Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojaner Verdacht, Win10 64bit

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 11.09.2017, 19:51   #16
M-K-D-B
/// TB-Ausbilder
 
Trojaner Verdacht, Win10 64bit - Standard

Trojaner Verdacht, Win10 64bit



Servus,



wir entfernen noch ein bisschen was und kontrollieren nochmal alles.



Hinweis: Der Suchlauf mit ESET kann länger dauern.





Schritt 1
  • Kopiere den Inhalt der folgenden Code-Box:
    Code:
    ATTFilter
    Start::
    CloseProcesses:
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Applian Technologies
    C:\Program Files (x86)\Applian Technologies
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.3g2
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.3ga
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.3gp
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.3gp2
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.3gpp
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.669
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.a52
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.aac
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.ac3
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.adt
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.adts
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.aif
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.aifc
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.aiff
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.amr
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.amv
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.aob
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.ape
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.asf
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.asx
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.au
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.avi
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.b4s
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.bin
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.caf
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.cda
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.cue
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.divx
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.drc
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.dts
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.dv
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.f4v
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.flac
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.flv
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.gvi
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.gxf
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.ifo
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.it
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.m1v
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.m2t
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.m2ts
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.m2v
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.m3u
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.m3u8
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.m4a
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.m4p
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.m4v
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mid
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mka
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mkv
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mlp
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mod
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mov
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mp1
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mp2
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mp2v
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mp3
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mp4
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mp4v
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mpa
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mpc
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mpe
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mpeg
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mpeg1
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mpeg2
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mpeg4
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mpg
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mpga
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mpv2
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mts
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mtv
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mxf
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.nsv
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.nuv
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.oga
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.ogg
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.ogm
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.ogv
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.ogx
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.oma
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.opus
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.pls
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.qcp
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.ra
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.ram
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.rec
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.rm
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.rmi
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.rmvb
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.s3m
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.sdp
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.snd
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.spx
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.tod
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.ts
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.tta
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.tts
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.vlc
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.vob
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.voc
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.vqf
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.vro
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.w64
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.wav
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.webm
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.wma
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.wmv
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.wv
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.wvx
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.xa
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.xesc
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.xm
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.xspf
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\amp.exe
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioCD\shell\PlayWithApplianMP
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DVD\shell\PlayWithApplianMP
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Media\ApplianMP
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ApplianMPPlayCDAudioOnArrival
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ApplianMPPlayDVDAudioOnArrival
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ApplianMPPlayDVDMovieOnArrival
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ApplianMPPlayMusicFilesOnArrival
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ApplianMPPlaySVCDMovieOnArrival
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ApplianMPPlayVCDMovieOnArrival
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ApplianMPPlayVideoFilesOnArrival
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Applian Technologies
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Clients\Media\ApplianMP
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ApplianMPPlayCDAudioOnArrival
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ApplianMPPlayDVDAudioOnArrival
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ApplianMPPlayDVDMovieOnArrival
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ApplianMPPlayMusicFilesOnArrival
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ApplianMPPlaySVCDMovieOnArrival
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ApplianMPPlayVCDMovieOnArrival
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ApplianMPPlayVideoFilesOnArrival
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\RegisteredApplications|FLV and Media Player
    CustomCLSID: HKU\S-1-5-21-4288807228-2172792055-1580508024-1002_Classes\CLSID\{784D0A2D-A305-4E18-3208-A1915D75B970}\InprocServer32 -> kein Dateipfad
    CustomCLSID: HKU\S-1-5-21-4288807228-2172792055-1580508024-1003_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-6F9128BD414A}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => Keine Datei
    CustomCLSID: HKU\S-1-5-21-4288807228-2172792055-1580508024-1003_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Gena_2\AppData\Local\Microsoft\OneDrive\17.3.6943.0625\amd64\FileSyncShell64.dll => Keine Datei
    CustomCLSID: HKU\S-1-5-21-4288807228-2172792055-1580508024-1003_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Gena_2\AppData\Local\Microsoft\OneDrive\17.3.6943.0625\amd64\FileSyncShell64.dll => Keine Datei
    CustomCLSID: HKU\S-1-5-21-4288807228-2172792055-1580508024-1003_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Gena_2\AppData\Local\Microsoft\OneDrive\17.3.6943.0625\amd64\FileSyncShell64.dll => Keine Datei
    EmptyTemp:
    End::
             
  • Starte nun FRST und klicke den Entfernen Button.
  • Das Tool führt die gewünschten Schritte aus und erstellt eine fixlog.txt im selben Verzeichnis, in dem sich die FRST/FRST64.exe befindet.
  • Gegebenenfalls muss dein Rechner dafür neu gestartet werden.
  • Poste mir den Inhalt der fixlog.txt mit deiner nächsten Antwort.





Schritt 2
Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
  • Starte die HitmanPro.exe
  • Klicke auf
  • Entferne den Haken bei
  • Klicke auf
    und
  • Akzeptiere die Lizenzbedingungen und klicke auf
  • Klicke auf

    und auf
  • Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
    und speichere die Logdatei auf Deinem Desktop.
  • Schließe HitmanPro und poste mir das Log.

 







Schritt 3
Downloade Dir bitte ESET Online Scanner (Bebilderte Anleitung)
  • Starte die Installationsdatei.
  • Akzeptiere die Nutzungsbedingungen.
  • Wähle Erkennung evtl. unerwünschter Anwendungen aktivieren aus und klicke auf Scannen.
  • Zuerst werden die notwendigen Signaturen heruntergeladen, anschließend startet ESET automatisch den Suchlauf.
  • Am Ende des Suchlaufs werden gegebenenfalls die gefundenen Elemente aufgelistet.
  • Wähle In Textdatei speichern... aus und speichere die Datei als eset.txt auf deinem Desktop ab.
  • Füge den Inhalt der eset.txt mit deiner nächsten Antwort hinzu.
  • Sollte ESET nichts finden, so kann auch keine Logdatei erstellt werden. Teile uns das dann unbedingt mit.
  • Schließe den ESET Online Scanner rechts oben [ X ] und klicke anschließend auf Schließen.





Schritt 4
  • Starte die FRST.exe erneut. Vergewissere dich, dass vor Addition.txt ein Haken gesetzt ist und drücke auf Untersuchen.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.







Gibt es jetzt noch Probleme mit dem PC? Öffnen sich immer noch Ordner oder Fenster? Wenn ja, welche?







Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die Logdatei von HitmanPro,
  • die Logdatei von ESET,
  • die beiden neuen Logdateien von FRST,
  • die Beantwortung der gestellten Fragen.

Alt 11.09.2017, 20:33   #17
Gewin
 
Trojaner Verdacht, Win10 64bit - Standard

Trojaner Verdacht, Win10 64bit



Servus,

Ordner und Fenster öffnen sich, anbei noch screenshot

Code:
ATTFilter
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 11-09-2017
durchgeführt von *************** (11-09-2017 21:17:07) Run:2
Gestartet von C:\Users\Gena_2\Downloads
Geladene Profile: *************** & Gena_2 (Verfügbare Profile: *************** & Gena_2 & Lilia & Gast & DefaultAppPool)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************

CloseProcesses:
HKLM-x32\...\Run: [] => [X]
Task: {01267627-A5D2-44DE-B56B-A85703097784} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {1395D612-2190-44B0-A672-C8420DF26B86} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {26022CA4-A54C-4B08-8BCB-416A4A669B2F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {52AA9BF9-EC9D-4F59-BF25-8F9F64E91635} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {73F37D5B-1887-430D-8AF3-4A8C48517A73} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {835D682E-AF26-4F49-A80B-1F370544DDA3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {88FEE2BE-9F38-4350-8652-A605E311C0E7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {90983A60-D055-4DEB-A400-D7A6127FE537} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {9DC13746-7A1F-4F11-8EE1-6A96FCDEB4E8} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {AB54D929-72E4-4012-B905-9F022AAC3B22} - \Lenovo\Lenovo Service Bridge\S-1-5-21-4288807228-2172792055-1580508024-1002 -> Keine Datei <==== ACHTUNG
Task: {EE06876A-F8FF-493F-9DBD-3B2C43B72CF0} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {F2F9BE46-A019-4347-A469-CECFC7E691EC} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> Keine Datei <==== ACHTUNG
Task: {F64242DF-4744-4098-BF1E-6CD406336300} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:

*****************

Prozesse erfolgreich geschlossen.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Wert nicht gefunden.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01267627-A5D2-44DE-B56B-A85703097784} => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1395D612-2190-44B0-A672-C8420DF26B86} => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{26022CA4-A54C-4B08-8BCB-416A4A669B2F} => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{52AA9BF9-EC9D-4F59-BF25-8F9F64E91635} => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73F37D5B-1887-430D-8AF3-4A8C48517A73} => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{835D682E-AF26-4F49-A80B-1F370544DDA3} => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88FEE2BE-9F38-4350-8652-A605E311C0E7} => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90983A60-D055-4DEB-A400-D7A6127FE537} => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9DC13746-7A1F-4F11-8EE1-6A96FCDEB4E8} => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB54D929-72E4-4012-B905-9F022AAC3B22} => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Lenovo Service Bridge\S-1-5-21-4288807228-2172792055-1580508024-1002 => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE06876A-F8FF-493F-9DBD-3B2C43B72CF0} => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F2F9BE46-A019-4347-A469-CECFC7E691EC} => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F64242DF-4744-4098-BF1E-6CD406336300} => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => Schlüssel nicht gefunden. 

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
HKU\S-1-5-21-4288807228-2172792055-1580508024-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-4288807228-2172792055-1580508024-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt


========= Ende von RemoveProxy: =========


========= ipconfig /flushdns =========


Windows-IP-Konfiguration

Der DNS-Auflosungscache wurde geleert.

========= Ende von CMD: =========


========= netsh winsock reset =========


Der Winsock-Katalog wurde zuruckgesetzt.
Sie mussen den Computer neu starten, um den Vorgang abzuschlie?en.


========= Ende von CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 308208 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 203785272 B
Edge => 24102 B
Chrome => 265216 B
Firefox => 97726247 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 2560 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 38334 B
NetworkService => 20320 B
genas_000 => 2887241173 B
Gena_2 => 346096991 B
Lilia => 30716021 B
Gast => 6112 B
DefaultAppPool => 2560 B

RecycleBin => 11282824 B
EmptyTemp: => 3.3 GB temporäre Dateien entfernt.

================================


Das System musste neu gestartet werden.

==== Ende von Fixlog 21:18:03 ====
         
Miniaturansicht angehängter Grafiken
Trojaner Verdacht, Win10 64bit-fenster.jpg  
__________________


Alt 11.09.2017, 20:39   #18
M-K-D-B
/// TB-Ausbilder
 
Trojaner Verdacht, Win10 64bit - Standard

Trojaner Verdacht, Win10 64bit



Servus,


das ist der falsche FRST-Fix.

Die Fragen erst beantworten, wenn du alles erledigt hast.
__________________
__________________

Alt 11.09.2017, 21:34   #19
Gewin
 
Trojaner Verdacht, Win10 64bit - Standard

Trojaner Verdacht, Win10 64bit



Code:
ATTFilter
HitmanPro 3.7.20.286
www.hitmanpro.com

   Computer name . . . . : BIGCOM
   Windows . . . . . . . : 10.0.0.14393.X64/4
   User name . . . . . . : BigCom\***************
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2017-09-11 21:49:04
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 5m 53s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 3

   Objects scanned . . . : 2.869.011
   Files scanned . . . . : 76.288
   Remnants scanned  . . : 808.779 files / 1.983.944 keys

Suspicious files ____________________________________________________________

   C:\Users\Gena_2\Downloads\FRST-OlderVersion\FRST64.exe
      Size . . . . . . . : 2.396.672 bytes
      Age  . . . . . . . : 1.3 days (2017-09-10 14:58:30)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : C15873C7B7050C2799C7461F43662BC7AF14282D6D8D2E7C79475D8D0D92DED6
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -4.0s C:\Windows\Prefetch\CONSENT.EXE-1A8D0661.pf
         -0.5s C:\Users\genas_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9EC3B71635F8BA3FC68DE181A104A0EF_F6C39EF89D8A3A72327D8412589658B2
         -0.5s C:\Users\genas_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9EC3B71635F8BA3FC68DE181A104A0EF_F6C39EF89D8A3A72327D8412589658B2
         -0.3s C:\Users\genas_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\64DCC9872C5635B1B7891B30665E0558_5552C20A2631357820903FD38A8C0F9F
         -0.3s C:\Users\genas_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\64DCC9872C5635B1B7891B30665E0558_5552C20A2631357820903FD38A8C0F9F
          0.0s C:\Users\Gena_2\Downloads\FRST-OlderVersion\FRST64.exe
          0.9s C:\Windows\Prefetch\DLLHOST.EXE-6FC4F289.pf
          1.0s C:\Users\Gena_2\Downloads\FRST-OlderVersion\
          6.3s C:\Windows\Prefetch\FRST64.EXE-CEEB821C.pf
          6.9s C:\Windows\Prefetch\DLLHOST.EXE-5B56DEB8.pf

   C:\Users\Gena_2\Downloads\FRST64.exe
      Size . . . . . . . : 2.397.184 bytes
      Age  . . . . . . . : 0.0 days (2017-09-11 21:16:42)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : CA0DC6D4430345DBC2BFB6BE459003280D9565BEBFE6FBBD7D4C524241946AD9
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.

   C:\Users\genas_000\Downloads\FRST64.exe
      Size . . . . . . . : 2.395.648 bytes
      Age  . . . . . . . : 3.0 days (2017-09-08 21:29:44)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 3A0DD3CC5A3AF8F77E2DFE27765BFC712CEF4536CCC3C6B27A9C5A790A3CAE0B
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
         
Zitat:
Zitat von M-K-D-B Beitrag anzeigen
Servus,


das ist der falsche FRST-Fix.

Die Fragen erst beantworten, wenn du alles erledigt hast.
es wurde nur diese, eine Fixlog erstellt, habe zweimal laufen lassen

gestern hat das Programm zwei Logs erstellt: Fixlog.txt und fixlog.txt

Alt 12.09.2017, 13:33   #20
M-K-D-B
/// TB-Ausbilder
 
Trojaner Verdacht, Win10 64bit - Standard

Trojaner Verdacht, Win10 64bit



Servus,


du masst schon das kopieren, was sich in dieser Code-Box befindet.

Du hast einen alten Fix wiederholt.


Alt 12.09.2017, 17:46   #21
Gewin
 
Trojaner Verdacht, Win10 64bit - Standard

Trojaner Verdacht, Win10 64bit



Servus,

ja, ich mache genau wie Du beschrieben hast, Code kopieren, Programm starten und entfernen. Zum Schluß kommt ein Meldung "Rechner wird neu gestartet und fixlog im gleichen Programmverzeichnis gespeichert wird."

Code:
ATTFilter
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 11-09-2017 02
durchgeführt von *************** (12-09-2017 18:35:51) Run:6
Gestartet von C:\Users\Gena_2\Desktop
Geladene Profile: *************** & Gena_2 (Verfügbare Profile: *************** & Gena_2 & Lilia & Gast & DefaultAppPool)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************

CloseProcesses:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Applian Technologies
C:\Program Files (x86)\Applian Technologies
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.3g2
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.3ga
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.3gp
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.3gp2
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.3gpp
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.669
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.a52
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.aac
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.ac3
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.adt
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.adts
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.aif
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.aifc
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.aiff
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.amr
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.amv
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.aob
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.ape
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.asf
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.asx
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.au
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.avi
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.b4s
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.bin
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.caf
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.cda
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.cue
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.divx
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.drc
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.dts
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.dv
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.f4v
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.flac
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.flv
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.gvi
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.gxf
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.ifo
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.it
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.m1v
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.m2t
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.m2ts
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.m2v
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.m3u
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.m3u8
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.m4a
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.m4p
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.m4v
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mid
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mka
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mkv
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mlp
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mod
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mov
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mp1
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mp2
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mp2v
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mp3
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mp4
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mp4v
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mpa
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mpc
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mpe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mpeg
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mpeg1
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mpeg2
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mpeg4
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mpg
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mpga
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mpv2
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mts
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mtv
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mxf
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.nsv
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.nuv
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.oga
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.ogg
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.ogm
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.ogv
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.ogx
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.oma
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.opus
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.pls
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.qcp
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.ra
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.ram
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.rec
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.rm
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.rmi
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.rmvb
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.s3m
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.sdp
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.snd
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.spx
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.tod
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.ts
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.tta
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.tts
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.vlc
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.vob
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.voc
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.vqf
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.vro
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.w64
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.wav
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.webm
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.wma
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.wmv
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.wv
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.wvx
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.xa
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.xesc
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.xm
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.xspf
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\amp.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioCD\shell\PlayWithApplianMP
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DVD\shell\PlayWithApplianMP
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Media\ApplianMP
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ApplianMPPlayCDAudioOnArrival
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ApplianMPPlayDVDAudioOnArrival
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ApplianMPPlayDVDMovieOnArrival
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ApplianMPPlayMusicFilesOnArrival
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ApplianMPPlaySVCDMovieOnArrival
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ApplianMPPlayVCDMovieOnArrival
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ApplianMPPlayVideoFilesOnArrival
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Applian Technologies
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Clients\Media\ApplianMP
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ApplianMPPlayCDAudioOnArrival
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ApplianMPPlayDVDAudioOnArrival
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ApplianMPPlayDVDMovieOnArrival
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ApplianMPPlayMusicFilesOnArrival
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ApplianMPPlaySVCDMovieOnArrival
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ApplianMPPlayVCDMovieOnArrival
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ApplianMPPlayVideoFilesOnArrival
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\RegisteredApplications|FLV and Media Player
CustomCLSID: HKU\S-1-5-21-4288807228-2172792055-1580508024-1002_Classes\CLSID\{784D0A2D-A305-4E18-3208-A1915D75B970}\InprocServer32 -> kein Dateipfad
CustomCLSID: HKU\S-1-5-21-4288807228-2172792055-1580508024-1003_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-6F9128BD414A}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-4288807228-2172792055-1580508024-1003_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Gena_2\AppData\Local\Microsoft\OneDrive\17.3.6943.0625\amd64\FileSyncShell64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-4288807228-2172792055-1580508024-1003_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Gena_2\AppData\Local\Microsoft\OneDrive\17.3.6943.0625\amd64\FileSyncShell64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-4288807228-2172792055-1580508024-1003_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Gena_2\AppData\Local\Microsoft\OneDrive\17.3.6943.0625\amd64\FileSyncShell64.dll => Keine Datei
EmptyTemp:

*****************

Prozesse erfolgreich geschlossen.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Applian Technologies" => nicht gefunden.
"C:\Program Files (x86)\Applian Technologies" => nicht gefunden.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.3g2 => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.3ga => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.3gp => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.3gp2 => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.3gpp => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.669 => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.a52 => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.aac => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.ac3 => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.adt => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.adts => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.aif => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.aifc => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.aiff => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.amr => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.amv => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.aob => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.ape => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.asf => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.asx => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.au => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.avi => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.b4s => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.bin => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.caf => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.cda => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.cue => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.divx => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.drc => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.dts => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.dv => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.f4v => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.flac => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.flv => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.gvi => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.gxf => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.ifo => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.it => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.m1v => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.m2t => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.m2ts => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.m2v => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.m3u => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.m3u8 => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.m4a => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.m4p => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.m4v => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mid => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mka => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mkv => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mlp => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mod => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mov => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mp1 => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mp2 => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mp2v => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mp3 => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mp4 => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mp4v => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mpa => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mpc => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mpe => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mpeg => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mpeg1 => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mpeg2 => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mpeg4 => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mpg => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mpga => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mpv2 => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mts => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mtv => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.mxf => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.nsv => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.nuv => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.oga => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.ogg => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.ogm => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.ogv => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.ogx => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.oma => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.opus => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.pls => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.qcp => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.ra => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.ram => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.rec => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.rm => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.rmi => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.rmvb => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.s3m => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.sdp => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.snd => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.spx => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.tod => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.ts => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.tta => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.tts => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.vlc => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.vob => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.voc => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.vqf => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.vro => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.w64 => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.wav => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.webm => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.wma => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.wmv => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.wv => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.wvx => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.xa => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.xesc => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.xm => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ApplianMP.xspf => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\amp.exe => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioCD\shell\PlayWithApplianMP => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DVD\shell\PlayWithApplianMP => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Media\ApplianMP => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ApplianMPPlayCDAudioOnArrival => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ApplianMPPlayDVDAudioOnArrival => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ApplianMPPlayDVDMovieOnArrival => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ApplianMPPlayMusicFilesOnArrival => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ApplianMPPlaySVCDMovieOnArrival => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ApplianMPPlayVCDMovieOnArrival => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ApplianMPPlayVideoFilesOnArrival => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Applian Technologies => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Clients\Media\ApplianMP => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ApplianMPPlayCDAudioOnArrival => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ApplianMPPlayDVDAudioOnArrival => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ApplianMPPlayDVDMovieOnArrival => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ApplianMPPlayMusicFilesOnArrival => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ApplianMPPlaySVCDMovieOnArrival => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ApplianMPPlayVCDMovieOnArrival => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ApplianMPPlayVideoFilesOnArrival => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\RegisteredApplications\\FLV and Media Player => Wert nicht gefunden.
HKU\S-1-5-21-4288807228-2172792055-1580508024-1002_Classes\CLSID\{784D0A2D-A305-4E18-3208-A1915D75B970} => Schlüssel nicht gefunden. 
HKU\S-1-5-21-4288807228-2172792055-1580508024-1003_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-6F9128BD414A} => Schlüssel nicht gefunden. 
HKU\S-1-5-21-4288807228-2172792055-1580508024-1003_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => Schlüssel nicht gefunden. 
HKU\S-1-5-21-4288807228-2172792055-1580508024-1003_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => Schlüssel nicht gefunden. 
HKU\S-1-5-21-4288807228-2172792055-1580508024-1003_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => Schlüssel nicht gefunden. 

