + TR/Dropper.A.40051 + TR/Dropper.A.40034



ok, ich warte auf die Rückinfo.
__________________
Gruß
M-K-D-B


==========================================================
offline vom 22.12.2018 bis 01.01.2019
==========================================================

Das Trojaner-Board unterstützen

Alt 26.01.2017, 16:24   #11
M-K-D-B
/// TB-Ausbilder
 
Windows10: Trojanerfunde TR/Crypt.ZPACK.opknz + TR/Crypt.ZPACK.gezb + TR/Crypt.Xpack.400358 + TR/Dropper.A.40051 + TR/Dropper.A.40034 - Standard

Windows10: Trojanerfunde TR/Crypt.ZPACK.opknz + TR/Crypt.ZPACK.gezb + TR/Crypt.Xpack.400358 + TR/Dropper.A.40051 + TR/Dropper.A.40034



Ich bin froh, dass wir helfen konnten

In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest:
Lob, Kritik und Wünsche
Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank!

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.
__________________
Gruß
M-K-D-B


==========================================================
offline vom 22.12.2018 bis 01.01.2019
==========================================================

Das Trojaner-Board unterstützen

Antwort

Themen zu Windows10: Trojanerfunde TR/Crypt.ZPACK.opknz + TR/Crypt.ZPACK.gezb + TR/Crypt.Xpack.400358 + TR/Dropper.A.40051 + TR/Dropper.A.40034
administrator, antivirus, avira, beseitigung, computer, defender, ebay, entfernen, explorer, failed, firefox, flash player, frage, helper, home, homepage, mozilla, prozesse, registry, safer networking, scan, services.exe, software, symantec, system, trojaner, windows, windows 10



Ähnliche Themen: Windows10: Trojanerfunde TR/Crypt.ZPACK.opknz + TR/Crypt.ZPACK.gezb + TR/Crypt.Xpack.400358 + TR/Dropper.A.40051 + TR/Dropper.A.40034


  1. Variante von Win32/GenKryptik.QBJ, .QAZ, TR/Crypt.Xpack.izblr, TR/Crypt.ZPACK.rekjz und andere :(
    Log-Analyse und Auswertung - 05.01.2017 (2)
  2. weiterer PC - TR/Crypt.ZPACK.opknz
    Log-Analyse und Auswertung - 02.10.2016 (9)
  3. TR/Crypt.ZPAck.opknz
    Log-Analyse und Auswertung - 24.09.2016 (39)
  4. TR/Crypt.ZPACK.*, TR.Crypt.XPACK.*, nicht gefundene AdWare
    Log-Analyse und Auswertung - 12.11.2015 (10)
  5. avira findet : tr/crypt.zpack.36522 ,tr/crypt.xpack.gen ,adware/installcore.gen
    Plagegeister aller Art und deren Bekämpfung - 06.01.2014 (4)
  6. AntiVir hat folgede Viren gefunden: TR/Crypt.ZPACK.Gen2' & 'TR/Crypt.XPACK.Gen5' [trojan
    Plagegeister aller Art und deren Bekämpfung - 26.09.2012 (33)
  7. TR/Crypt.XPACK.Gen5, TR/Crypt.ZPACK.Gen2, TR/Fake.Rean.3394, TR/PSW.Fareit.A.64
    Plagegeister aller Art und deren Bekämpfung - 19.12.2011 (30)
  8. TR/Crypt.XPACK.Gen und TR/Crypt.ZPACK.Gen2 gefunden PC extrem langsam
    Log-Analyse und Auswertung - 19.10.2011 (8)
  9. TR/Crypt.ZPACK.Gen Trojaner TR/Dropper.Gen gefunden - was tun?
    Plagegeister aller Art und deren Bekämpfung - 18.03.2011 (14)
  10. Kurze Fragen zu TR/Crypt.XPACK.Gen + TR/Crypt.ZPACK.Gen + Avira Scan
    Plagegeister aller Art und deren Bekämpfung - 02.12.2010 (3)
  11. W32/Induc.A, TR/Dropper.Gen, TR/Crypt.ZPACK.Gen, TR/Crypt.XPACK.Gen3 gefunden - wie entfernen
    Plagegeister aller Art und deren Bekämpfung - 01.12.2010 (5)
  12. TR/dldr.swizzor.gen2, TR/crypt.xpack.gen, TR/crypt.zpack.gen unter Windows XP
    Plagegeister aller Art und deren Bekämpfung - 16.06.2010 (15)
  13. TR/Dropper.Gen - TR/Crypt.ZPACK.Gen
    Plagegeister aller Art und deren Bekämpfung - 26.02.2010 (3)
  14. Security Tool - TR/Dropper.Gen - TR/Crypt.ZPACK.Gen
    Plagegeister aller Art und deren Bekämpfung - 02.02.2010 (14)
  15. 3 Trojaner: TR/FraudPack.240128 TR/Crypt.XPACK.Gen TR/Crypt.ZPACK.Gen
    Plagegeister aller Art und deren Bekämpfung - 10.01.2010 (1)
  16. Computer infiziert: Crypt.ZPACK.Gen, Vundo.Gen (3mal), Crypt.ZPACK.Gen, Alureon.CZ
    Log-Analyse und Auswertung - 25.12.2009 (11)
  17. Bitte um Hilfe bei:TR/Dropper.Gen + TR/Crypt.ZPACK.Gen
    Plagegeister aller Art und deren Bekämpfung - 30.03.2009 (30)

Zum Thema Windows10: Trojanerfunde TR/Crypt.ZPACK.opknz + TR/Crypt.ZPACK.gezb + TR/Crypt.Xpack.400358 + TR/Dropper.A.40051 + TR/Dropper.A.40034 - Hallo liebes Forum, Avira Free Antivirus (Produktversion 15.0.24.146, 06.12.2016) hat -soweit ich das überblicke- diese 5 Trojaner gemeldet: TR/Crypt.ZPACK.opknz TR/Crypt.ZPACK.gezb TR/Crypt.Xpack.400358 TR/Dropper.A.40051 TR/Dropper.A.40034 Lt. Avira-Logfile befinden sich diese wohl innerhalb - Windows10: Trojanerfunde TR/Crypt.ZPACK.opknz + TR/Crypt.ZPACK.gezb + TR/Crypt.Xpack.400358 + TR/Dropper.A.40051 + TR/Dropper.A.40034...
Archiv
Du betrachtest: Windows10: Trojanerfunde TR/Crypt.ZPACK.opknz + TR/Crypt.ZPACK.gezb + TR/Crypt.Xpack.400358 + TR/Dropper.A.40051 + TR/Dropper.A.40034 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.