=========== EmptyTemp: ==========

BITS transfer queue => 291972 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 0 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 21038 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 818 B
NetworkService => 0 B
genas_000 => 8836 B
Gena_2 => 4206178 B
Lilia => 0 B
Gast => 0 B
DefaultAppPool => 0 B

RecycleBin => 0 B
EmptyTemp: => 4.3 MB temporäre Dateien entfernt.

================================


Das System musste neu gestartet werden.

==== Ende von Fixlog 18:38:14 ====
         
Code:
ATTFilter
C:\Users\genas_000\Downloads\FreeSoundRecorder.exe	Mehrere Bedrohungen,Win32/Tsingsoft.A eventuell unerwunschte Anwendung,Win32/Adware.Agent.NQE Anwendung,Variante von Win32/BundleLoader.C eventuell unerwunschte Anwendung	
D:\Bank\dkb-cashback_ie_ff_ch.exe	Win32/Toolbar.CrossRider.B eventuell unerwunschte Anwendung,Win32/Packed.ScrambleWrapper.B eventuell unerwunschte Anwendung	
D:\Umzug\Desktop\Alte Firefox-Daten\6o40wgqc.default\extensions\crossriderapp16150@crossrider.com\chrome\content\platformVersion.js	JS/Toolbar.Crossrider.AM eventuell unerwunschte Anwendung	
D:\Umzug\Desktop\Alte Firefox-Daten\6o40wgqc.default\extensions\crossriderapp16150@crossrider.com\chrome\content\core\delegate.js	JS/Toolbar.Crossrider.AS eventuell unerwunschte Anwendung	
D:\Umzug\Desktop\Alte Firefox-Daten\6o40wgqc.default\extensions\crossriderapp16150@crossrider.com\chrome\content\core\extensionDataStore.js	JS/Toolbar.Crossrider.AD eventuell unerwunschte Anwendung	
D:\Umzug\Desktop\Alte Firefox-Daten\6o40wgqc.default\extensions\crossriderapp16150@crossrider.com\chrome\content\core\xhr.js	JS/Toolbar.Crossrider.G eventuell unerwunschte Anwendung	
D:\Umzug\Desktop\Alte Firefox-Daten\6o40wgqc.default\extensions\crossriderapp16150@crossrider.com\extensionData\plugins\13_CrossriderAppUtils.js	JS/Toolbar.Crossrider.AE eventuell unerwunschte Anwendung	
D:\Umzug\Desktop\Alte Firefox-Daten\6o40wgqc.default\extensions\crossriderapp16150@crossrider.com\extensionData\plugins\14_CrossriderUtils.js	JS/Toolbar.Crossrider.O eventuell unerwunschte Anwendung	
D:\Umzug\Desktop\Alte Firefox-Daten\6o40wgqc.default\extensions\crossriderapp16150@crossrider.com\extensionData\plugins\17_jQuery.js	JS/Toolbar.Crossrider.AL eventuell unerwunschte Anwendung	
D:\Umzug\Desktop\Alte Firefox-Daten\6o40wgqc.default\extensions\crossriderapp16150@crossrider.com\extensionData\plugins\182_openUrl.js	JS/Toolbar.Crossrider.AW eventuell unerwunschte Anwendung	
D:\Umzug\Desktop\Alte Firefox-Daten\6o40wgqc.default\extensions\crossriderapp16150@crossrider.com\extensionData\plugins\183_tabsWrapper.js	JS/Toolbar.Crossrider.AA eventuell unerwunschte Anwendung	
D:\Umzug\Desktop\Alte Firefox-Daten\6o40wgqc.default\extensions\crossriderapp16150@crossrider.com\extensionData\plugins\1_base.js	JS/Toolbar.Crossrider.F eventuell unerwunschte Anwendung	
D:\Umzug\Desktop\Alte Firefox-Daten\6o40wgqc.default\extensions\crossriderapp16150@crossrider.com\extensionData\plugins\22_resources.js	JS/Toolbar.Crossrider.AG eventuell unerwunschte Anwendung	
D:\Umzug\Desktop\Alte Firefox-Daten\6o40wgqc.default\extensions\crossriderapp16150@crossrider.com\extensionData\plugins\28_initializer.js	JS/Toolbar.Crossrider.F eventuell unerwunschte Anwendung	
D:\Umzug\Desktop\Alte Firefox-Daten\6o40wgqc.default\extensions\crossriderapp16150@crossrider.com\extensionData\plugins\47_resources_background.js	JS/Toolbar.Crossrider.M eventuell unerwunschte Anwendung	
D:\Umzug\Desktop\Alte Firefox-Daten\6o40wgqc.default\extensions\crossriderapp16150@crossrider.com\extensionData\plugins\64_appApiMessage.js	JS/Toolbar.Crossrider.P eventuell unerwunschte Anwendung	
D:\Umzug\Desktop\Alte Firefox-Daten\6o40wgqc.default\extensions\crossriderapp16150@crossrider.com\extensionData\plugins\72_appApiValidation.js	JS/Toolbar.Crossrider.AX eventuell unerwunschte Anwendung	
D:\Umzug\Desktop\Alte Firefox-Daten\6o40wgqc.default\extensions\crossriderapp16150@crossrider.com\extensionData\plugins\78_CrossriderInfo.js	JS/Toolbar.Crossrider.AB eventuell unerwunschte Anwendung	
D:\Umzug\Desktop\Alte Firefox-Daten\6o40wgqc.default\extensions\crossriderapp16150@crossrider.com\extensionData\plugins\7_hooks.js	JS/Toolbar.Crossrider.U eventuell unerwunschte Anwendung	
D:\Umzug\Desktop\Alte Firefox-Daten\6o40wgqc.default\extensions\crossriderapp16150@crossrider.com\extensionData\plugins\9_search_engine_hook.js	JS/Toolbar.Crossrider.Y eventuell unerwunschte Anwendung
         
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 11-09-2017 02
durchgeführt von *************** (Administrator) auf BIGCOM (12-09-2017 18:45:05)
Gestartet von C:\Users\Gena_2\Desktop
Geladene Profile: *************** & Gena_2 (Verfügbare Profile: *************** & Gena_2 & Lilia & Gast & DefaultAppPool)
Platform: Windows 10 Home Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(G DATA Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\certsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(G DATA Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(MKS Software Inc.) C:\Windows\System32\nutsrv4.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
() C:\Program Files (x86)\SurfEasy VPN\client\SurfEasyService.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Intel) C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe
() C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe
(Lenovo(beijing) Limited) C:\ProgramData\Lenovo\ImController\Plugins\IdeaOSDPackage\x64\utility.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
() C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_26_0_0_151.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_26_0_0_151.exe
(G DATA Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
(G DATA Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(G DATA Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe
() C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6339656 2013-05-16] (Realtek semiconductor)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15792112 2014-02-11] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [101360 2014-02-11] (Lenovo(beijing) Limited)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2710856 2009-11-01] (CANON INC.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-03] (Synaptics Incorporated)
HKLM\...\Run: [USB Safely Remove] => "C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe" /startup
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [LenovoUtility] => C:\ProgramData\Lenovo\ImController\Plugins\IdeaOSDPackage\x64\utility.exe [911272 2017-07-27] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2009-09-28] (CANON INC.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [NuTCSetupEnviron] => C:\Program Files\PTC\MKS Toolkit\bin\ncoeenv.exe [37248 2012-10-12] (MKS Software Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2407008 2017-07-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3500056 2017-07-27] (Adobe Systems Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5571944 2016-04-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1562304 2017-05-10] (Seagate Technology LLC)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM-x32\...\Run: [G Data ASM] => C:\Program Files (x86)\G Data\InternetSecurity\DelayLoader\AutorunDelayLoader.exe [442856 2017-06-08] (G DATA Software AG)
HKLM\...\RunOnce: [*EmptyTemp] => cmd /c rd /q/s C:\FRST\Temp
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Beschränkung <==== ACHTUNG
HKU\S-1-5-21-4288807228-2172792055-1580508024-1002\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files (x86)\DAEMON Tools Lite\DTAgent.exe [4295360 2016-06-09] (Disc Soft Ltd)
HKU\S-1-5-21-4288807228-2172792055-1580508024-1002\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421224 2017-05-18] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-4288807228-2172792055-1580508024-1002\...\Run: [SurfEasy] => C:\Program Files (x86)\SurfEasy VPN\client\SurfEasyVPN.exe startup
HKU\S-1-5-21-4288807228-2172792055-1580508024-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9818328 2017-06-30] (Piriform Ltd)
HKU\S-1-5-21-4288807228-2172792055-1580508024-1002\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [142568 2017-05-10] (Seagate Technology LLC)
HKU\S-1-5-21-4288807228-2172792055-1580508024-1002\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[C0].tx
HKU\S-1-5-21-4288807228-2172792055-1580508024-1002\...\MountPoints2: {50b30d4b-8405-11e6-bf7b-fcf8ae9ac78d} - "E:\run.exe" 
HKU\S-1-5-21-4288807228-2172792055-1580508024-1002\...\MountPoints2: {cba4bbd6-565a-11e6-bf56-fcf8ae9ac78d} - "J:\HPLauncher.exe" 
HKU\S-1-5-21-4288807228-2172792055-1580508024-1003\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2352832 2016-06-09] (Disc Soft Ltd)
HKU\S-1-5-21-4288807228-2172792055-1580508024-1003\...\Run: [KiesPDLR.exe] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run
HKU\S-1-5-21-4288807228-2172792055-1580508024-1003\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe [763416 2017-07-27] (Adobe Systems Incorporated)
HKU\S-1-5-21-4288807228-2172792055-1580508024-1003\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [142568 2017-05-10] (Seagate Technology LLC)
HKU\S-1-5-21-4288807228-2172792055-1580508024-1003\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files (x86)\DAEMON Tools Lite\DTAgent.exe [4295360 2016-06-09] (Disc Soft Ltd)
HKU\S-1-5-21-4288807228-2172792055-1580508024-1003\...\Run: [Polar Sync] => *:\program files\polar\polar sync\********************************************************************************************************************************************************************** (Der Dateneintrag hat 59 mehr Zeichen).
HKU\S-1-5-21-4288807228-2172792055-1580508024-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9818328 2017-06-30] (Piriform Ltd)
HKU\S-1-5-21-4288807228-2172792055-1580508024-1003\...\MountPoints2: {be3b4032-83bd-11e6-bf7a-fcf8ae9ac78d} - "I:\start-win.exe" 
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421224 2017-05-18] (Garmin Ltd. or its subsidiaries)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk [2014-02-11]
ShortcutTarget: iSCTsysTray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Motion Control.lnk [2014-02-11]
ShortcutTarget: Motion Control.lnk -> C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe ()
Startup: C:\Users\Gena_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZenMate.bat [2017-08-13] ()

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{2be6f6e2-00a5-4ce8-95ef-87a8efc7ebb5}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{3a45b7cf-7020-4447-8c63-994d33d62839}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-4288807228-2172792055-1580508024-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=625119&clcid=0x419
HKU\S-1-5-21-4288807228-2172792055-1580508024-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-4288807228-2172792055-1580508024-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=625119&clcid=0x419
HKU\S-1-5-21-4288807228-2172792055-1580508024-1003\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKU\S-1-5-21-4288807228-2172792055-1580508024-1002 -> DefaultScope {8C3078A0-9AAB-4371-85D1-656CA8E46EE8} URL = hxxps://yandex.ru/search/?text={searchTerms}&clid=2233627
SearchScopes: HKU\S-1-5-21-4288807228-2172792055-1580508024-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=U280DF&PC=U280&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4288807228-2172792055-1580508024-1002 -> {26B3CAA3-DAC0-4C35-B5A8-06D7ABF7F9C4} URL = 
SearchScopes: HKU\S-1-5-21-4288807228-2172792055-1580508024-1002 -> {8C3078A0-9AAB-4371-85D1-656CA8E46EE8} URL = hxxps://yandex.ru/search/?text={searchTerms}&clid=2233627
SearchScopes: HKU\S-1-5-21-4288807228-2172792055-1580508024-1003 -> DefaultScope {8C3078A0-9AAB-4371-85D1-656CA8E46EE8} URL = hxxps://yandex.ru/search/?text={searchTerms}&clid=2233627
SearchScopes: HKU\S-1-5-21-4288807228-2172792055-1580508024-1003 -> {26B3CAA3-DAC0-4C35-B5A8-06D7ABF7F9C4} URL = 
SearchScopes: HKU\S-1-5-21-4288807228-2172792055-1580508024-1003 -> {8C3078A0-9AAB-4371-85D1-656CA8E46EE8} URL = hxxps://yandex.ru/search/?text={searchTerms}&clid=2233627
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-07-19] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-19] (Microsoft Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2014-12-15] (DVDVideoSoft Ltd.)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-07-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\ssv.dll [2017-07-19] (Oracle Corporation)
BHO-x32: IE 4.x-6.x BHO for Download Master -> {9961627E-4059-41B4-8E0E-A7D6B3854ADF} -> C:\Program Files (x86)\Download Master\dmiehlp.dll [2014-12-29] (WestByte)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-07-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\jp2ssv.dll [2017-07-19] (Oracle Corporation)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2016-01-19] (DVDVideoSoft Ltd.)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-19] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-19] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-19] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-19] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-04-05] (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  Keine Datei

FireFox:
========
FF ProfilePath: C:\Users\genas_000\AppData\Roaming\Mozilla\Firefox\Profiles\30yofb6a.default-1460833065739 [2017-09-12]
FF Extension: (SaveFrom.net helper) - C:\Users\genas_000\AppData\Roaming\Mozilla\Firefox\Profiles\30yofb6a.default-1460833065739\Extensions\helper-sig@savefrom.net.xpi [2017-09-12]
FF Extension: (Click-to-Play staged rollout) - C:\Users\genas_000\AppData\Roaming\Mozilla\Firefox\Profiles\30yofb6a.default-1460833065739\features\{3b71e2d0-2414-4604-aeec-9fdae4345e95}\clicktoplay-rollout@mozilla.org.xpi [2017-09-12]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2017-08-10]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-27] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-07-13] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-27] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\CanonBJ\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-02-04] (CANON INC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-08-26] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-09] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.141.2 -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\dtplugin\npDeployJava1.dll [2017-07-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.141.2 -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\plugin2\npjp2.dll [2017-07-19] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [Keine Datei]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-07-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-07-19] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2017-08-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-07-13] (Adobe Systems)
FF Plugin-x32: Sony Corporation/PMCADownloader -> C:\ProgramData\Sony Corporation\PMCADownloader\1.2.0.13221\npPMCADownloader.dll [2012-10-17] (Sony Network Entertainment International LLC)
FF Plugin-x32: Sony Corporation/PMCADownloaderHelper -> C:\ProgramData\Sony Corporation\PMCADownloader\1.2.0.13221\PMCADownloaderHelper.exe [2012-10-17] (Sony Network Entertainment International LLC)
FF Plugin-x32: Sony Corporation/PMCADownloaderLib -> C:\ProgramData\Sony Corporation\PMCADownloader\1.2.0.13221\PMCADownloaderLib.dll [2012-10-17] (Sony Network Entertainment International LLC)

Chrome: 
=======
CHR HomePage: Default -> bing.com/?pc=__PARAM__
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms}
CHR Profile: C:\Users\genas_000\AppData\Local\Google\Chrome\User Data\Default [2017-09-11]
CHR Extension: (Google Präsentationen) - C:\Users\genas_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-12]
CHR Extension: (Google Docs) - C:\Users\genas_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-12]
CHR Extension: (Google Drive) - C:\Users\genas_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-12]
CHR Extension: (YouTube) - C:\Users\genas_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-12]
CHR Extension: (Adobe Acrobat) - C:\Users\genas_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-12]
CHR Extension: (Google Tabellen) - C:\Users\genas_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-12]
CHR Extension: (Google Docs Offline) - C:\Users\genas_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-12]
CHR Extension: (Skype) - C:\Users\genas_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-01-12]
CHR Extension: (Bing) - C:\Users\genas_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfedoihopcjdfjihhhojdclnfdgomdho [2017-01-12]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\genas_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-12]
CHR Extension: (PlayMemories Camera Apps Downloader) - C:\Users\genas_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlghnkgcadghcdodlcjfhogekonhdei [2017-01-12]
CHR Extension: (Google Mail) - C:\Users\genas_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-12]
CHR Extension: (Chrome Media Router) - C:\Users\genas_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-12]
CHR HKU\S-1-5-21-4288807228-2172792055-1580508024-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nfedoihopcjdfjihhhojdclnfdgomdho] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2017-07-27]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [814688 2017-07-13] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [5017224 2017-06-23] (G DATA Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [3328112 2017-06-08] (G Data Software AG)
S2 avmike; C:\Program Files\FRITZ!Fernzugang\avmike.exe [337824 2012-11-28] (AVM Berlin)
R2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [101536 2013-04-16] (Intel)
R2 certsrv; C:\Program Files\FRITZ!Fernzugang\certsrv.exe [143776 2012-11-28] (AVM Berlin)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3705536 2017-07-03] (Microsoft Corporation)
R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe [432528 2013-04-17] (Nuance Communications, Inc.)
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [437224 2016-10-27] (Digital Wave Ltd.)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2017-07-06] () [Datei ist nicht signiert]
S3 Disc Soft Lite Bus Service; C:\Program Files (x86)\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1458368 2016-06-09] (Disc Soft Ltd)
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1093136 2017-05-18] (Garmin Ltd. or its subsidiaries)
S3 GDBackupSvc; C:\Program Files (x86)\G Data\InternetSecurity\AVKBackup\AVKBackupService.exe [3997160 2017-06-23] (G DATA Software AG)
R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [3419552 2017-06-08] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [884328 2017-06-08] (G DATA Software AG)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2013-10-28] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-05-08] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-02] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-09-08] ()
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [57160 2017-06-05] (Lenovo Group Limited)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-09] (Intel Corporation)
S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [671744 2013-08-16] () [Datei ist nicht signiert]
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [182760 2013-04-15] ()
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-09] (Intel Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 NuTCRACKERService; C:\WINDOWS\system32\nutsrv4.exe [574776 2012-10-12] (MKS Software Inc.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-04-01] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [450168 2017-05-03] (NVIDIA Corporation)
R2 nwtsrv; C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe [191328 2013-06-10] (AVM Berlin)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16120 2017-05-10] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [143560 2017-05-10] (Seagate Technology LLC)
S3 ShareItSvc; C:\Program Files (x86)\SHAREit\SHAREit\Shareit.Service.exe [35272 2016-05-04] (SHAREit Technologies Co.Ltd)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
R2 SurfEasyVPN; C:\Program Files (x86)\SurfEasy VPN\client\SurfEasyService.exe [1663368 2017-03-14] ()
R3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [23928 2017-08-16] ()
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1049464 2016-04-19] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [314744 2016-04-19] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-28] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-08-01] (Microsoft Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R0 dcrypt; C:\WINDOWS\System32\drivers\dcrypt.sys [210632 2014-07-09] ()
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-09-26] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-09-26] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-08-24] ()
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [109568 2013-01-25] (Huawei Technologies Co., Ltd.)
R0 GDBehave; C:\WINDOWS\System32\drivers\GDBehave.sys [200728 2017-08-13] (G Data Software AG)
R3 gddcd; C:\WINDOWS\System32\drivers\gddcd64.sys [79872 2015-03-23] (G Data Software AG)
R1 gddcv; C:\WINDOWS\System32\drivers\gddcv64.sys [59904 2015-03-23] (G Data Software AG)
S0 GDElam; C:\WINDOWS\System32\DRIVERS\GDElam.sys [117904 2017-02-20] (G Data Software AG)
R3 GDKBB; C:\WINDOWS\system32\drivers\GDKBB64.sys [46104 2017-08-13] (G Data Software AG)
R3 GDKBFlt; C:\WINDOWS\system32\drivers\GDKBFlt64.sys [38984 2017-08-13] (G DATA Software AG)
R1 GDMnIcpt; C:\WINDOWS\system32\drivers\MiniIcpt.sys [309784 2017-08-13] (G Data Software AG)
R3 GDPkIcpt; C:\WINDOWS\system32\drivers\PktIcpt.sys [162328 2017-08-13] (G Data Software AG)
R1 gdwfpcd; C:\WINDOWS\System32\drivers\gdwfpcd64.sys [86584 2017-08-13] (G DATA Software AG)
S3 GRD; C:\WINDOWS\system32\drivers\GRD.sys [125640 2017-09-10] (G Data Software)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R1 HookCentre; C:\WINDOWS\system32\drivers\HookCentre.sys [157720 2017-08-13] (G Data Software AG)
S3 hwusb_cdcacm; C:\WINDOWS\system32\DRIVERS\ew_cdcacm.sys [121728 2013-12-10] (Huawei Technologies Co., Ltd.)
S3 hwusb_wwanecm; C:\WINDOWS\system32\DRIVERS\ew_wwanecm.sys [376704 2013-12-10] (Huawei Technologies Co., Ltd.)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [231168 2017-01-13] (Intel Corporation)
R3 ikbevent; C:\WINDOWS\system32\DRIVERS\ikbevent.sys [21048 2013-04-15] ()
R3 imsevent; C:\WINDOWS\system32\DRIVERS\imsevent.sys [21048 2013-04-15] ()
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [46568 2013-04-15] ()
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [192960 2017-09-08] (Malwarebytes)
S3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [101824 2017-09-10] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-09-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253888 2017-09-10] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [94144 2017-09-10] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
S3 mfencrk; C:\WINDOWS\system32\DRIVERS\mfencrk.sys [96592 2014-06-18] (McAfee, Inc.)
S3 MosIrUsb; C:\WINDOWS\System32\drivers\MosIrUsb.sys [27648 2007-10-11] ()
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3776792 2015-06-22] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvlti.inf_amd64_e512e33140587627\nvlddmkm.sys [14841784 2017-04-03] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-05-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48248 2017-05-03] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57976 2017-05-03] (NVIDIA Corporation)
S3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
S3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [759552 2015-09-21] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [8243528 2013-05-16] (Realtek Semiconductor Corp.)
S3 SD11CL64; C:\WINDOWS\system32\DRIVERS\SD11CL64.sys [96512 2011-01-24] (SCM Microsystems Inc.)
S3 SDI01164; C:\WINDOWS\system32\DRIVERS\SDI01164.SYS [75904 2011-01-24] (SCM Microsystems Inc.)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-03] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 taphss6; C:\WINDOWS\System32\drivers\taphss6.sys [42064 2017-03-21] (Anchorfree Inc.)
R0 TS4NT; C:\WINDOWS\System32\Drivers\TS4nt.sys [98760 2015-03-23] (G Data Software)
R3 usb3Hub; C:\WINDOWS\System32\drivers\usb3Hub.sys [207768 2013-04-16] (Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WPRO_41_2001; C:\WINDOWS\System32\drivers\WPRO_41_2001.sys [34752 2017-09-12] ()
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
U3 dmwappushsvc; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-09-12 18:45 - 2017-09-12 18:45 - 000041613 _____ C:\Users\Gena_2\Desktop\FRST.txt
2017-09-12 18:38 - 2017-09-12 18:38 - 000094656 _____ (CACE Technologies) C:\WINDOWS\system32\WPRO_41_2001woem.tmp
2017-09-12 18:32 - 2017-09-12 18:35 - 002397184 _____ (Farbar) C:\Users\Gena_2\Desktop\FRST64.exe
2017-09-12 18:27 - 2017-09-12 18:38 - 000025113 _____ C:\Users\Gena_2\Desktop\Fixlog.txt
2017-09-12 18:26 - 2017-09-12 18:26 - 000000000 ____D C:\Users\Gena_2\Desktop\FRST-OlderVersion
2017-09-12 18:24 - 2017-09-12 18:38 - 000000022 _____ C:\WINDOWS\S.dirmngr
2017-09-12 18:22 - 2017-09-12 18:23 - 000003927 _____ C:\Users\Gena_2\Documents\eset_1.txt
2017-09-12 18:21 - 2017-09-12 18:21 - 000007856 _____ C:\Users\genas_000\Documents\eset_1.txt
2017-09-12 18:20 - 2017-09-12 18:21 - 000007856 _____ C:\Users\genas_000\Desktop\eset_1.txt
2017-09-12 17:34 - 2017-09-12 17:34 - 000000279 _____ C:\WINDOWS\SysWOW64\InstallUtil.InstallLog
2017-09-12 17:34 - 2017-09-12 17:34 - 000000000 ____D C:\WINDOWS\SysWOW64\%LOCALAPPDATA%
2017-09-12 05:07 - 2017-09-12 18:39 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
2017-09-12 05:05 - 2017-09-12 18:20 - 000003927 _____ C:\Users\Gena_2\Desktop\eset.txt
2017-09-12 05:03 - 2017-09-12 18:18 - 000007856 _____ C:\Users\genas_000\Desktop\eset.txt
2017-09-11 22:36 - 2017-09-11 22:36 - 000000000 ____D C:\Users\genas_000\AppData\Local\ESET
2017-09-11 22:35 - 2017-09-11 22:35 - 006760064 _____ (ESET spol. s r.o.) C:\Users\Gena_2\Downloads\esetonlinescanner_deu.exe
2017-09-11 22:19 - 2017-09-11 22:37 - 000025126 _____ C:\Users\Gena_2\Downloads\Fixlog.txt
2017-09-11 21:45 - 2017-09-12 05:08 - 006760064 _____ (ESET spol. s r.o.) C:\Users\Gena_2\Desktop\esetonlinescanner_deu.exe
2017-09-11 21:39 - 2017-09-11 21:39 - 000000000 ____D C:\Program Files\HitmanPro
2017-09-11 21:38 - 2017-09-11 21:45 - 000000000 ____D C:\ProgramData\HitmanPro
2017-09-11 21:37 - 2017-09-11 21:38 - 011584088 _____ (SurfRight B.V.) C:\Users\Gena_2\Desktop\HitmanPro_x64.exe
2017-09-10 22:21 - 2017-09-10 22:21 - 000000000 ____D C:\Users\Gena_2\Downloads\TB
2017-09-10 15:38 - 2017-09-10 15:38 - 007091575 _____ C:\Users\Gena_2\Downloads\Локхарт Джош - Современный PHP.pdf
2017-09-10 15:37 - 2017-09-10 15:37 - 003311064 _____ (BitTorrent Inc.) C:\Users\Gena_2\Downloads\BitTorrent.exe
2017-09-10 15:30 - 2017-09-10 15:30 - 000000020 _____ C:\Users\Gena_2\Downloads\pass.txt
2017-09-10 15:16 - 2017-09-10 15:16 - 000277555 _____ C:\Users\Gena_2\Downloads\Specialist.ru_94_in_1.torrent
2017-09-10 15:15 - 2017-09-10 15:32 - 2097152000 _____ C:\Users\Gena_2\Downloads\Python_Jango.part2.rar
2017-09-10 15:15 - 2017-09-10 15:22 - 511922197 _____ C:\Users\Gena_2\Downloads\Python_Jango.part3.rar
2017-09-10 15:14 - 2017-09-10 15:30 - 2097152000 _____ C:\Users\Gena_2\Downloads\Python_Jango.part1.rar
2017-09-10 14:58 - 2017-09-11 21:16 - 000000000 ____D C:\Users\Gena_2\Downloads\FRST-OlderVersion
2017-09-10 14:32 - 2017-09-10 14:37 - 000000000 ____D C:\AdwCleaner
2017-09-10 14:29 - 2017-09-10 14:32 - 008182736 _____ (Malwarebytes) C:\Users\Gena_2\Downloads\adwcleaner_7.0.2.1.exe
2017-09-09 23:01 - 2017-09-09 23:04 - 390343134 _____ C:\Users\Gena_2\Downloads\2012_[www.youryoga.org].AVI
2017-09-09 21:57 - 2017-09-09 22:03 - 000130884 _____ C:\TDSSKiller.3.1.0.15_09.09.2017_21.57.24_log.txt
2017-09-09 21:54 - 2017-09-09 21:57 - 004922400 _____ (AO Kaspersky Lab) C:\Users\Gena_2\Downloads\tdsskiller.exe
2017-09-09 21:45 - 2017-09-10 22:33 - 000071031 _____ C:\Users\Gena_2\Downloads\Addition.txt
2017-09-08 23:26 - 2017-09-08 23:26 - 000000000 ____D C:\Users\Gena_2\Desktop\txt
2017-09-08 22:11 - 2017-09-08 22:11 - 000001456 _____ C:\Users\Gena_2\Desktop\Start Tor Browser.lnk
2017-09-08 21:56 - 2017-09-10 21:55 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-09-08 21:56 - 2017-09-10 14:51 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-09-08 21:56 - 2017-09-10 14:51 - 000101824 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-09-08 21:56 - 2017-09-10 14:51 - 000045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-09-08 21:56 - 2017-09-08 21:56 - 000192960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-09-08 21:56 - 2017-09-08 21:56 - 000001923 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-09-08 21:56 - 2017-09-08 21:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-09-08 21:56 - 2017-09-08 21:56 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-09-08 21:56 - 2017-09-08 21:56 - 000000000 ____D C:\Program Files\Malwarebytes
2017-09-08 21:56 - 2017-08-24 11:27 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-09-08 21:55 - 2017-09-08 21:55 - 066347240 _____ (Malwarebytes ) C:\Users\Gena_2\Downloads\mb3-setup-consumer-3.2.2.2018.exe
2017-09-08 21:33 - 2017-09-08 21:47 - 000079617 _____ C:\Users\genas_000\Downloads\Addition.txt
2017-09-08 21:32 - 2017-09-12 18:45 - 000000000 ____D C:\FRST
2017-09-08 21:32 - 2017-09-08 21:45 - 000100731 _____ C:\Users\genas_000\Downloads\FRST.txt
2017-09-08 21:29 - 2017-09-08 21:32 - 002395648 _____ (Farbar) C:\Users\genas_000\Downloads\FRST64.exe
2017-09-08 21:20 - 2017-09-08 21:20 - 007178424 _____ (VS Revo Group ) C:\Users\genas_000\Downloads\revosetup_v2.0.3.exe
2017-09-08 21:05 - 2017-09-08 21:05 - 000000970 _____ C:\Users\genas_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2017-09-08 21:05 - 2017-09-08 21:05 - 000000922 _____ C:\Users\genas_000\Desktop\Start Tor Browser.lnk
2017-09-08 21:04 - 2017-09-08 21:05 - 000000000 ____D C:\Users\genas_000\Desktop\Tor Browser
2017-09-08 15:57 - 2017-09-08 15:57 - 000007290 _____ C:\Users\Gena_2\AppData\Local\recently-used.xbel
2017-09-08 15:57 - 2017-09-08 15:57 - 000000037 _____ C:\Users\Gena_2\.gtk-bookmarks
2017-09-07 19:59 - 2017-09-12 18:39 - 000008192 _____ C:\WINDOWS\SysWOW64\WDPABKP.dat
2017-09-06 16:22 - 2017-09-06 20:25 - 001314861 _____ () C:\hoe.dll
2017-09-06 16:01 - 2017-09-06 16:01 - 000002447 _____ C:\Users\genas_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-04 20:54 - 2017-09-04 20:54 - 000000000 ____D C:\Users\Gena_2\AppData\Local\Tempzxpsign24b0aab944a0f2f8
2017-09-04 20:53 - 2017-09-04 20:53 - 000000000 ____D C:\Users\Gena_2\AppData\Local\Tempzxpsign7e4b5e0ba9a3c64c
2017-09-04 20:52 - 2017-09-04 20:52 - 000000000 ____D C:\Users\Gena_2\AppData\Local\Tempzxpsignfed5aacc0dc13da6
2017-09-04 20:52 - 2017-09-04 20:52 - 000000000 ____D C:\Users\Gena_2\AppData\Local\Tempzxpsign41a2d2e3a16ca90a
2017-09-04 20:52 - 2017-09-04 20:52 - 000000000 ____D C:\Users\Gena_2\AppData\Local\Tempzxpsign0ce8cd98bb0e703f
2017-09-03 19:24 - 2017-09-03 19:24 - 000184837 _____ C:\Users\Gena_2\Documents\Paracelsus-Versand.pdf
2017-09-02 23:31 - 2017-09-02 23:31 - 001781226 _____ C:\Users\Gena_2\Documents\Ahnenblatt-Handbuch.pdf
2017-09-02 20:38 - 2017-09-06 21:16 - 000000000 ____D C:\Users\Gena_2\Documents\Ahnenblatt
2017-09-02 20:38 - 2017-09-06 19:22 - 000000000 ____D C:\Users\Gena_2\AppData\Roaming\Ahnenblatt
2017-09-02 17:00 - 2017-09-02 20:38 - 000000000 ____D C:\Users\genas_000\AppData\Roaming\Ahnenblatt
2017-09-02 17:00 - 2017-09-02 17:00 - 000001175 _____ C:\Users\Public\Desktop\Ahnenblatt.lnk
2017-09-02 17:00 - 2017-09-02 17:00 - 000000000 ____D C:\Users\genas_000\Documents\Ahnenblatt
2017-09-02 17:00 - 2017-09-02 17:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ahnenblatt
2017-09-02 17:00 - 2017-09-02 17:00 - 000000000 ____D C:\Program Files (x86)\Ahnenblatt
2017-09-02 16:59 - 2017-09-02 16:59 - 007164912 _____ (Dirk Böttcher ) C:\Users\Gena_2\Downloads\absetup.exe
2017-08-24 18:54 - 2017-08-24 18:54 - 000002258 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2017-08-24 18:54 - 2017-08-24 18:54 - 000002220 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2017-08-22 21:09 - 2017-09-12 18:38 - 000034752 _____ C:\WINDOWS\system32\Drivers\WPRO_41_2001.sys
2017-08-19 13:15 - 2017-08-19 13:15 - 000000000 ____D C:\Users\genas_000\AppData\Local\keepassx
2017-08-19 13:14 - 2017-08-19 13:14 - 000000000 ____D C:\Users\Gena_2\Downloads\KeePassX-2.0.3
2017-08-19 13:12 - 2017-08-19 13:12 - 000000801 _____ C:\Users\Gena_2\Downloads\KeePassX-2.0.3.zip.sig
2017-08-19 11:38 - 2017-08-24 21:06 - 000000000 ____D C:\Users\Gena_2\Downloads\windows
2017-08-14 18:28 - 2017-08-14 18:28 - 000000000 ____D C:\Users\Gena_2\AppData\Local\Tempzxpsign1b4a29de636be42f
2017-08-14 18:23 - 2017-08-14 18:23 - 000000000 ____D C:\Users\Gena_2\AppData\Local\Tempzxpsignc0bab0ec0cf11e06
2017-08-14 18:17 - 2017-08-14 18:17 - 000000000 ____D C:\Users\Gena_2\AppData\Local\Tempzxpsign991be756ff36d9ed
2017-08-14 18:16 - 2017-08-14 18:16 - 000000000 ____D C:\Users\Gena_2\AppData\Local\Tempzxpsignad11cc61bf043d49
2017-08-14 18:16 - 2017-08-14 18:16 - 000000000 ____D C:\Users\Gena_2\AppData\Local\Tempzxpsigna9351cf5d5af130d
2017-08-14 18:15 - 2017-08-14 18:15 - 000000000 ____D C:\Users\Gena_2\AppData\Local\Tempzxpsign880927f307097e96
2017-08-14 18:15 - 2017-08-14 18:15 - 000000000 ____D C:\Users\Gena_2\AppData\Local\Tempzxpsign68131fe99be3bf8d
2017-08-13 12:46 - 2017-08-13 12:46 - 001781359 _____ (pendrivelinux.com) C:\Users\Gena_2\Downloads\Universal-USB-Installer.exe
2017-08-13 12:17 - 2017-09-10 14:46 - 000125640 _____ (G Data Software) C:\WINDOWS\system32\Drivers\GRD.sys
2017-08-13 12:17 - 2017-08-13 12:17 - 000037544 _____ (G DATA Software) C:\WINDOWS\system32\Drivers\GdPhyMem.sys
2017-08-13 10:45 - 2017-08-13 10:45 - 000086584 _____ (G DATA Software AG) C:\WINDOWS\system32\Drivers\gdwfpcd64.sys
2017-08-13 10:45 - 2017-08-13 10:45 - 000046104 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\GDKBB64.sys
2017-08-13 10:45 - 2017-08-13 10:45 - 000038984 _____ (G DATA Software AG) C:\WINDOWS\system32\Drivers\GDKBFlt64.sys
2017-08-13 10:45 - 2017-08-13 10:45 - 000002102 _____ C:\Users\Public\Desktop\G DATA INTERNET SECURITY.lnk
2017-08-13 10:45 - 2017-08-13 10:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA INTERNET SECURITY
2017-08-13 10:43 - 2017-08-13 10:43 - 000309784 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\MiniIcpt.sys
2017-08-13 10:43 - 2017-08-13 10:43 - 000200728 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\GDBehave.sys
2017-08-13 10:43 - 2017-08-13 10:43 - 000162328 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\PktIcpt.sys
2017-08-13 10:43 - 2017-08-13 10:43 - 000157720 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\HookCentre.sys
2017-08-13 10:35 - 2017-08-13 10:36 - 014890128 _____ (G DATA Software AG) C:\Users\Gena_2\Downloads\GDATA_INTERNETSECURITY_WEB_WEU.exe
2017-08-13 00:19 - 2017-08-13 00:19 - 001781359 _____ (pendrivelinux.com) C:\Users\genas_000\Downloads\Universal-USB-Installer.exe
2017-08-13 00:16 - 2017-08-13 00:16 - 000506984 _____ C:\Users\Gena_2\Documents\GDataSettings.gds

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-09-12 18:44 - 2016-11-16 19:56 - 000282155 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2017-09-12 18:40 - 2016-09-13 21:35 - 000000000 ____D C:\ProgramData\NVIDIA
2017-09-12 18:39 - 2016-05-27 13:54 - 000000000 ___RD C:\Users\Gena_2\Creative Cloud Files
2017-09-12 18:39 - 2014-07-23 21:46 - 000000000 ____D C:\Users\Gena_2\AppData\Local\Adobe
2017-09-12 18:38 - 2016-09-13 21:44 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-12 18:38 - 2016-09-13 21:34 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-09-12 18:38 - 2016-07-16 08:04 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2017-09-12 18:38 - 2014-07-23 17:42 - 000000000 __SHD C:\Users\Gena_2\IntelGraphicsProfiles
2017-09-12 18:34 - 2016-07-17 00:51 - 001648350 _____ C:\WINDOWS\system32\perfh007.dat
2017-09-12 18:34 - 2016-07-17 00:51 - 001153390 _____ C:\WINDOWS\system32\perfc007.dat
2017-09-12 18:34 - 2015-08-07 21:06 - 006105036 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-09-12 18:31 - 2016-09-17 14:50 - 000000000 ____D C:\Users\Gena_2\Documents\Outlook-Dateien
2017-09-12 18:31 - 2014-07-22 18:47 - 000000000 ____D C:\Users\genas_000\Documents\Outlook-Dateien
2017-09-12 18:25 - 2014-02-11 07:34 - 000000000 ____D C:\ProgramData\Lenovo
2017-09-12 18:23 - 2016-12-20 23:21 - 000000000 ____D C:\Users\genas_000\AppData\LocalLow\Mozilla
2017-09-12 18:17 - 2016-09-13 21:33 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-09-12 17:34 - 2016-09-13 21:44 - 000000000 ____D C:\WINDOWS\System32\Tasks\TVT
2017-09-12 17:34 - 2014-02-11 07:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2017-09-12 17:11 - 2016-07-16 08:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-09-11 22:25 - 2016-04-09 13:41 - 000000000 ____D C:\Users\Gena_2\AppData\Local\CrashDumps
2017-09-11 21:30 - 2016-09-25 23:00 - 000347648 ___SH C:\Users\Gena_2\Desktop\Thumbs.db
2017-09-11 21:17 - 2016-09-17 17:58 - 000000000 ____D C:\Users\genas_000\AppData\LocalLow\Temp
2017-09-11 20:05 - 2014-07-23 17:42 - 000000000 ____D C:\Users\Gena_2\AppData\Local\Packages
2017-09-10 21:54 - 2016-04-09 13:31 - 000000000 ____D C:\Users\genas_000\AppData\Local\CrashDumps
2017-09-08 21:55 - 2017-08-12 22:30 - 000000000 ____D C:\Users\Gena_2\AppData\Roaming\gnupg
2017-09-08 21:04 - 2017-08-11 18:50 - 054567688 _____ C:\Users\Gena_2\Downloads\torbrowser-install-7.0.4_de.exe
2017-09-08 15:57 - 2016-09-13 21:36 - 000000000 ____D C:\Users\Gena_2
2017-09-08 15:57 - 2015-03-07 17:49 - 000000000 ____D C:\Users\Gena_2\AppData\Local\gtk-2.0
2017-09-06 16:06 - 2016-07-16 13:47 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-06 16:01 - 2017-07-23 12:18 - 000003372 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4288807228-2172792055-1580508024-1002
2017-09-06 16:01 - 2014-07-23 17:23 - 000000000 __RDO C:\Users\genas_000\OneDrive
2017-09-06 15:59 - 2016-07-16 13:47 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-06 15:54 - 2014-07-23 17:58 - 000000000 ____D C:\Users\Gena_2\AppData\Roaming\DAEMON Tools Lite
2017-09-06 15:50 - 2017-05-24 21:40 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-09-06 15:50 - 2014-07-22 16:45 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-09-01 23:29 - 2014-07-23 21:11 - 000000000 ____D C:\ProgramData\CanonIJPLM
2017-09-01 21:43 - 2016-11-24 19:07 - 000000000 ____D C:\Users\Gena_2\AppData\LocalLow\Mozilla
2017-08-29 15:45 - 2015-12-03 11:46 - 000002235 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-29 15:45 - 2015-12-03 11:46 - 000002223 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-08-27 14:07 - 2016-07-16 13:47 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-08-27 14:07 - 2016-07-16 13:47 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-08-27 14:06 - 2014-08-24 11:17 - 000000000 ____D C:\Users\genas_000\AppData\Local\Adobe
2017-08-24 21:11 - 2014-07-22 13:17 - 000000000 ____D C:\Users\genas_000\AppData\Local\Packages
2017-08-24 18:54 - 2015-03-07 17:33 - 000000000 ____D C:\Program Files (x86)\Google
2017-08-19 13:12 - 2017-08-11 21:34 - 007941944 _____ C:\Users\Gena_2\Downloads\KeePassX-2.0.3.zip
2017-08-15 21:10 - 2017-05-21 16:23 - 000000000 ____D C:\Users\Gena_2\AppData\Roaming\Garmin
2017-08-13 10:48 - 2014-08-07 17:32 - 000000000 ____D C:\ProgramData\G Data
2017-08-13 10:42 - 2016-07-16 13:47 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2017-08-13 10:42 - 2014-08-07 17:33 - 000000000 ____D C:\Program Files (x86)\G Data
2017-08-13 01:11 - 2017-08-12 16:57 - 000000000 ____D C:\Users\Gena_2\AppData\Local\ZenMate
2017-08-13 00:53 - 2017-08-12 16:57 - 000000000 ____D C:\Users\Gena_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZenGuard GmbH
2017-08-13 00:24 - 2016-09-13 21:36 - 000000000 ____D C:\Users\genas_000
2017-08-13 00:21 - 2016-07-16 13:47 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2017-08-13 00:21 - 2016-07-16 13:47 - 000000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2017-08-13 00:21 - 2016-07-16 13:47 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2017-08-13 00:21 - 2016-07-16 13:47 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2017-08-13 00:21 - 2016-07-16 13:47 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2017-08-13 00:21 - 2016-07-16 13:47 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2017-08-13 00:21 - 2016-07-16 13:47 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2017-08-13 00:21 - 2016-07-16 13:47 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2017-08-13 00:21 - 2016-07-16 13:47 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2017-08-13 00:21 - 2016-07-16 13:47 - 000000000 ____D C:\WINDOWS\SysWOW64\en-GB
2017-08-13 00:21 - 2016-07-16 13:47 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2017-08-13 00:17 - 2014-04-30 17:43 - 000000000 __RHD C:\Users\Public\AccountPictures

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-07-22 13:18 - 2014-07-23 16:52 - 000005244 _____ () C:\Users\genas_000\AppData\Roaming\AbsoluteReminder.xml
2014-08-07 17:33 - 2014-08-07 17:33 - 000000000 _____ () C:\Users\genas_000\AppData\Roaming\gdfw.log
2014-08-07 17:33 - 2017-08-13 10:43 - 000001558 _____ () C:\Users\genas_000\AppData\Roaming\gdscan.log
2006-12-11 19:13 - 2006-12-11 19:13 - 000097336 _____ (Un4seen Developments) C:\Users\genas_000\AppData\Local\bass.dll
2006-12-11 19:13 - 2006-12-11 19:13 - 000013872 _____ (Un4seen Developments) C:\Users\genas_000\AppData\Local\basscd.dll
2007-08-13 17:46 - 2007-08-13 17:46 - 000102912 _____ (Albert L Faber) C:\Users\genas_000\AppData\Local\CDRip.dll
2007-08-13 17:46 - 2007-08-13 17:46 - 000155136 _____ () C:\Users\genas_000\AppData\Local\lame_enc.dll
2007-01-18 21:09 - 2007-01-18 21:09 - 000623616 _____ (Ivan Bischof ©2003 - 2005) C:\Users\genas_000\AppData\Local\No23 Recorder.exe
2005-08-23 22:34 - 2005-08-23 22:34 - 000029184 _____ () C:\Users\genas_000\AppData\Local\no23xwrapper.dll
2006-10-26 01:06 - 2006-10-26 01:06 - 000015872 _____ () C:\Users\genas_000\AppData\Local\ogg.dll
2014-10-08 15:02 - 2014-10-08 19:51 - 000001451 _____ () C:\Users\genas_000\AppData\Local\RecConfig.xml
2014-08-09 18:40 - 2016-09-17 16:47 - 000007598 _____ () C:\Users\genas_000\AppData\Local\Resmon.ResmonCfg
2006-10-26 01:06 - 2006-10-26 01:06 - 000143872 _____ () C:\Users\genas_000\AppData\Local\vorbis.dll
2006-10-26 01:06 - 2006-10-26 01:06 - 000064000 _____ () C:\Users\genas_000\AppData\Local\vorbisenc.dll
2006-10-26 01:06 - 2006-10-26 01:06 - 000019456 _____ () C:\Users\genas_000\AppData\Local\vorbisfile.dll
2016-09-13 21:35 - 2016-09-13 21:35 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2017-07-17 21:11 - 2017-07-18 13:10 - 000006299 _____ () C:\ProgramData\hpzinstall.log
2016-04-09 11:39 - 2016-04-09 11:39 - 000000016 _____ () C:\ProgramData\mntemp
2013-03-19 12:32 - 2013-03-19 12:32 - 000010011 _____ () C:\ProgramData\regid.2012-01.com.intel.discover-at_512FCF1B-3685-45F2-A1E9-63AEF7F79B35.swidtag

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-09-08 20:21

==================== Ende von FRST.txt ============================
         

Alt 12.09.2017, 17:48   #22
Gewin
 
Trojaner Verdacht, Win10 64bit - Standard

Trojaner Verdacht, Win10 64bit



Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 11-09-2017 02
durchgeführt von *************** (12-09-2017 18:45:47)
Gestartet von C:\Users\Gena_2\Desktop
Windows 10 Home Version 1607 (X64) (2016-09-13 19:51:32)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-4288807228-2172792055-1580508024-500 - Administrator - Disabled)
ASPNET (S-1-5-21-4288807228-2172792055-1580508024-1012 - Limited - Enabled)
DefaultAccount (S-1-5-21-4288807228-2172792055-1580508024-503 - Limited - Disabled)
Gast (S-1-5-21-4288807228-2172792055-1580508024-501 - Limited - Disabled) => C:\Users\Gast
*************** (S-1-5-21-4288807228-2172792055-1580508024-1002 - Administrator - Enabled) => C:\Users\genas_000
Gena_2 (S-1-5-21-4288807228-2172792055-1580508024-1003 - Limited - Enabled) => C:\Users\Gena_2
HomeGroupUser$ (S-1-5-21-4288807228-2172792055-1580508024-1022 - Limited - Enabled)
Lilia (S-1-5-21-4288807228-2172792055-1580508024-1046 - Limited - Enabled) => C:\Users\Lilia

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: G DATA INTERNET SECURITY (Enabled - Up to date) {A9C56A9B-ECCD-57EA-78F6-92511DA1C885}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G*DATA Personal Firewall (Enabled) {91FEEBBE-A6A2-56B2-53A9-3B64E3728FFE}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.3.0.0 - Absolute Software)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.22 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.215 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.2.0.211 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.8 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.10.1 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_1_1) (Version: 18.1.1 - Adobe Systems Incorporated)
Ahnenblatt 2.97a (HKLM-x32\...\Ahnenblatt_is1) (Version: 2.97.2.1 - Dirk Bцttcher)
Amolto Call Recorder Premium for Skype (HKLM-x32\...\{69F36B84-256D-47CA-A4AC-D04083709434}) (Version: 2.6.1 - Amolto)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 381.65 - NVIDIA Corporation) Hidden
ANT Drivers Installer x64 (HKLM\...\{1B6B17C2-176C-433C-93F3-640D12825426}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Audacity 1.2.6 (HKLM-x32\...\Audacity_is1) (Version:  - )
AusweisApp2 (HKLM-x32\...\{8BC126FD-2F56-4B56-9363-54C3D0027BC6}) (Version: 1.10.1 - Governikus GmbH & Co. KG)
Benutzerhandbuch (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo) Hidden
BlackVue HD (HKLM-x32\...\BlackVueHD) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
bpd_scan (HKLM-x32\...\{3D73DC7A-2D1D-45CF-8A67-24873925C716}) (Version: 3.00.0000 - Hewlett-Packard) Hidden
Brief Vorlagen (HKLM-x32\...\Brief Vorlagen_is1) (Version:  - )
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon MP Navigator EX 3.1 (HKLM-x32\...\MP Navigator EX 3.1) (Version:  - )
Canon MX340 series - регистрация пользователя (HKLM-x32\...\Canon MX340 series - регистрация пользователя) (Version:  - )
Canon MX340 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.32 - Piriform)
CrystalDiskMark 5.1.2 (HKLM\...\CrystalDiskMark5_is1) (Version: 5.1.2 - Crystal Dew World)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0191 - Disc Soft Ltd)
DIG-CAD 4.0 (HKLM-x32\...\DIG-CAD 4.0) (Version:  - )
DiskCryptor 1.1 (HKLM\...\DiskCryptor_is1) (Version: 1.1 - hxxp://diskcryptor.net/)
Download Master version 6.0.3.1433 (HKLM-x32\...\Download Master_is1) (Version: 6.0.3.1433 - WestByte)
Dragon Assistant Application de-DE Version 1.5.5 (HKLM-x32\...\{1CCBE73F-4948-4711-8D12-22E2FD65D706}_is1) (Version: 1.5.5 - Nuance Communications, Inc.)
Dragon Assistant Core Recognition Service Version 1.1.9 (HKLM-x32\...\{E97BA7A6-46FC-4EBF-B24A-B8362948C696}_is1) (Version: 1.1.9 - Nuance Communications, Inc.)
Dragon Assistant Language Data de-DE Version 1.1.2 (HKLM-x32\...\{FB671668-9AAC-41DC-872B-627418FB62D5}_is1) (Version: 1.1.2 - Nuance Communications, Inc.)
Dragon Assistant Version 1.5.5 (HKLM-x32\...\{D57A8269-3BE5-4D10-B882-64D0F2D448BF}_is1) (Version: 1.5.5 - Nuance Communications, Inc.)
Elevated Installer (HKLM-x32\...\{BA007E03-72AE-4D2D-8A73-FA4B935D4015}) (Version: 5.4.1.0 - Garmin Ltd or its subsidiaries) Hidden
Energy Manager (HKLM-x32\...\{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.24 - Lenovo) Hidden
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.24 - Lenovo)
Exif-Viewer 2.51  (HKLM-x32\...\Exif-Viewer) (Version: 2.51 - Ralf Bibinger)
Free DVD Video Converter (HKLM-x32\...\Free DVD Video Converter_is1) (Version: 2.0.65.823 - Digital Wave Ltd)
Free MP4 Video Converter version 5.0.54.1215 (HKLM-x32\...\Free MP4 Video Converter_is1) (Version: 5.0.54.1215 - DVDVideoSoft Ltd.)
Free Video to MP3 Converter version 5.0.54.1215 (HKLM-x32\...\Free Video to MP3 Converter_is1) (Version: 5.0.54.1215 - DVDVideoSoft Ltd.)
Free YouTube Download (HKLM-x32\...\Free YouTube Download_is1) (Version: 4.1.1.119 - DVDVideoSoft Ltd.)
FRITZ!Fernzugang (HKLM\...\{DD57CC22-8864-4CCA-94D4-600D024C1207}) (Version: 1.3.1 - AVM Berlin)
G DATA INTERNET SECURITY (HKLM-x32\...\G DATA INTERNET SECURITY) (Version: 25.4.0.1 - G DATA Software AG)
Garmin BaseCamp (HKLM-x32\...\{23A4DBD1-D847-4957-995D-8B1CC527E2E2}) (Version: 4.6.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{2f694ffe-66ec-4674-a32d-ec690281ca57}) (Version: 5.4.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{BCEE507D-8D49-40FF-B437-70E3B9C2D51C}) (Version: 5.4.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (HKLM-x32\...\{198E262D-8C4F-4131-91C7-1F81FB8688F1}) (Version: 5.4.1.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{ECF2E224-42F5-4E50-B58E-94CA70E85697}) (Version: 7.3.0.3832 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Gpg4win (2.3.4) (HKLM-x32\...\GPG4Win) (Version: 2.3.4 - The Gpg4win Project)
Intel Anti-Theft Discovery App (HKLM-x32\...\{707248B9-2D34-4D77-A5C6-2A8A54848E5A}) (Version: 1.1.0.7 - Intel Corporation)
Intel Experience Center - Configuration (HKLM-x32\...\{C73A16B7-AC35-4262-9BAF-DA9B2039A563}) (Version: 1.9.0.8 - Intel) Hidden
Intel(R) Experience Center Desktop Software (HKLM-x32\...\{85de612b-ee05-476a-87cc-52e5740de420}) (Version: 1.9.0.8 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.3.1520 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 17.0.1423.2) (HKLM\...\{302600C1-6BDF-4FD1-1405-148929CC1385}) (Version: 17.0.1405.0464 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.4.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel(R) Smart Connect Technology 4.1 x64 (HKLM\...\{6555226B-7295-4CFD-9D5B-9C8F394BE03A}) (Version: 4.1.41.2234 - Intel)
Intel(R) Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{C605440F-2748-435F-9F29-EB1C8134856F}) (Version: 4.1.17.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{d9e230c1-06bb-4b78-a9f1-c1ddce14e6fc}) (Version: 18.11.0 - Intel Corporation)
Internet Manager (HKLM-x32\...\Internet Manager) (Version: 22.001.18.91.55 - Huawei Technologies Co.,Ltd)
IsoBuster 3.9 (HKLM-x32\...\IsoBuster_is1) (Version: 3.9 - Smart Projects)
Java 8 Update 141 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180141F0}) (Version: 8.0.1410.15 - Oracle Corporation)
Java SE Development Kit 8 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180250}) (Version: 8.0.250.18 - Oracle Corporation)
KÜCHEN QUELLE 3D (HKU\S-1-5-21-4288807228-2172792055-1580508024-1003\...\SquareClock_Production_Home_KQ_Web) (Version:  - 3DVIA SAS)
L&H TTS3000 Deutsch (HKLM-x32\...\LHTTSGED) (Version:  - )
L&H TTS3000 Espaсol (HKLM-x32\...\LHTTSSPE) (Version:  - )
L&H TTS3000 Franзais (HKLM-x32\...\LHTTSFRF) (Version:  - )
L&H TTS3000 Italiano (HKLM-x32\...\LHTTSITI) (Version:  - )
L&H TTS3000 Portuguкs (Brasil) (HKLM-x32\...\LHTTSPTB) (Version:  - )
L&H TTS3000 Russian (HKLM-x32\...\LHTTSRUR) (Version:  - )
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10233 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.)
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo System Interface Foundation Driver (HKLM\...\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.078.00 - Lenovo)
Lenovo System Update (HKLM-x32\...\TVSU_is1) (Version: 5.07.0065 - Lenovo)
Lenovo YouCam (HKLM-x32\...\{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3423 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3423 - CyberLink Corp.)
Lernout & Hauspie TruVoice American English TTS Engine (HKLM-x32\...\tv_enua) (Version:  - )
Malwarebytes Version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 16.0.7766.2099 - Microsoft Corporation)
Microsoft Office 365 ProPlus - ru-ru (HKLM\...\O365ProPlusRetail - ru-ru) (Version: 16.0.7766.2099 - Microsoft Corporation)
Microsoft Office Language Pack 2013  - Russian/русский (HKLM-x32\...\Office15.OMUI.ru-ru) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4288807228-2172792055-1580508024-1002\...\OneDriveSetup.exe) (Version: 17.3.6966.0824 - Microsoft Corporation)
Microsoft Outlook-Sicherung für Persönliche Ordner (HKLM-x32\...\{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}) (Version: 1.10.0.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.218 (HKLM\...\{BBBE35B2-9349-3C48-BD3D-F574B17C7924}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
MKS Platform Components 9.x (HKLM\...\{30276636-0000-0905-9ABB-000BDB5CF35D}) (Version: 9.5.0000 - Mortice Kern Systems)
Motion Control (HKLM\...\Motion Control) (Version: 1.2.45.0 - Lenovo)
Mozilla Firefox 55.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 de)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 55.0.3.6445 - Mozilla)
Mp3tag v2.71 (HKLM-x32\...\Mp3tag) (Version: v2.71 - Florian Heidenreich)
No23 Recorder (HKLM-x32\...\{22B0E143-2B0B-435B-9F56-136A3D16065F}) (Version: 2.1.0.3 - No23)
No23 Recorder (HKLM-x32\...\{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}) (Version: 2.1.0.3 - No23) Hidden
No23 Recorder (HKLM-x32\...\No23 Recorder) (Version: 2.1.0.3 - No23)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.6 - Notepad++ Team)
NVIDIA GeForce Experience 3.6.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.6.0.74 - NVIDIA Corporation)
NVIDIA Grafiktreiber 381.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 381.65 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.4.10.0 - NVIDIA Corporation) Hidden
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.7766.2099 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.7766.2099 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.7766.2099 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0407-0000-0000000FF1CE}) (Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0419-0000-0000000FF1CE}) (Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.248 - Google, Inc.)
PlayMemories Camera Apps Downloader (HKLM-x32\...\{5C42BF1B-4586-4711-81A7-8D0F890A6A31}) (Version: 1.2.0.13221 - Sony Corporation)
Polar ProTrainer (HKLM-x32\...\{DF7DBA84-0A55-11D6-A0A6-6A7573736972}) (Version: 5.40.170 - )
Polar WebLink 2.4.15 (HKLM-x32\...\{2734FEDB-7A24-4F15-AC5C-3EC00414D4CC}) (Version: 02.50.0006 - Polar Electro Oy)
QUIK (HKLM-x32\...\{519A413F-6A45-4A48-AC2E-4A9C94C8F98A}_is1) (Version:  - СМВБ-Информационные технологии)
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.21229 - Realtek Semiconductor Corp.)
REALTEK DTV USB DEVICE (HKU\S-1-5-21-4288807228-2172792055-1580508024-1003\...\{DDBB7C89-1A09-441E-AA0F-6AA465755C17}) (Version: 1.00.0000 - Realtek)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.15.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Remote Camera Control (HKLM-x32\...\{A32B85B2-5731-41E9-B431-3F4F5D6E664F}) (Version: 3.7.00000 - Sony Corporation)
Samsung Kies3 (HKLM-x32\...\{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16011.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16011.2 - Samsung Electronics Co., Ltd.)
Samsung Portable SSD T3 (HKLM-x32\...\Samsung Portable SSD T3_is1) (Version: 1.3 - Samsung Electronics)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
SDI011 dual interface reader (HKLM-x32\...\{D0ED9100-DFFB-482C-8DB6-C626264757BD}) (Version: 1.01 - SCM Microsystems)
Seagate Dashboard (HKLM-x32\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.7.1.1 - Seagate)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0100-0419-0000-0000000FF1CE}_Office15.OMUI.ru-ru_{DFA82E00-94E0-456C-B143-A2E1A90B1950}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 3.5.0.1160 - Lenovo)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0370 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.37 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.37.103 - Skype Technologies S.A.)
Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.16052.2 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.16052.2 - Samsung Electronics Co., Ltd.)
Stellar Phoenix Photo Recovery (HKLM-x32\...\Stellar Phoenix Photo Recovery_is1) (Version: 7.0.0.0 - Stellar Information Technology Pvt Ltd.)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
SurfEasy VPN 3.9.542 (HKLM-x32\...\SurfEasy VPN) (Version: 3.9.542 - SurfEasy Inc)
Sweet Home 3D version 5.1.1 (HKLM\...\Sweet Home 3D_is1) (Version: 5.1.1 - eTeks)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.9.5 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
Update for Skype for Business 2015 (KB4011046) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0419-0000-0000000FF1CE}_Office15.OMUI.ru-ru_{4948A05E-E21F-4A6F-BF2A-7D106E339C9B}) (Version:  - Microsoft)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo)
Vibraimage8 Lite (HKLM-x32\...\{32B4ED86-7931-47CC-B62C-52C9CB739E6F}_is1) (Version:  - ELSYS Corp.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
WD Quick View (HKLM-x32\...\{2CE08B2D-856C-47D9-9F6A-BC691911BCD9}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{B11B695F-B5BF-4667-8291-682B3A73B5F8}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{4555885d-a64c-4234-9aac-72a8a6b5590b}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Засоби перевірки правопису Microsoft Office 2013 – Українська версія (HKLM-x32\...\{90150000-001F-0422-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Средства проверки правописания Microsoft Office 2013 — русский (HKLM-x32\...\{90150000-001F-0419-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Энциклопедия Фэн-Шуй (HKLM-x32\...\{2694C6A0-A36A-4DCD-B43F-9CBFC9D7393F}) (Version: 1.00.0000 - Агенство Вызов)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-4288807228-2172792055-1580508024-1002_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-07-18] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-07-18] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-07-18] ()
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-07-18] ()
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2015-04-15] ()
ContextMenuHandlers1: [AVK9CM] -> {CAF4C320-32F5-11D3-A222-004095200FF2} => C:\Program Files (x86)\G Data\InternetSecurity\AVK\ShellExt64.dll [2017-06-08] (G DATA Software AG)
ContextMenuHandlers1: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\GNU\GnuPG\bin\gpgex.dll [2017-07-06] (g10 Code GmbH)
ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2014-12-13] (Florian Heidenreich)
ContextMenuHandlers1: [SugarSync] -> {305BC11B-5175-492B-B569-866547FCDA40} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ContextMenuHandlers1: [TR] -> {6A982F05-85C0-48c4-B17E-407176B160AD} =>  -> Keine Datei
ContextMenuHandlers1: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2016-04-19] (Western Digital Technologies, Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers2: [CWDDriveMenuHandler] -> {CCEFA845-DCDB-4A2F-8BED-DBE87CD198EC} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2016-04-19] (Western Digital Technologies, Inc.)
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2014-12-13] (Florian Heidenreich)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers3: [Reisswolf] -> {1F0F1EE7-36B9-11D2-8985-0080ADA96E9B} => C:\Program Files (x86)\G Data\InternetSecurity\Shredder\Reisswlf64.dll [2017-06-08] (G DATA Software AG)
ContextMenuHandlers4: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\GNU\GnuPG\bin\gpgex.dll [2017-07-06] (g10 Code GmbH)
ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2014-12-13] (Florian Heidenreich)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers4: [TR] -> {6A982F05-85C0-48c4-B17E-407176B160AD} =>  -> Keine Datei
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Keine Datei
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-02] (Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\WINDOWS\system32\igfxOSP.dll [2016-11-02] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-04-01] (NVIDIA Corporation)
ContextMenuHandlers5: [TR] -> {6A982F05-85C0-48c4-B17E-407176B160AD} =>  -> Keine Datei
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-07-18] ()
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers6: [AVK9CM] -> {CAF4C320-32F5-11D3-A222-004095200FF2} => C:\Program Files (x86)\G Data\InternetSecurity\AVK\ShellExt64.dll [2017-06-08] (G DATA Software AG)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers6: [Reisswolf] -> {1F0F1EE7-36B9-11D2-8985-0080ADA96E9B} => C:\Program Files (x86)\G Data\InternetSecurity\Shredder\Reisswlf64.dll [2017-06-08] (G DATA Software AG)
ContextMenuHandlers6: [SugarSync] -> {305BC11B-5175-492B-B569-866547FCDA40} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ContextMenuHandlers6: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2016-04-19] (Western Digital Technologies, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-02] (Alexander Roshal)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {039B2D62-D86C-4D71-A3E5-9E1EF9AE46C8} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler  /v start /t reg_dword /d 1 /f /reg:32
Task: {0A27731B-0644-4062-ADF0-0AFD83B598EA} - System32\Tasks\Gena_2 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2017-05-10] (Seagate Technology LLC)
Task: {0FABADAA-5079-48C6-8A0A-0ABD016CC58F} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-03] (NVIDIA Corporation)
Task: {198E00EF-0EC1-4025-911B-5CE90632D071} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-05-03] (NVIDIA Corporation)
Task: {2B2E2AD2-8AC9-4185-8305-4F24390A902B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-03] (Microsoft Corporation)
Task: {2F88D19A-556E-4BBC-905F-3FB0FDFEEC1C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-08-05] (Microsoft Corporation)
Task: {2FFF98D8-7ECF-4660-B437-0AE36010B04D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-03] (Google Inc.)
Task: {32A8A4BB-A436-4B23-8F55-0C8B032A1856} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-05-18] ()
Task: {33AB2FBF-EC93-4152-B490-F31977AF7796} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\107d2a06-f27d-4471-bd8d-50c6564e97aa => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-06-05] (Lenovo Group Limited)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3B8B8F6B-77BC-432C-B0FD-AFAD1F998184} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-03] (NVIDIA Corporation)
Task: {3DDDA922-4DD7-4912-9AF7-455BDE6C560B} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-05-03] (NVIDIA Corporation)
Task: {4563D974-856B-42C7-A4A8-73967ABCD319} - System32\Tasks\AdobeAAMUpdater-1.0-BigCom-Gena_2 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {473480E0-9D4B-41BC-BBA5-67CF41269E37} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\04054495-1a99-4b37-9c20-1d691b6175a9 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-06-05] (Lenovo Group Limited)
Task: {48E9D8C9-2761-4284-B55B-24C8EFCA456C} - System32\Tasks\Samsung_PSSD_Registration => C:\ProgramData\Samsung Apps\Portable SSD\Samsung Portable SSD Daemon.exe
Task: {4AF6F6B4-2BF2-4311-8579-9136AEE95063} - System32\Tasks\Gena_2 DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2017-05-10] (Seagate Technology LLC)
Task: {4C4B59C3-B8BC-43E6-9CB9-17EF37989396} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-08-10] (Microsoft Corporation)
Task: {547ECDD4-8BA2-4948-959A-2427DB30601C} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {56A4F296-4DBB-4BA0-9DBF-31A9EDBF6FF2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-03] (Google Inc.)
Task: {66BE7478-3082-4773-A506-64305CE3D70A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-30] (Piriform Ltd)
Task: {70323029-858D-4ADD-90A8-2E72B7A2E07E} - System32\Tasks\Gena_22 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2017-05-10] (Seagate Technology LLC)
Task: {77973E8A-CCB9-466D-8AF3-B9E2F87DC3FC} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {7A3C259E-E121-49E4-9755-A251DFE47278} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-05-03] (NVIDIA Corporation)
Task: {968A7E06-BD15-4FBC-A6AE-D57226E2AC30} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2017-08-16] ()
Task: {97E4A251-A276-4D50-9078-630F149BA7C5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {97ED358D-36C8-4036-A210-DBF1729CFEA2} - System32\Tasks\Gena_21 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2017-05-10] (Seagate Technology LLC)
Task: {986DA129-70AE-4B81-A3A8-C2F4D410DF13} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Gena_2\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {9BC2B296-270E-455D-8911-77C889224D35} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => %windir%\system32\sc.exe START ImControllerService
Task: {9ED4E3EA-4A16-4189-95B9-4D3F28867A03} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {AC1E0504-321F-4E19-8A49-4C3D89897DA4} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-08-05] (Microsoft Corporation)
Task: {B0C360A4-A098-4E2E-ACB7-E1DDF62984E3} - System32\Tasks\*************** => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2017-05-10] (Seagate Technology LLC)
Task: {C3A1E82E-B71D-4E9C-B517-FEE16711404B} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2017-05-10] (Seagate Technology LLC)
Task: {D40095DF-2C22-4518-A3C7-6F63CD89DC85} - System32\Tasks\*************** DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2017-05-10] (Seagate Technology LLC)
Task: {D80986EA-20E0-4142-9888-6046758FDCCA} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {DEF49A8E-CADA-4E58-93D8-67E0242F64ED} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\90550239-7ab8-4a99-8123-be5e4a37e3ec => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-06-05] (Lenovo Group Limited)
Task: {DF1FACA5-2092-4B69-9F91-14BBA48448AF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-08-05] (Microsoft Corporation)
Task: {E224D0C7-6B38-4D37-A29A-FAAEA39D34E6} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\bbb4f7eb-223a-4cfb-aeb5-cae04ec41ebf => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-06-05] (Lenovo Group Limited)
Task: {E6F85229-2129-4888-92D2-5E851347D80B} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-05-03] (NVIDIA Corporation)
Task: {E9433FBE-0605-408C-B476-89442C67EDC3} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2017-08-16] ()
Task: {EF0B1B4C-C6E7-471A-9D7D-646B40C81902} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-03] (NVIDIA Corporation)
Task: {FE51E7E7-011F-47E8-BCF3-0595F5E3B458} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-03] (Microsoft Corporation)
Task: {FF1133FB-0247-4224-8FC2-0411588B726D} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-03] (NVIDIA Corporation)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Verknüpfungen & WMI ========================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)


Shortcut: C:\Users\genas_000\Desktop\Поиграй!.lnk -> C:\Program Files (x86)\Download Master\games.url () <==== Cyrillic
Shortcut: C:\Users\genas_000\Desktop\Энциклопедия Фэн-Шуй.lnk -> C:\Users\genas_000\AppData\Roaming\Microsoft\Installer\{2694C6A0-A36A-4DCD-B43F-9CBFC9D7393F}\_35987B591D36_44F6_A1C6_DD3345589997.exe () <==== Cyrillic
Shortcut: C:\Users\genas_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Энциклопедия Фэн-Шуй\Энциклопедия Фэн-Шуй.lnk -> C:\Users\genas_000\AppData\Roaming\Microsoft\Installer\{2694C6A0-A36A-4DCD-B43F-9CBFC9D7393F}\_35987B591D36_44F6_A1C6_DD3345589997.exe () <==== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive для бизнеса.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVE.EXE (Microsoft Corporation) <==== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype для бизнеса 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe (Microsoft Corporation) <==== Cyrillic
Shortcut: C:\Users\Public\Desktop\QUIK БКС.lnk -> C:\BCS_Work\QUIK_BCS\info.exe (ARQA Technologies) <==== Cyrillic

ShortcutWithArgument: C:\Users\genas_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Энциклопедия Фэн-Шуй\Удаление.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /x {2694C6A0-A36A-4DCD-B43F-9CBFC9D7393F} <==== Cyrillic
ShortcutWithArgument: C:\Users\Public\Desktop\Аура VI+.lnk -> C:\ELSYS\Vibraimage8Lite\Vibraimage.exe (ELSYS Corp.) -> -type DZ <==== Cyrillic

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-07-16 13:42 - 2016-07-16 13:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-07-12 16:27 - 2017-06-21 09:48 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-07-06 14:46 - 2017-07-06 14:46 - 000216576 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2013-10-28 04:02 - 2013-10-28 04:02 - 000351824 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2014-07-23 21:11 - 2009-09-08 14:12 - 000116104 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2013-04-15 16:45 - 2013-04-15 16:45 - 000182760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2013-04-15 16:45 - 2013-04-15 16:45 - 000060392 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2017-04-06 20:22 - 2017-05-03 22:21 - 001267320 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-03-14 21:39 - 2017-03-14 21:39 - 001663368 _____ () C:\Program Files (x86)\SurfEasy VPN\client\SurfEasyService.exe
2015-05-04 20:47 - 2013-08-16 08:53 - 000671744 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
2017-06-08 05:54 - 2017-06-08 05:54 - 000554984 _____ () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll
2017-07-18 00:50 - 2017-07-18 00:50 - 000492112 _____ () C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll
2015-04-15 22:13 - 2015-04-15 22:13 - 000222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2016-03-01 17:09 - 2016-11-02 00:05 - 000401896 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-09-16 19:54 - 2016-09-07 06:56 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-15 20:20 - 2017-03-04 08:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-15 20:20 - 2017-03-04 08:12 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-15 20:20 - 2017-03-04 08:05 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-15 20:20 - 2017-03-04 08:05 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-08-11 19:08 - 2017-03-04 08:05 - 001033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-08-11 19:08 - 2017-08-01 20:26 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-08-11 19:08 - 2017-08-01 20:31 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-08-24 20:44 - 2017-08-24 20:44 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-08-24 20:44 - 2017-08-24 20:44 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-08-24 20:44 - 2017-08-24 20:44 - 036162048 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-08-24 20:44 - 2017-08-24 20:44 - 002237952 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\skypert.dll
2017-04-07 09:41 - 2017-04-07 09:41 - 000054488 _____ () C:\Program Files\CCleaner\branding.dll
2017-06-30 13:22 - 2017-06-30 13:22 - 000069632 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-02-11 07:34 - 2014-02-11 07:34 - 000172552 _____ () C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe
2017-07-11 19:38 - 2017-08-16 15:07 - 000023928 _____ () C:\Program Files (x86)\Lenovo\System Update\SUService.exe
2014-02-11 07:31 - 2013-04-17 16:26 - 001165712 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_asr.dll
2014-02-11 07:31 - 2013-04-17 16:26 - 000199056 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_base.dll
2014-02-11 07:31 - 2013-04-17 16:26 - 000387984 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\fl_core.dll
2014-02-11 07:31 - 2013-04-17 16:26 - 000035216 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_platform.dll
2014-02-11 07:31 - 2013-04-17 16:26 - 001132944 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_pron.dll
2014-02-11 07:31 - 2013-04-17 16:26 - 000229264 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\sdxg.dll
2014-02-11 07:31 - 2013-04-17 16:25 - 000027648 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\WASAPIResamplingStreamCOMServer.dll
2015-01-04 16:57 - 2016-10-27 13:18 - 000114664 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\zlib1.dll
2015-01-04 16:57 - 2016-10-27 13:18 - 000108008 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_filesystem-vc120-mt-1_56.dll
2015-01-04 16:57 - 2016-10-27 13:18 - 000024040 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_system-vc120-mt-1_56.dll
2015-01-04 16:57 - 2016-10-27 13:18 - 000048104 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_date_time-vc120-mt-1_56.dll
2017-07-06 14:33 - 2017-07-06 14:33 - 000222720 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2017-07-06 14:21 - 2017-07-06 14:21 - 000050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2017-07-06 14:33 - 2017-07-06 14:33 - 000073728 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2017-07-06 14:36 - 2017-07-06 14:36 - 000890880 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-20.dll
2017-07-06 14:27 - 2017-07-06 14:27 - 000103424 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2017-05-10 15:50 - 2017-05-10 15:50 - 000729792 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\PocoNet.dll
2017-03-14 21:40 - 2017-03-14 21:40 - 000078216 _____ () C:\Program Files (x86)\SurfEasy VPN\client\ZLIB1.dll
2015-05-04 20:47 - 2013-08-16 08:53 - 000011362 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\mingwm10.dll
2015-05-04 20:47 - 2013-08-16 08:53 - 000043008 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\libgcc_s_dw2-1.dll
2015-05-04 20:47 - 2013-08-16 08:53 - 002417152 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtCore4.dll
2015-05-04 20:47 - 2013-08-16 08:53 - 001148416 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtNetwork4.dll
2017-04-06 20:22 - 2017-05-03 22:21 - 001040504 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-08-10 11:14 - 2016-08-10 11:14 - 040523480 _____ () C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\libcef.dll
2014-02-11 07:34 - 2014-02-11 07:34 - 001623048 _____ () C:\Program Files (x86)\Lenovo\MotionControl\eyeKeys.dll
2014-02-11 07:34 - 2014-02-11 07:34 - 000030728 _____ () C:\Program Files (x86)\Lenovo\MotionControl\esmlib.dll
2012-09-23 20:43 - 2012-09-23 20:43 - 000010240 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\de_de\acrotray.deu
2017-06-22 18:56 - 2017-06-22 18:56 - 000118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2017-06-22 18:56 - 2017-06-22 18:56 - 000214528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2017-06-22 18:55 - 2017-06-22 18:55 - 000117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2017-06-22 18:56 - 2017-06-22 18:56 - 000125952 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2017-07-13 10:12 - 2017-07-13 10:12 - 000099424 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2017-06-22 18:56 - 2017-06-22 18:56 - 000086528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2017-05-19 23:49 - 2017-05-19 23:49 - 000118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\fs-ext\build\Release\fs-ext.node
2017-05-19 23:49 - 2017-05-19 23:49 - 000117760 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ref\build\Release\binding.node
2017-05-19 23:49 - 2017-05-19 23:49 - 000125440 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ffi\build\Release\ffi_bindings.node
2017-05-19 23:50 - 2017-05-19 23:50 - 000214528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2017-07-13 10:07 - 2017-07-13 10:07 - 000099424 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2017-05-19 23:49 - 2017-05-19 23:49 - 000098816 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\bufferutil\build\Release\bufferutil.node
2017-05-19 23:50 - 2017-05-19 23:50 - 000086528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\idle-gc\build\Release\idle-gc.node
2014-02-11 07:09 - 2013-05-09 14:23 - 001199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-4288807228-2172792055-1580508024-1002\...\sharepoint.com -> hxxps://htlsalzburg-files.sharepoint.com
IE trusted site: HKU\S-1-5-21-4288807228-2172792055-1580508024-1003\...\127.0.0.1 -> hxxp://127.0.0.1
IE trusted site: HKU\S-1-5-21-4288807228-2172792055-1580508024-1003\...\sharepoint.com -> hxxps://htlsalzburg.sharepoint.com

==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 15:25 - 2017-08-24 21:11 - 000004317 _____ C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.0 a.ads1.msn.com
0.0.0.0 a.ads2.msads.net
0.0.0.0 a.ads2.msn.com
0.0.0.0 a.rad.msn.com
0.0.0.0 a-0001.a-msedge.net
0.0.0.0 a-0002.a-msedge.net
0.0.0.0 a-0003.a-msedge.net
0.0.0.0 a-0004.a-msedge.net
0.0.0.0 a-0005.a-msedge.net
0.0.0.0 a-0006.a-msedge.net
0.0.0.0 a-0007.a-msedge.net
0.0.0.0 a-0008.a-msedge.net
0.0.0.0 a-0009.a-msedge.net
0.0.0.0 ac3.msn.com
0.0.0.0 ad.doubleclick.net
0.0.0.0 adnexus.net
0.0.0.0 adnxs.com
0.0.0.0 ads.msn.com
0.0.0.0 ads1.msads.net
0.0.0.0 ads1.msn.com
0.0.0.0 aidps.atdmt.com
0.0.0.0 aka-cdn-ns.adtech.de
0.0.0.0 a-msedge.net
0.0.0.0 az361816.vo.msecnd.net
0.0.0.0 az512334.vo.msecnd.net
0.0.0.0 b.ads1.msn.com
0.0.0.0 b.ads2.msads.net
0.0.0.0 b.rad.msn.com
0.0.0.0 bs.serving-sys.com
0.0.0.0 c.atdmt.com

Da befinden sich 77 zusätzliche Einträge.


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-4288807228-2172792055-1580508024-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\genas_000\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img4.jpg
HKU\S-1-5-21-4288807228-2172792055-1580508024-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Gena_2\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

HKU\S-1-5-21-4288807228-2172792055-1580508024-1003\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-4288807228-2172792055-1580508024-1003\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{7DCA83E0-AED3-4A40-A274-EC1D2CCFB027}] => (Allow) LPort=8888
FirewallRules: [{6CA095EE-2D95-423D-B630-8C61B1AB6952}] => (Allow) LPort=8888
FirewallRules: [{B29A7DB6-56EB-4EC9-B3EF-AD78A7AB69CE}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{7545A3D5-97C1-4B6F-8D49-5E1664613C2E}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe

==================== Wiederherstellungspunkte =========================

ACHTUNG: Systemwiederherstellung ist deaktiviert

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (09/12/2017 06:39:06 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - netDetect::AOACWLANProset::LocateAdapters   Net Detect:  Net Detect Supported Error Getting Adapter List Error=0x80040302\n

Error: (09/12/2017 06:36:14 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - netDetect::AOACWLANProset::LocateAdapters   Net Detect:  Net Detect Supported Error Getting Adapter List Error=0x80040302\n

Error: (09/12/2017 06:35:59 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - CWinPcapWrapper::InitializeDLL   You must be running with Free version of WinPcap!!!

Error: (09/12/2017 06:35:58 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - CWinPcapWrapper::InitializeDLL   Error starting WinPcap Professional: Unable to copy the WinPcap Professional files. Administrative privileges are required for this operation.

Error: (09/12/2017 06:30:40 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - netDetect::AOACWLANProset::LocateAdapters   Net Detect:  Net Detect Supported Error Getting Adapter List Error=0x80040302\n

Error: (09/12/2017 06:27:31 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - netDetect::AOACWLANProset::LocateAdapters   Net Detect:  Net Detect Supported Error Getting Adapter List Error=0x80040302\n

Error: (09/12/2017 06:27:16 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - CWinPcapWrapper::InitializeDLL   You must be running with Free version of WinPcap!!!

Error: (09/12/2017 06:27:14 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - CWinPcapWrapper::InitializeDLL   Error starting WinPcap Professional: Unable to copy the WinPcap Professional files. Administrative privileges are required for this operation.

Error: (09/12/2017 06:24:27 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - netDetect::AOACWLANProset::LocateAdapters   Net Detect:  Net Detect Supported Error Getting Adapter List Error=0x80040302\n

Error: (09/12/2017 06:24:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname BigCom.local already in use; will try BigCom-2.local instead


Systemfehler:
=============
Error: (09/12/2017 06:45:24 PM) (Source: DCOM) (EventID: 10010) (User: BigCom)
Description: Der Server "{DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (09/12/2017 06:38:52 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 und der APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (09/12/2017 06:38:52 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 und der APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (09/12/2017 06:38:52 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 und der APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (09/12/2017 06:38:52 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 und der APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (09/12/2017 06:38:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Internet Manager. RunOuc" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (09/12/2017 06:38:45 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Internet Manager. RunOuc erreicht.

Error: (09/12/2017 06:38:23 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (09/12/2017 06:35:56 PM) (Source: DCOM) (EventID: 10010) (User: BigCom)
Description: Der Server "{DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (09/12/2017 06:35:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Update Manager" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


CodeIntegrity:
===================================
  Date: 2017-09-06 15:58:09.788
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltDll64.dll that did not meet the Store signing level requirements.

  Date: 2017-09-06 15:49:15.976
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltDll64.dll that did not meet the Store signing level requirements.

  Date: 2016-09-28 22:25:30.242
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-28 22:25:30.240
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-28 22:25:30.236
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-28 22:25:30.233
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-28 22:25:30.229
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-28 22:25:30.226
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-28 22:25:30.214
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-28 22:25:30.201
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-4500U CPU @ 1.80GHz
Prozentuale Nutzung des RAM: 43%
Installierter physikalischer RAM: 8104.27 MB
Verfügbarer physikalischer RAM: 4554.33 MB
Summe virtueller Speicher: 9384.27 MB
Verfügbarer virtueller Speicher: 5542.05 MB

==================== Laufwerke ================================

Drive c: (Windows8_OS) (Fixed) (Total:122.8 GB) (Free:18.89 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (Zwieschenspeicher) (Fixed) (Total:25 GB) (Free:4.78 GB) NTFS
Drive g: (LENOVO_S) (Fixed) (Total:51.88 GB) (Free:1.32 GB) NTFS
Drive h: (Volume) (Fixed) (Total:23.17 GB) (Free:6.88 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: BC09B5DB)

Partition: GPT.

==================== Ende von Addition.txt ============================
         

das Fenster mit cmd.exe nach wie vor, Ordner werden nicht mehr geöfnet

Alt 12.09.2017, 20:14   #23
M-K-D-B
/// TB-Ausbilder
 
Trojaner Verdacht, Win10 64bit - Standard

Trojaner Verdacht, Win10 64bit



Servus,



Wie siehts nach den folgenden Schritten aus?



Schritt 1
  • Kopiere den Inhalt der folgenden Code-Box:
    Code:
    ATTFilter
    Start::
    CloseProcesses:
    C:\Users\genas_000\Downloads\FreeSoundRecorder.exe
    D:\Bank\dkb-cashback_ie_ff_ch.exe
    D:\Umzug\Desktop\Alte Firefox-Daten\6o40wgqc.default\extensions\crossriderapp16150@crossrider.com
    Unlock: C:\WINDOWS\system32\Drivers\etc\hosts
    C:\WINDOWS\system32\Drivers\etc\hosts
    Hosts:
    Reboot:
    End::
             
  • Starte nun FRST und klicke den Entfernen Button.
  • Das Tool führt die gewünschten Schritte aus und erstellt eine fixlog.txt im selben Verzeichnis, in dem sich die FRST/FRST64.exe befindet.
  • Gegebenenfalls muss dein Rechner dafür neu gestartet werden.
  • Poste mir den Inhalt der fixlog.txt mit deiner nächsten Antwort.





Schritt 2
  • Starte die FRST.exe erneut. Vergewissere dich, dass vor Addition.txt ein Haken gesetzt ist und drücke auf Untersuchen.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die beiden neuen Logdateien von FRST (FRST.txt und Addition.txt).

Alt 13.09.2017, 14:25   #24
Gewin
 
Trojaner Verdacht, Win10 64bit - Standard

Trojaner Verdacht, Win10 64bit



Servus,

Code:
ATTFilter
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 12-09-2017
durchgeführt von *************** (13-09-2017 15:18:22) Run:7
Gestartet von C:\Users\Gena_2\Desktop
Geladene Profile: *************** & Gena_2 (Verfügbare Profile: *************** & Gena_2 & Lilia & Gast & DefaultAppPool)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************

CloseProcesses:
C:\Users\genas_000\Downloads\FreeSoundRecorder.exe
D:\Bank\dkb-cashback_ie_ff_ch.exe
D:\Umzug\Desktop\Alte Firefox-Daten\6o40wgqc.default\extensions\crossriderapp16150@crossrider.com
Unlock: C:\WINDOWS\system32\Drivers\etc\hosts
C:\WINDOWS\system32\Drivers\etc\hosts
Hosts:
Reboot:

*****************

Prozesse erfolgreich geschlossen.
C:\Users\genas_000\Downloads\FreeSoundRecorder.exe => erfolgreich verschoben
D:\Bank\dkb-cashback_ie_ff_ch.exe => erfolgreich verschoben
D:\Umzug\Desktop\Alte Firefox-Daten\6o40wgqc.default\extensions\crossriderapp16150@crossrider.com => erfolgreich verschoben
"C:\WINDOWS\system32\Drivers\etc\hosts" => wurde entsperrt
C:\WINDOWS\system32\Drivers\etc\hosts => erfolgreich verschoben
Hosts erfolgreich wiederhergestellt.


Das System musste neu gestartet werden.

==== Ende von Fixlog 15:18:26 ====
         
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 12-09-2017
durchgeführt von *************** (Administrator) auf BIGCOM (13-09-2017 15:22:56)
Gestartet von C:\Users\Gena_2\Desktop
Geladene Profile: *************** & Gena_2 (Verfügbare Profile: *************** & Gena_2 & Lilia & Gast & DefaultAppPool)
Platform: Windows 10 Home Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(G DATA Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\avmike.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(G DATA Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\certsrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(MKS Software Inc.) C:\Windows\System32\nutsrv4.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
() C:\Program Files (x86)\SurfEasy VPN\client\SurfEasyService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
() C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
(Intel) C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe
(Lenovo(beijing) Limited) C:\ProgramData\Lenovo\ImController\Plugins\IdeaOSDPackage\x64\utility.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
() C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_26_0_0_151.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_26_0_0_151.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(G DATA Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
(G DATA Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(G DATA Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6339656 2013-05-16] (Realtek semiconductor)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15792112 2014-02-11] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [101360 2014-02-11] (Lenovo(beijing) Limited)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2710856 2009-11-01] (CANON INC.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-03] (Synaptics Incorporated)
HKLM\...\Run: [USB Safely Remove] => "C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe" /startup
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [LenovoUtility] => C:\ProgramData\Lenovo\ImController\Plugins\IdeaOSDPackage\x64\utility.exe [911272 2017-07-27] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2009-09-28] (CANON INC.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [NuTCSetupEnviron] => C:\Program Files\PTC\MKS Toolkit\bin\ncoeenv.exe [37248 2012-10-12] (MKS Software Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2407008 2017-07-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3500056 2017-07-27] (Adobe Systems Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5571944 2016-04-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1562304 2017-05-10] (Seagate Technology LLC)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM-x32\...\Run: [G Data ASM] => C:\Program Files (x86)\G Data\InternetSecurity\DelayLoader\AutorunDelayLoader.exe [442856 2017-06-08] (G DATA Software AG)
HKLM\...\RunOnce: [*EmptyTemp] => cmd /c rd /q/s C:\FRST\Temp
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Beschränkung <==== ACHTUNG
HKU\S-1-5-21-4288807228-2172792055-1580508024-1002\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files (x86)\DAEMON Tools Lite\DTAgent.exe [4295360 2016-06-09] (Disc Soft Ltd)
HKU\S-1-5-21-4288807228-2172792055-1580508024-1002\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421224 2017-05-18] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-4288807228-2172792055-1580508024-1002\...\Run: [SurfEasy] => C:\Program Files (x86)\SurfEasy VPN\client\SurfEasyVPN.exe startup
HKU\S-1-5-21-4288807228-2172792055-1580508024-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9818328 2017-06-30] (Piriform Ltd)
HKU\S-1-5-21-4288807228-2172792055-1580508024-1002\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [142568 2017-05-10] (Seagate Technology LLC)
HKU\S-1-5-21-4288807228-2172792055-1580508024-1002\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[C0].tx
HKU\S-1-5-21-4288807228-2172792055-1580508024-1002\...\MountPoints2: {50b30d4b-8405-11e6-bf7b-fcf8ae9ac78d} - "E:\run.exe" 
HKU\S-1-5-21-4288807228-2172792055-1580508024-1002\...\MountPoints2: {cba4bbd6-565a-11e6-bf56-fcf8ae9ac78d} - "J:\HPLauncher.exe" 
HKU\S-1-5-21-4288807228-2172792055-1580508024-1003\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2352832 2016-06-09] (Disc Soft Ltd)
HKU\S-1-5-21-4288807228-2172792055-1580508024-1003\...\Run: [KiesPDLR.exe] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run
HKU\S-1-5-21-4288807228-2172792055-1580508024-1003\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe [763416 2017-07-27] (Adobe Systems Incorporated)
HKU\S-1-5-21-4288807228-2172792055-1580508024-1003\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [142568 2017-05-10] (Seagate Technology LLC)
HKU\S-1-5-21-4288807228-2172792055-1580508024-1003\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files (x86)\DAEMON Tools Lite\DTAgent.exe [4295360 2016-06-09] (Disc Soft Ltd)
HKU\S-1-5-21-4288807228-2172792055-1580508024-1003\...\Run: [Polar Sync] => *:\program files\polar\polar sync\********************************************************************************************************************************************************************** (Der Dateneintrag hat 59 mehr Zeichen).
HKU\S-1-5-21-4288807228-2172792055-1580508024-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9818328 2017-06-30] (Piriform Ltd)
HKU\S-1-5-21-4288807228-2172792055-1580508024-1003\...\MountPoints2: {be3b4032-83bd-11e6-bf7a-fcf8ae9ac78d} - "I:\start-win.exe" 
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421224 2017-05-18] (Garmin Ltd. or its subsidiaries)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk [2014-02-11]
ShortcutTarget: iSCTsysTray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Motion Control.lnk [2014-02-11]
ShortcutTarget: Motion Control.lnk -> C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe ()
Startup: C:\Users\Gena_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZenMate.bat [2017-08-13] ()

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{2be6f6e2-00a5-4ce8-95ef-87a8efc7ebb5}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{3a45b7cf-7020-4447-8c63-994d33d62839}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-4288807228-2172792055-1580508024-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=625119&clcid=0x419
HKU\S-1-5-21-4288807228-2172792055-1580508024-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-4288807228-2172792055-1580508024-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=625119&clcid=0x419
HKU\S-1-5-21-4288807228-2172792055-1580508024-1003\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKU\S-1-5-21-4288807228-2172792055-1580508024-1002 -> DefaultScope {8C3078A0-9AAB-4371-85D1-656CA8E46EE8} URL = hxxps://yandex.ru/search/?text={searchTerms}&clid=2233627
SearchScopes: HKU\S-1-5-21-4288807228-2172792055-1580508024-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=U280DF&PC=U280&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4288807228-2172792055-1580508024-1002 -> {26B3CAA3-DAC0-4C35-B5A8-06D7ABF7F9C4} URL = 
SearchScopes: HKU\S-1-5-21-4288807228-2172792055-1580508024-1002 -> {8C3078A0-9AAB-4371-85D1-656CA8E46EE8} URL = hxxps://yandex.ru/search/?text={searchTerms}&clid=2233627
SearchScopes: HKU\S-1-5-21-4288807228-2172792055-1580508024-1003 -> DefaultScope {8C3078A0-9AAB-4371-85D1-656CA8E46EE8} URL = hxxps://yandex.ru/search/?text={searchTerms}&clid=2233627
SearchScopes: HKU\S-1-5-21-4288807228-2172792055-1580508024-1003 -> {26B3CAA3-DAC0-4C35-B5A8-06D7ABF7F9C4} URL = 
SearchScopes: HKU\S-1-5-21-4288807228-2172792055-1580508024-1003 -> {8C3078A0-9AAB-4371-85D1-656CA8E46EE8} URL = hxxps://yandex.ru/search/?text={searchTerms}&clid=2233627
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-07-19] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-19] (Microsoft Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2014-12-15] (DVDVideoSoft Ltd.)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-07-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\ssv.dll [2017-07-19] (Oracle Corporation)
BHO-x32: IE 4.x-6.x BHO for Download Master -> {9961627E-4059-41B4-8E0E-A7D6B3854ADF} -> C:\Program Files (x86)\Download Master\dmiehlp.dll [2014-12-29] (WestByte)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-07-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\jp2ssv.dll [2017-07-19] (Oracle Corporation)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2016-01-19] (DVDVideoSoft Ltd.)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-19] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-19] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-19] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-19] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-04-05] (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  Keine Datei

FireFox:
========
FF ProfilePath: C:\Users\genas_000\AppData\Roaming\Mozilla\Firefox\Profiles\30yofb6a.default-1460833065739 [2017-09-12]
FF Extension: (SaveFrom.net helper) - C:\Users\genas_000\AppData\Roaming\Mozilla\Firefox\Profiles\30yofb6a.default-1460833065739\Extensions\helper-sig@savefrom.net.xpi [2017-09-12]
FF Extension: (Click-to-Play staged rollout) - C:\Users\genas_000\AppData\Roaming\Mozilla\Firefox\Profiles\30yofb6a.default-1460833065739\features\{3b71e2d0-2414-4604-aeec-9fdae4345e95}\clicktoplay-rollout@mozilla.org.xpi [2017-09-12]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2017-08-10]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-27] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-07-13] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-27] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\CanonBJ\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-02-04] (CANON INC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-08-26] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-09] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.141.2 -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\dtplugin\npDeployJava1.dll [2017-07-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.141.2 -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\plugin2\npjp2.dll [2017-07-19] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [Keine Datei]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-07-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-07-19] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2017-08-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-07-13] (Adobe Systems)
FF Plugin-x32: Sony Corporation/PMCADownloader -> C:\ProgramData\Sony Corporation\PMCADownloader\1.2.0.13221\npPMCADownloader.dll [2012-10-17] (Sony Network Entertainment International LLC)
FF Plugin-x32: Sony Corporation/PMCADownloaderHelper -> C:\ProgramData\Sony Corporation\PMCADownloader\1.2.0.13221\PMCADownloaderHelper.exe [2012-10-17] (Sony Network Entertainment International LLC)
FF Plugin-x32: Sony Corporation/PMCADownloaderLib -> C:\ProgramData\Sony Corporation\PMCADownloader\1.2.0.13221\PMCADownloaderLib.dll [2012-10-17] (Sony Network Entertainment International LLC)

Chrome: 
=======
CHR HomePage: Default -> bing.com/?pc=__PARAM__
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms}
CHR Profile: C:\Users\genas_000\AppData\Local\Google\Chrome\User Data\Default [2017-09-11]
CHR Extension: (Google Präsentationen) - C:\Users\genas_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-12]
CHR Extension: (Google Docs) - C:\Users\genas_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-12]
CHR Extension: (Google Drive) - C:\Users\genas_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-12]
CHR Extension: (YouTube) - C:\Users\genas_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-12]
CHR Extension: (Adobe Acrobat) - C:\Users\genas_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-12]
CHR Extension: (Google Tabellen) - C:\Users\genas_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-12]
CHR Extension: (Google Docs Offline) - C:\Users\genas_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-12]
CHR Extension: (Skype) - C:\Users\genas_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-01-12]
CHR Extension: (Bing) - C:\Users\genas_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfedoihopcjdfjihhhojdclnfdgomdho [2017-01-12]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\genas_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-12]
CHR Extension: (PlayMemories Camera Apps Downloader) - C:\Users\genas_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlghnkgcadghcdodlcjfhogekonhdei [2017-01-12]
CHR Extension: (Google Mail) - C:\Users\genas_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-12]
CHR Extension: (Chrome Media Router) - C:\Users\genas_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-12]
CHR HKU\S-1-5-21-4288807228-2172792055-1580508024-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nfedoihopcjdfjihhhojdclnfdgomdho] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2017-07-27]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [814688 2017-07-13] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [5017224 2017-06-23] (G DATA Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [3328112 2017-06-08] (G Data Software AG)
R2 avmike; C:\Program Files\FRITZ!Fernzugang\avmike.exe [337824 2012-11-28] (AVM Berlin)
R2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [101536 2013-04-16] (Intel)
R2 certsrv; C:\Program Files\FRITZ!Fernzugang\certsrv.exe [143776 2012-11-28] (AVM Berlin)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3705536 2017-07-03] (Microsoft Corporation)
R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe [432528 2013-04-17] (Nuance Communications, Inc.)
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [437224 2016-10-27] (Digital Wave Ltd.)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2017-07-06] () [Datei ist nicht signiert]
S3 Disc Soft Lite Bus Service; C:\Program Files (x86)\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1458368 2016-06-09] (Disc Soft Ltd)
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1093136 2017-05-18] (Garmin Ltd. or its subsidiaries)
S3 GDBackupSvc; C:\Program Files (x86)\G Data\InternetSecurity\AVKBackup\AVKBackupService.exe [3997160 2017-06-23] (G DATA Software AG)
R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [3419552 2017-06-08] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [884328 2017-06-08] (G DATA Software AG)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2013-10-28] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-05-08] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-02] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-09-08] ()
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [57160 2017-06-05] (Lenovo Group Limited)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-09] (Intel Corporation)
S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [671744 2013-08-16] () [Datei ist nicht signiert]
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [182760 2013-04-15] ()
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-09] (Intel Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 NuTCRACKERService; C:\WINDOWS\system32\nutsrv4.exe [574776 2012-10-12] (MKS Software Inc.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-04-01] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [450168 2017-05-03] (NVIDIA Corporation)
R2 nwtsrv; C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe [191328 2013-06-10] (AVM Berlin)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16120 2017-05-10] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [143560 2017-05-10] (Seagate Technology LLC)
S3 ShareItSvc; C:\Program Files (x86)\SHAREit\SHAREit\Shareit.Service.exe [35272 2016-05-04] (SHAREit Technologies Co.Ltd)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
R2 SurfEasyVPN; C:\Program Files (x86)\SurfEasy VPN\client\SurfEasyService.exe [1663368 2017-03-14] ()
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [23928 2017-08-16] ()
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1049464 2016-04-19] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [314744 2016-04-19] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-28] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-08-01] (Microsoft Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R0 dcrypt; C:\WINDOWS\System32\drivers\dcrypt.sys [210632 2014-07-09] ()
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-09-26] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-09-26] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-08-24] ()
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [109568 2013-01-25] (Huawei Technologies Co., Ltd.)
R0 GDBehave; C:\WINDOWS\System32\drivers\GDBehave.sys [200728 2017-08-13] (G Data Software AG)
R3 gddcd; C:\WINDOWS\System32\drivers\gddcd64.sys [79872 2015-03-23] (G Data Software AG)
R1 gddcv; C:\WINDOWS\System32\drivers\gddcv64.sys [59904 2015-03-23] (G Data Software AG)
S0 GDElam; C:\WINDOWS\System32\DRIVERS\GDElam.sys [117904 2017-02-20] (G Data Software AG)
R3 GDKBB; C:\WINDOWS\system32\drivers\GDKBB64.sys [46104 2017-08-13] (G Data Software AG)
R3 GDKBFlt; C:\WINDOWS\system32\drivers\GDKBFlt64.sys [38984 2017-08-13] (G DATA Software AG)
R1 GDMnIcpt; C:\WINDOWS\system32\drivers\MiniIcpt.sys [309784 2017-08-13] (G Data Software AG)
R3 GDPkIcpt; C:\WINDOWS\system32\drivers\PktIcpt.sys [162328 2017-08-13] (G Data Software AG)
R1 gdwfpcd; C:\WINDOWS\System32\drivers\gdwfpcd64.sys [86584 2017-08-13] (G DATA Software AG)
S3 GRD; C:\WINDOWS\system32\drivers\GRD.sys [125640 2017-09-10] (G Data Software)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R1 HookCentre; C:\WINDOWS\system32\drivers\HookCentre.sys [157720 2017-08-13] (G Data Software AG)
S3 hwusb_cdcacm; C:\WINDOWS\system32\DRIVERS\ew_cdcacm.sys [121728 2013-12-10] (Huawei Technologies Co., Ltd.)
S3 hwusb_wwanecm; C:\WINDOWS\system32\DRIVERS\ew_wwanecm.sys [376704 2013-12-10] (Huawei Technologies Co., Ltd.)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [231168 2017-01-13] (Intel Corporation)
R3 ikbevent; C:\WINDOWS\system32\DRIVERS\ikbevent.sys [21048 2013-04-15] ()
R3 imsevent; C:\WINDOWS\system32\DRIVERS\imsevent.sys [21048 2013-04-15] ()
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [46568 2013-04-15] ()
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [192960 2017-09-08] (Malwarebytes)
S3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [101824 2017-09-10] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-09-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253888 2017-09-10] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [94144 2017-09-10] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
S3 mfencrk; C:\WINDOWS\system32\DRIVERS\mfencrk.sys [96592 2014-06-18] (McAfee, Inc.)
S3 MosIrUsb; C:\WINDOWS\System32\drivers\MosIrUsb.sys [27648 2007-10-11] ()
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3776792 2015-06-22] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvlti.inf_amd64_e512e33140587627\nvlddmkm.sys [14841784 2017-04-03] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-05-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48248 2017-05-03] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57976 2017-05-03] (NVIDIA Corporation)
S3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
S3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [759552 2015-09-21] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [8243528 2013-05-16] (Realtek Semiconductor Corp.)
S3 SD11CL64; C:\WINDOWS\system32\DRIVERS\SD11CL64.sys [96512 2011-01-24] (SCM Microsystems Inc.)
S3 SDI01164; C:\WINDOWS\system32\DRIVERS\SDI01164.SYS [75904 2011-01-24] (SCM Microsystems Inc.)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-03] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 taphss6; C:\WINDOWS\System32\drivers\taphss6.sys [42064 2017-03-21] (Anchorfree Inc.)
R0 TS4NT; C:\WINDOWS\System32\Drivers\TS4nt.sys [98760 2015-03-23] (G Data Software)
R3 usb3Hub; C:\WINDOWS\System32\drivers\usb3Hub.sys [207768 2013-04-16] (Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WPRO_41_2001; C:\WINDOWS\System32\drivers\WPRO_41_2001.sys [34752 2017-09-13] ()
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
U3 dmwappushsvc; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-09-13 15:22 - 2017-09-13 15:23 - 000041460 _____ C:\Users\Gena_2\Desktop\FRST.txt
2017-09-13 15:18 - 2017-09-13 15:18 - 000094656 _____ (CACE Technologies) C:\WINDOWS\system32\WPRO_41_2001woem.tmp
2017-09-13 15:18 - 2017-09-13 15:18 - 000001271 _____ C:\Users\Gena_2\Desktop\Fixlog.txt
2017-09-12 18:32 - 2017-09-13 15:18 - 002397184 _____ (Farbar) C:\Users\Gena_2\Desktop\FRST64.exe
2017-09-12 18:26 - 2017-09-13 15:18 - 000000000 ____D C:\Users\Gena_2\Desktop\FRST-OlderVersion
2017-09-12 18:24 - 2017-09-13 15:18 - 000000022 _____ C:\WINDOWS\S.dirmngr
2017-09-12 18:22 - 2017-09-12 18:23 - 000003927 _____ C:\Users\Gena_2\Documents\eset_1.txt
2017-09-12 18:21 - 2017-09-12 18:21 - 000007856 _____ C:\Users\genas_000\Documents\eset_1.txt
2017-09-12 18:20 - 2017-09-12 18:21 - 000007856 _____ C:\Users\genas_000\Desktop\eset_1.txt
2017-09-12 17:34 - 2017-09-12 17:34 - 000000279 _____ C:\WINDOWS\SysWOW64\InstallUtil.InstallLog
2017-09-12 17:34 - 2017-09-12 17:34 - 000000000 ____D C:\WINDOWS\SysWOW64\%LOCALAPPDATA%
2017-09-12 05:07 - 2017-09-13 15:19 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
2017-09-12 05:05 - 2017-09-12 18:20 - 000003927 _____ C:\Users\Gena_2\Desktop\eset.txt
2017-09-12 05:03 - 2017-09-12 18:18 - 000007856 _____ C:\Users\genas_000\Desktop\eset.txt
2017-09-11 22:36 - 2017-09-11 22:36 - 000000000 ____D C:\Users\genas_000\AppData\Local\ESET
2017-09-11 22:35 - 2017-09-11 22:35 - 006760064 _____ (ESET spol. s r.o.) C:\Users\Gena_2\Downloads\esetonlinescanner_deu.exe
2017-09-11 22:19 - 2017-09-11 22:37 - 000025126 _____ C:\Users\Gena_2\Downloads\Fixlog.txt
2017-09-11 21:45 - 2017-09-12 05:08 - 006760064 _____ (ESET spol. s r.o.) C:\Users\Gena_2\Desktop\esetonlinescanner_deu.exe
2017-09-11 21:39 - 2017-09-11 21:39 - 000000000 ____D C:\Program Files\HitmanPro
2017-09-11 21:38 - 2017-09-11 21:45 - 000000000 ____D C:\ProgramData\HitmanPro
2017-09-11 21:37 - 2017-09-11 21:38 - 011584088 _____ (SurfRight B.V.) C:\Users\Gena_2\Desktop\HitmanPro_x64.exe
2017-09-10 22:21 - 2017-09-10 22:21 - 000000000 ____D C:\Users\Gena_2\Downloads\TB
2017-09-10 15:38 - 2017-09-10 15:38 - 007091575 _____ C:\Users\Gena_2\Downloads\Локхарт Джош - Современный PHP.pdf
2017-09-10 15:37 - 2017-09-10 15:37 - 003311064 _____ (BitTorrent Inc.) C:\Users\Gena_2\Downloads\BitTorrent.exe
2017-09-10 15:30 - 2017-09-10 15:30 - 000000020 _____ C:\Users\Gena_2\Downloads\pass.txt
2017-09-10 15:16 - 2017-09-10 15:16 - 000277555 _____ C:\Users\Gena_2\Downloads\Specialist.ru_94_in_1.torrent
2017-09-10 15:15 - 2017-09-10 15:32 - 2097152000 _____ C:\Users\Gena_2\Downloads\Python_Jango.part2.rar
2017-09-10 15:15 - 2017-09-10 15:22 - 511922197 _____ C:\Users\Gena_2\Downloads\Python_Jango.part3.rar
2017-09-10 15:14 - 2017-09-10 15:30 - 2097152000 _____ C:\Users\Gena_2\Downloads\Python_Jango.part1.rar
2017-09-10 14:58 - 2017-09-11 21:16 - 000000000 ____D C:\Users\Gena_2\Downloads\FRST-OlderVersion
2017-09-10 14:32 - 2017-09-10 14:37 - 000000000 ____D C:\AdwCleaner
2017-09-10 14:29 - 2017-09-10 14:32 - 008182736 _____ (Malwarebytes) C:\Users\Gena_2\Downloads\adwcleaner_7.0.2.1.exe
2017-09-09 23:01 - 2017-09-09 23:04 - 390343134 _____ C:\Users\Gena_2\Downloads\2012_[www.youryoga.org].AVI
2017-09-09 21:57 - 2017-09-09 22:03 - 000130884 _____ C:\TDSSKiller.3.1.0.15_09.09.2017_21.57.24_log.txt
2017-09-09 21:54 - 2017-09-09 21:57 - 004922400 _____ (AO Kaspersky Lab) C:\Users\Gena_2\Downloads\tdsskiller.exe
2017-09-09 21:45 - 2017-09-10 22:33 - 000071031 _____ C:\Users\Gena_2\Downloads\Addition.txt
2017-09-08 23:26 - 2017-09-08 23:26 - 000000000 ____D C:\Users\Gena_2\Desktop\txt
2017-09-08 22:11 - 2017-09-08 22:11 - 000001456 _____ C:\Users\Gena_2\Desktop\Start Tor Browser.lnk
2017-09-08 21:56 - 2017-09-10 21:55 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-09-08 21:56 - 2017-09-10 14:51 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-09-08 21:56 - 2017-09-10 14:51 - 000101824 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-09-08 21:56 - 2017-09-10 14:51 - 000045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-09-08 21:56 - 2017-09-08 21:56 - 000192960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-09-08 21:56 - 2017-09-08 21:56 - 000001923 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-09-08 21:56 - 2017-09-08 21:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-09-08 21:56 - 2017-09-08 21:56 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-09-08 21:56 - 2017-09-08 21:56 - 000000000 ____D C:\Program Files\Malwarebytes
2017-09-08 21:56 - 2017-08-24 11:27 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-09-08 21:55 - 2017-09-08 21:55 - 066347240 _____ (Malwarebytes ) C:\Users\Gena_2\Downloads\mb3-setup-consumer-3.2.2.2018.exe
2017-09-08 21:33 - 2017-09-08 21:47 - 000079617 _____ C:\Users\genas_000\Downloads\Addition.txt
2017-09-08 21:32 - 2017-09-13 15:22 - 000000000 ____D C:\FRST
2017-09-08 21:32 - 2017-09-08 21:45 - 000100731 _____ C:\Users\genas_000\Downloads\FRST.txt
2017-09-08 21:29 - 2017-09-08 21:32 - 002395648 _____ (Farbar) C:\Users\genas_000\Downloads\FRST64.exe
2017-09-08 21:20 - 2017-09-08 21:20 - 007178424 _____ (VS Revo Group ) C:\Users\genas_000\Downloads\revosetup_v2.0.3.exe
2017-09-08 21:05 - 2017-09-08 21:05 - 000000970 _____ C:\Users\genas_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2017-09-08 21:05 - 2017-09-08 21:05 - 000000922 _____ C:\Users\genas_000\Desktop\Start Tor Browser.lnk
2017-09-08 21:04 - 2017-09-08 21:05 - 000000000 ____D C:\Users\genas_000\Desktop\Tor Browser
2017-09-08 15:57 - 2017-09-08 15:57 - 000007290 _____ C:\Users\Gena_2\AppData\Local\recently-used.xbel
2017-09-08 15:57 - 2017-09-08 15:57 - 000000037 _____ C:\Users\Gena_2\.gtk-bookmarks
2017-09-07 19:59 - 2017-09-13 15:19 - 000008192 _____ C:\WINDOWS\SysWOW64\WDPABKP.dat
2017-09-06 16:22 - 2017-09-06 20:25 - 001314861 _____ () C:\hoe.dll
2017-09-06 16:01 - 2017-09-06 16:01 - 000002447 _____ C:\Users\genas_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-04 20:54 - 2017-09-04 20:54 - 000000000 ____D C:\Users\Gena_2\AppData\Local\Tempzxpsign24b0aab944a0f2f8
2017-09-04 20:53 - 2017-09-04 20:53 - 000000000 ____D C:\Users\Gena_2\AppData\Local\Tempzxpsign7e4b5e0ba9a3c64c
2017-09-04 20:52 - 2017-09-04 20:52 - 000000000 ____D C:\Users\Gena_2\AppData\Local\Tempzxpsignfed5aacc0dc13da6
2017-09-04 20:52 - 2017-09-04 20:52 - 000000000 ____D C:\Users\Gena_2\AppData\Local\Tempzxpsign41a2d2e3a16ca90a
2017-09-04 20:52 - 2017-09-04 20:52 - 000000000 ____D C:\Users\Gena_2\AppData\Local\Tempzxpsign0ce8cd98bb0e703f
2017-09-03 19:24 - 2017-09-03 19:24 - 000184837 _____ C:\Users\Gena_2\Documents\Paracelsus-Versand.pdf
2017-09-02 23:31 - 2017-09-02 23:31 - 001781226 _____ C:\Users\Gena_2\Documents\Ahnenblatt-Handbuch.pdf
2017-09-02 20:38 - 2017-09-06 21:16 - 000000000 ____D C:\Users\Gena_2\Documents\Ahnenblatt
2017-09-02 20:38 - 2017-09-06 19:22 - 000000000 ____D C:\Users\Gena_2\AppData\Roaming\Ahnenblatt
2017-09-02 17:00 - 2017-09-02 20:38 - 000000000 ____D C:\Users\genas_000\AppData\Roaming\Ahnenblatt
2017-09-02 17:00 - 2017-09-02 17:00 - 000001175 _____ C:\Users\Public\Desktop\Ahnenblatt.lnk
2017-09-02 17:00 - 2017-09-02 17:00 - 000000000 ____D C:\Users\genas_000\Documents\Ahnenblatt
2017-09-02 17:00 - 2017-09-02 17:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ahnenblatt
2017-09-02 17:00 - 2017-09-02 17:00 - 000000000 ____D C:\Program Files (x86)\Ahnenblatt
2017-09-02 16:59 - 2017-09-02 16:59 - 007164912 _____ (Dirk Böttcher ) C:\Users\Gena_2\Downloads\absetup.exe
2017-08-24 18:54 - 2017-08-24 18:54 - 000002258 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2017-08-24 18:54 - 2017-08-24 18:54 - 000002220 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2017-08-22 21:09 - 2017-09-13 15:18 - 000034752 _____ C:\WINDOWS\system32\Drivers\WPRO_41_2001.sys
2017-08-19 13:15 - 2017-08-19 13:15 - 000000000 ____D C:\Users\genas_000\AppData\Local\keepassx
2017-08-19 13:14 - 2017-08-19 13:14 - 000000000 ____D C:\Users\Gena_2\Downloads\KeePassX-2.0.3
2017-08-19 13:12 - 2017-08-19 13:12 - 000000801 _____ C:\Users\Gena_2\Downloads\KeePassX-2.0.3.zip.sig
2017-08-19 11:38 - 2017-08-24 21:06 - 000000000 ____D C:\Users\Gena_2\Downloads\windows
2017-08-14 18:28 - 2017-08-14 18:28 - 000000000 ____D C:\Users\Gena_2\AppData\Local\Tempzxpsign1b4a29de636be42f
2017-08-14 18:23 - 2017-08-14 18:23 - 000000000 ____D C:\Users\Gena_2\AppData\Local\Tempzxpsignc0bab0ec0cf11e06
2017-08-14 18:17 - 2017-08-14 18:17 - 000000000 ____D C:\Users\Gena_2\AppData\Local\Tempzxpsign991be756ff36d9ed
2017-08-14 18:16 - 2017-08-14 18:16 - 000000000 ____D C:\Users\Gena_2\AppData\Local\Tempzxpsignad11cc61bf043d49
2017-08-14 18:16 - 2017-08-14 18:16 - 000000000 ____D C:\Users\Gena_2\AppData\Local\Tempzxpsigna9351cf5d5af130d
2017-08-14 18:15 - 2017-08-14 18:15 - 000000000 ____D C:\Users\Gena_2\AppData\Local\Tempzxpsign880927f307097e96
2017-08-14 18:15 - 2017-08-14 18:15 - 000000000 ____D C:\Users\Gena_2\AppData\Local\Tempzxpsign68131fe99be3bf8d

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-09-13 15:23 - 2016-07-17 00:51 - 001661736 _____ C:\WINDOWS\system32\perfh007.dat
2017-09-13 15:23 - 2016-07-17 00:51 - 001166200 _____ C:\WINDOWS\system32\perfc007.dat
2017-09-13 15:23 - 2015-08-07 21:06 - 006159588 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-09-13 15:21 - 2016-09-13 21:35 - 000000000 ____D C:\ProgramData\NVIDIA
2017-09-13 15:19 - 2016-09-13 21:34 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-09-13 15:19 - 2016-05-27 13:54 - 000000000 ___RD C:\Users\Gena_2\Creative Cloud Files
2017-09-13 15:19 - 2014-07-23 21:46 - 000000000 ____D C:\Users\Gena_2\AppData\Local\Adobe
2017-09-13 15:19 - 2014-07-23 17:42 - 000000000 __SHD C:\Users\Gena_2\IntelGraphicsProfiles
2017-09-13 15:18 - 2016-09-13 21:44 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-13 15:18 - 2016-07-16 08:04 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2017-09-13 15:17 - 2016-09-17 14:50 - 000000000 ____D C:\Users\Gena_2\Documents\Outlook-Dateien
2017-09-13 15:17 - 2014-07-22 18:47 - 000000000 ____D C:\Users\genas_000\Documents\Outlook-Dateien
2017-09-12 18:44 - 2016-11-16 19:56 - 000282155 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2017-09-12 18:25 - 2014-02-11 07:34 - 000000000 ____D C:\ProgramData\Lenovo
2017-09-12 18:23 - 2016-12-20 23:21 - 000000000 ____D C:\Users\genas_000\AppData\LocalLow\Mozilla
2017-09-12 18:17 - 2016-09-13 21:33 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-09-12 17:34 - 2016-09-13 21:44 - 000000000 ____D C:\WINDOWS\System32\Tasks\TVT
2017-09-12 17:34 - 2014-02-11 07:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2017-09-12 17:11 - 2016-07-16 08:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-09-11 22:25 - 2016-04-09 13:41 - 000000000 ____D C:\Users\Gena_2\AppData\Local\CrashDumps
2017-09-11 21:30 - 2016-09-25 23:00 - 000347648 ___SH C:\Users\Gena_2\Desktop\Thumbs.db
2017-09-11 21:17 - 2016-09-17 17:58 - 000000000 ____D C:\Users\genas_000\AppData\LocalLow\Temp
2017-09-11 20:05 - 2014-07-23 17:42 - 000000000 ____D C:\Users\Gena_2\AppData\Local\Packages
2017-09-10 21:54 - 2016-04-09 13:31 - 000000000 ____D C:\Users\genas_000\AppData\Local\CrashDumps
2017-09-10 14:46 - 2017-08-13 12:17 - 000125640 _____ (G Data Software) C:\WINDOWS\system32\Drivers\GRD.sys
2017-09-08 21:55 - 2017-08-12 22:30 - 000000000 ____D C:\Users\Gena_2\AppData\Roaming\gnupg
2017-09-08 21:04 - 2017-08-11 18:50 - 054567688 _____ C:\Users\Gena_2\Downloads\torbrowser-install-7.0.4_de.exe
2017-09-08 15:57 - 2016-09-13 21:36 - 000000000 ____D C:\Users\Gena_2
2017-09-08 15:57 - 2015-03-07 17:49 - 000000000 ____D C:\Users\Gena_2\AppData\Local\gtk-2.0
2017-09-06 16:06 - 2016-07-16 13:47 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-06 16:01 - 2017-07-23 12:18 - 000003372 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4288807228-2172792055-1580508024-1002
2017-09-06 16:01 - 2014-07-23 17:23 - 000000000 __RDO C:\Users\genas_000\OneDrive
2017-09-06 15:59 - 2016-07-16 13:47 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-06 15:54 - 2014-07-23 17:58 - 000000000 ____D C:\Users\Gena_2\AppData\Roaming\DAEMON Tools Lite
2017-09-06 15:50 - 2017-05-24 21:40 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-09-06 15:50 - 2014-07-22 16:45 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-09-01 23:29 - 2014-07-23 21:11 - 000000000 ____D C:\ProgramData\CanonIJPLM
2017-09-01 21:43 - 2016-11-24 19:07 - 000000000 ____D C:\Users\Gena_2\AppData\LocalLow\Mozilla
2017-08-29 15:45 - 2015-12-03 11:46 - 000002235 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-29 15:45 - 2015-12-03 11:46 - 000002223 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-08-27 14:07 - 2016-07-16 13:47 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-08-27 14:07 - 2016-07-16 13:47 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-08-27 14:06 - 2014-08-24 11:17 - 000000000 ____D C:\Users\genas_000\AppData\Local\Adobe
2017-08-24 21:11 - 2014-07-22 13:17 - 000000000 ____D C:\Users\genas_000\AppData\Local\Packages
2017-08-24 18:54 - 2015-03-07 17:33 - 000000000 ____D C:\Program Files (x86)\Google
2017-08-19 13:12 - 2017-08-11 21:34 - 007941944 _____ C:\Users\Gena_2\Downloads\KeePassX-2.0.3.zip
2017-08-15 21:10 - 2017-05-21 16:23 - 000000000 ____D C:\Users\Gena_2\AppData\Roaming\Garmin

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-07-22 13:18 - 2014-07-23 16:52 - 000005244 _____ () C:\Users\genas_000\AppData\Roaming\AbsoluteReminder.xml
2014-08-07 17:33 - 2014-08-07 17:33 - 000000000 _____ () C:\Users\genas_000\AppData\Roaming\gdfw.log
2014-08-07 17:33 - 2017-08-13 10:43 - 000001558 _____ () C:\Users\genas_000\AppData\Roaming\gdscan.log
2006-12-11 19:13 - 2006-12-11 19:13 - 000097336 _____ (Un4seen Developments) C:\Users\genas_000\AppData\Local\bass.dll
2006-12-11 19:13 - 2006-12-11 19:13 - 000013872 _____ (Un4seen Developments) C:\Users\genas_000\AppData\Local\basscd.dll
2007-08-13 17:46 - 2007-08-13 17:46 - 000102912 _____ (Albert L Faber) C:\Users\genas_000\AppData\Local\CDRip.dll
2007-08-13 17:46 - 2007-08-13 17:46 - 000155136 _____ () C:\Users\genas_000\AppData\Local\lame_enc.dll
2007-01-18 21:09 - 2007-01-18 21:09 - 000623616 _____ (Ivan Bischof ©2003 - 2005) C:\Users\genas_000\AppData\Local\No23 Recorder.exe
2005-08-23 22:34 - 2005-08-23 22:34 - 000029184 _____ () C:\Users\genas_000\AppData\Local\no23xwrapper.dll
2006-10-26 01:06 - 2006-10-26 01:06 - 000015872 _____ () C:\Users\genas_000\AppData\Local\ogg.dll
2014-10-08 15:02 - 2014-10-08 19:51 - 000001451 _____ () C:\Users\genas_000\AppData\Local\RecConfig.xml
2014-08-09 18:40 - 2016-09-17 16:47 - 000007598 _____ () C:\Users\genas_000\AppData\Local\Resmon.ResmonCfg
2006-10-26 01:06 - 2006-10-26 01:06 - 000143872 _____ () C:\Users\genas_000\AppData\Local\vorbis.dll
2006-10-26 01:06 - 2006-10-26 01:06 - 000064000 _____ () C:\Users\genas_000\AppData\Local\vorbisenc.dll
2006-10-26 01:06 - 2006-10-26 01:06 - 000019456 _____ () C:\Users\genas_000\AppData\Local\vorbisfile.dll
2016-09-13 21:35 - 2016-09-13 21:35 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2017-07-17 21:11 - 2017-07-18 13:10 - 000006299 _____ () C:\ProgramData\hpzinstall.log
2016-04-09 11:39 - 2016-04-09 11:39 - 000000016 _____ () C:\ProgramData\mntemp
2013-03-19 12:32 - 2013-03-19 12:32 - 000010011 _____ () C:\ProgramData\regid.2012-01.com.intel.discover-at_512FCF1B-3685-45F2-A1E9-63AEF7F79B35.swidtag

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-09-08 20:21

==================== Ende von FRST.txt ============================
         

Alt 13.09.2017, 14:26   #25
Gewin
 
Trojaner Verdacht, Win10 64bit - Standard

Trojaner Verdacht, Win10 64bit



Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 12-09-2017
durchgeführt von *************** (13-09-2017 15:23:35)
Gestartet von C:\Users\Gena_2\Desktop
Windows 10 Home Version 1607 (X64) (2016-09-13 19:51:32)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-4288807228-2172792055-1580508024-500 - Administrator - Disabled)
ASPNET (S-1-5-21-4288807228-2172792055-1580508024-1012 - Limited - Enabled)
DefaultAccount (S-1-5-21-4288807228-2172792055-1580508024-503 - Limited - Disabled)
Gast (S-1-5-21-4288807228-2172792055-1580508024-501 - Limited - Disabled) => C:\Users\Gast
*************** (S-1-5-21-4288807228-2172792055-1580508024-1002 - Administrator - Enabled) => C:\Users\genas_000
Gena_2 (S-1-5-21-4288807228-2172792055-1580508024-1003 - Limited - Enabled) => C:\Users\Gena_2
HomeGroupUser$ (S-1-5-21-4288807228-2172792055-1580508024-1022 - Limited - Enabled)
Lilia (S-1-5-21-4288807228-2172792055-1580508024-1046 - Limited - Enabled) => C:\Users\Lilia

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: G DATA INTERNET SECURITY (Enabled - Up to date) {A9C56A9B-ECCD-57EA-78F6-92511DA1C885}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G*DATA Personal Firewall (Enabled) {91FEEBBE-A6A2-56B2-53A9-3B64E3728FFE}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.3.0.0 - Absolute Software)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.22 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.215 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.2.0.211 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.8 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.10.1 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_1_1) (Version: 18.1.1 - Adobe Systems Incorporated)
Ahnenblatt 2.97a (HKLM-x32\...\Ahnenblatt_is1) (Version: 2.97.2.1 - Dirk Bцttcher)
Amolto Call Recorder Premium for Skype (HKLM-x32\...\{69F36B84-256D-47CA-A4AC-D04083709434}) (Version: 2.6.1 - Amolto)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 381.65 - NVIDIA Corporation) Hidden
ANT Drivers Installer x64 (HKLM\...\{1B6B17C2-176C-433C-93F3-640D12825426}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Audacity 1.2.6 (HKLM-x32\...\Audacity_is1) (Version:  - )
AusweisApp2 (HKLM-x32\...\{8BC126FD-2F56-4B56-9363-54C3D0027BC6}) (Version: 1.10.1 - Governikus GmbH & Co. KG)
Benutzerhandbuch (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo) Hidden
BlackVue HD (HKLM-x32\...\BlackVueHD) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
bpd_scan (HKLM-x32\...\{3D73DC7A-2D1D-45CF-8A67-24873925C716}) (Version: 3.00.0000 - Hewlett-Packard) Hidden
Brief Vorlagen (HKLM-x32\...\Brief Vorlagen_is1) (Version:  - )
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon MP Navigator EX 3.1 (HKLM-x32\...\MP Navigator EX 3.1) (Version:  - )
Canon MX340 series - регистрация пользователя (HKLM-x32\...\Canon MX340 series - регистрация пользователя) (Version:  - )
Canon MX340 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.32 - Piriform)
CrystalDiskMark 5.1.2 (HKLM\...\CrystalDiskMark5_is1) (Version: 5.1.2 - Crystal Dew World)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0191 - Disc Soft Ltd)
DIG-CAD 4.0 (HKLM-x32\...\DIG-CAD 4.0) (Version:  - )
DiskCryptor 1.1 (HKLM\...\DiskCryptor_is1) (Version: 1.1 - hxxp://diskcryptor.net/)
Download Master version 6.0.3.1433 (HKLM-x32\...\Download Master_is1) (Version: 6.0.3.1433 - WestByte)
Dragon Assistant Application de-DE Version 1.5.5 (HKLM-x32\...\{1CCBE73F-4948-4711-8D12-22E2FD65D706}_is1) (Version: 1.5.5 - Nuance Communications, Inc.)
Dragon Assistant Core Recognition Service Version 1.1.9 (HKLM-x32\...\{E97BA7A6-46FC-4EBF-B24A-B8362948C696}_is1) (Version: 1.1.9 - Nuance Communications, Inc.)
Dragon Assistant Language Data de-DE Version 1.1.2 (HKLM-x32\...\{FB671668-9AAC-41DC-872B-627418FB62D5}_is1) (Version: 1.1.2 - Nuance Communications, Inc.)
Dragon Assistant Version 1.5.5 (HKLM-x32\...\{D57A8269-3BE5-4D10-B882-64D0F2D448BF}_is1) (Version: 1.5.5 - Nuance Communications, Inc.)
Elevated Installer (HKLM-x32\...\{BA007E03-72AE-4D2D-8A73-FA4B935D4015}) (Version: 5.4.1.0 - Garmin Ltd or its subsidiaries) Hidden
Energy Manager (HKLM-x32\...\{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.24 - Lenovo) Hidden
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.24 - Lenovo)
Exif-Viewer 2.51  (HKLM-x32\...\Exif-Viewer) (Version: 2.51 - Ralf Bibinger)
Free DVD Video Converter (HKLM-x32\...\Free DVD Video Converter_is1) (Version: 2.0.65.823 - Digital Wave Ltd)
Free MP4 Video Converter version 5.0.54.1215 (HKLM-x32\...\Free MP4 Video Converter_is1) (Version: 5.0.54.1215 - DVDVideoSoft Ltd.)
Free Video to MP3 Converter version 5.0.54.1215 (HKLM-x32\...\Free Video to MP3 Converter_is1) (Version: 5.0.54.1215 - DVDVideoSoft Ltd.)
Free YouTube Download (HKLM-x32\...\Free YouTube Download_is1) (Version: 4.1.1.119 - DVDVideoSoft Ltd.)
FRITZ!Fernzugang (HKLM\...\{DD57CC22-8864-4CCA-94D4-600D024C1207}) (Version: 1.3.1 - AVM Berlin)
G DATA INTERNET SECURITY (HKLM-x32\...\G DATA INTERNET SECURITY) (Version: 25.4.0.1 - G DATA Software AG)
Garmin BaseCamp (HKLM-x32\...\{23A4DBD1-D847-4957-995D-8B1CC527E2E2}) (Version: 4.6.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{2f694ffe-66ec-4674-a32d-ec690281ca57}) (Version: 5.4.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{BCEE507D-8D49-40FF-B437-70E3B9C2D51C}) (Version: 5.4.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (HKLM-x32\...\{198E262D-8C4F-4131-91C7-1F81FB8688F1}) (Version: 5.4.1.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{ECF2E224-42F5-4E50-B58E-94CA70E85697}) (Version: 7.3.0.3832 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Gpg4win (2.3.4) (HKLM-x32\...\GPG4Win) (Version: 2.3.4 - The Gpg4win Project)
Intel Anti-Theft Discovery App (HKLM-x32\...\{707248B9-2D34-4D77-A5C6-2A8A54848E5A}) (Version: 1.1.0.7 - Intel Corporation)
Intel Experience Center - Configuration (HKLM-x32\...\{C73A16B7-AC35-4262-9BAF-DA9B2039A563}) (Version: 1.9.0.8 - Intel) Hidden
Intel(R) Experience Center Desktop Software (HKLM-x32\...\{85de612b-ee05-476a-87cc-52e5740de420}) (Version: 1.9.0.8 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.3.1520 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 17.0.1423.2) (HKLM\...\{302600C1-6BDF-4FD1-1405-148929CC1385}) (Version: 17.0.1405.0464 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.4.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel(R) Smart Connect Technology 4.1 x64 (HKLM\...\{6555226B-7295-4CFD-9D5B-9C8F394BE03A}) (Version: 4.1.41.2234 - Intel)
Intel(R) Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{C605440F-2748-435F-9F29-EB1C8134856F}) (Version: 4.1.17.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{d9e230c1-06bb-4b78-a9f1-c1ddce14e6fc}) (Version: 18.11.0 - Intel Corporation)
Internet Manager (HKLM-x32\...\Internet Manager) (Version: 22.001.18.91.55 - Huawei Technologies Co.,Ltd)
IsoBuster 3.9 (HKLM-x32\...\IsoBuster_is1) (Version: 3.9 - Smart Projects)
Java 8 Update 141 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180141F0}) (Version: 8.0.1410.15 - Oracle Corporation)
Java SE Development Kit 8 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180250}) (Version: 8.0.250.18 - Oracle Corporation)
KÜCHEN QUELLE 3D (HKU\S-1-5-21-4288807228-2172792055-1580508024-1003\...\SquareClock_Production_Home_KQ_Web) (Version:  - 3DVIA SAS)
L&H TTS3000 Deutsch (HKLM-x32\...\LHTTSGED) (Version:  - )
L&H TTS3000 Espaсol (HKLM-x32\...\LHTTSSPE) (Version:  - )
L&H TTS3000 Franзais (HKLM-x32\...\LHTTSFRF) (Version:  - )
L&H TTS3000 Italiano (HKLM-x32\...\LHTTSITI) (Version:  - )
L&H TTS3000 Portuguкs (Brasil) (HKLM-x32\...\LHTTSPTB) (Version:  - )
L&H TTS3000 Russian (HKLM-x32\...\LHTTSRUR) (Version:  - )
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10233 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.)
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo System Interface Foundation Driver (HKLM\...\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.078.00 - Lenovo)
Lenovo System Update (HKLM-x32\...\TVSU_is1) (Version: 5.07.0065 - Lenovo)
Lenovo YouCam (HKLM-x32\...\{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3423 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3423 - CyberLink Corp.)
Lernout & Hauspie TruVoice American English TTS Engine (HKLM-x32\...\tv_enua) (Version:  - )
Malwarebytes Version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 16.0.7766.2099 - Microsoft Corporation)
Microsoft Office 365 ProPlus - ru-ru (HKLM\...\O365ProPlusRetail - ru-ru) (Version: 16.0.7766.2099 - Microsoft Corporation)
Microsoft Office Language Pack 2013  - Russian/русский (HKLM-x32\...\Office15.OMUI.ru-ru) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4288807228-2172792055-1580508024-1002\...\OneDriveSetup.exe) (Version: 17.3.6966.0824 - Microsoft Corporation)
Microsoft Outlook-Sicherung für Persönliche Ordner (HKLM-x32\...\{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}) (Version: 1.10.0.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.218 (HKLM\...\{BBBE35B2-9349-3C48-BD3D-F574B17C7924}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
MKS Platform Components 9.x (HKLM\...\{30276636-0000-0905-9ABB-000BDB5CF35D}) (Version: 9.5.0000 - Mortice Kern Systems)
Motion Control (HKLM\...\Motion Control) (Version: 1.2.45.0 - Lenovo)
Mozilla Firefox 55.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 de)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 55.0.3.6445 - Mozilla)
Mp3tag v2.71 (HKLM-x32\...\Mp3tag) (Version: v2.71 - Florian Heidenreich)
No23 Recorder (HKLM-x32\...\{22B0E143-2B0B-435B-9F56-136A3D16065F}) (Version: 2.1.0.3 - No23)
No23 Recorder (HKLM-x32\...\{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}) (Version: 2.1.0.3 - No23) Hidden
No23 Recorder (HKLM-x32\...\No23 Recorder) (Version: 2.1.0.3 - No23)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.6 - Notepad++ Team)
NVIDIA GeForce Experience 3.6.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.6.0.74 - NVIDIA Corporation)
NVIDIA Grafiktreiber 381.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 381.65 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.4.10.0 - NVIDIA Corporation) Hidden
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.7766.2099 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.7766.2099 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.7766.2099 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0407-0000-0000000FF1CE}) (Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0419-0000-0000000FF1CE}) (Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.248 - Google, Inc.)
PlayMemories Camera Apps Downloader (HKLM-x32\...\{5C42BF1B-4586-4711-81A7-8D0F890A6A31}) (Version: 1.2.0.13221 - Sony Corporation)
Polar ProTrainer (HKLM-x32\...\{DF7DBA84-0A55-11D6-A0A6-6A7573736972}) (Version: 5.40.170 - )
Polar WebLink 2.4.15 (HKLM-x32\...\{2734FEDB-7A24-4F15-AC5C-3EC00414D4CC}) (Version: 02.50.0006 - Polar Electro Oy)
QUIK (HKLM-x32\...\{519A413F-6A45-4A48-AC2E-4A9C94C8F98A}_is1) (Version:  - СМВБ-Информационные технологии)
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.21229 - Realtek Semiconductor Corp.)
REALTEK DTV USB DEVICE (HKU\S-1-5-21-4288807228-2172792055-1580508024-1003\...\{DDBB7C89-1A09-441E-AA0F-6AA465755C17}) (Version: 1.00.0000 - Realtek)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.15.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Remote Camera Control (HKLM-x32\...\{A32B85B2-5731-41E9-B431-3F4F5D6E664F}) (Version: 3.7.00000 - Sony Corporation)
Samsung Kies3 (HKLM-x32\...\{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16011.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16011.2 - Samsung Electronics Co., Ltd.)
Samsung Portable SSD T3 (HKLM-x32\...\Samsung Portable SSD T3_is1) (Version: 1.3 - Samsung Electronics)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
SDI011 dual interface reader (HKLM-x32\...\{D0ED9100-DFFB-482C-8DB6-C626264757BD}) (Version: 1.01 - SCM Microsystems)
Seagate Dashboard (HKLM-x32\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.7.1.1 - Seagate)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0100-0419-0000-0000000FF1CE}_Office15.OMUI.ru-ru_{DFA82E00-94E0-456C-B143-A2E1A90B1950}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 3.5.0.1160 - Lenovo)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0370 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.37 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.37.103 - Skype Technologies S.A.)
Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.16052.2 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.16052.2 - Samsung Electronics Co., Ltd.)
Stellar Phoenix Photo Recovery (HKLM-x32\...\Stellar Phoenix Photo Recovery_is1) (Version: 7.0.0.0 - Stellar Information Technology Pvt Ltd.)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
SurfEasy VPN 3.9.542 (HKLM-x32\...\SurfEasy VPN) (Version: 3.9.542 - SurfEasy Inc)
Sweet Home 3D version 5.1.1 (HKLM\...\Sweet Home 3D_is1) (Version: 5.1.1 - eTeks)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.9.5 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
Update for Skype for Business 2015 (KB4011046) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0419-0000-0000000FF1CE}_Office15.OMUI.ru-ru_{4948A05E-E21F-4A6F-BF2A-7D106E339C9B}) (Version:  - Microsoft)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo)
Vibraimage8 Lite (HKLM-x32\...\{32B4ED86-7931-47CC-B62C-52C9CB739E6F}_is1) (Version:  - ELSYS Corp.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
WD Quick View (HKLM-x32\...\{2CE08B2D-856C-47D9-9F6A-BC691911BCD9}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{B11B695F-B5BF-4667-8291-682B3A73B5F8}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{4555885d-a64c-4234-9aac-72a8a6b5590b}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Засоби перевірки правопису Microsoft Office 2013 – Українська версія (HKLM-x32\...\{90150000-001F-0422-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Средства проверки правописания Microsoft Office 2013 — русский (HKLM-x32\...\{90150000-001F-0419-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Энциклопедия Фэн-Шуй (HKLM-x32\...\{2694C6A0-A36A-4DCD-B43F-9CBFC9D7393F}) (Version: 1.00.0000 - Агенство Вызов)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-4288807228-2172792055-1580508024-1002_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-07-18] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-07-18] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-07-18] ()
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-07-18] ()
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2015-04-15] ()
ContextMenuHandlers1: [AVK9CM] -> {CAF4C320-32F5-11D3-A222-004095200FF2} => C:\Program Files (x86)\G Data\InternetSecurity\AVK\ShellExt64.dll [2017-06-08] (G DATA Software AG)
ContextMenuHandlers1: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\GNU\GnuPG\bin\gpgex.dll [2017-07-06] (g10 Code GmbH)
ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2014-12-13] (Florian Heidenreich)
ContextMenuHandlers1: [SugarSync] -> {305BC11B-5175-492B-B569-866547FCDA40} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ContextMenuHandlers1: [TR] -> {6A982F05-85C0-48c4-B17E-407176B160AD} =>  -> Keine Datei
ContextMenuHandlers1: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2016-04-19] (Western Digital Technologies, Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers2: [CWDDriveMenuHandler] -> {CCEFA845-DCDB-4A2F-8BED-DBE87CD198EC} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2016-04-19] (Western Digital Technologies, Inc.)
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2014-12-13] (Florian Heidenreich)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers3: [Reisswolf] -> {1F0F1EE7-36B9-11D2-8985-0080ADA96E9B} => C:\Program Files (x86)\G Data\InternetSecurity\Shredder\Reisswlf64.dll [2017-06-08] (G DATA Software AG)
ContextMenuHandlers4: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\GNU\GnuPG\bin\gpgex.dll [2017-07-06] (g10 Code GmbH)
ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2014-12-13] (Florian Heidenreich)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers4: [TR] -> {6A982F05-85C0-48c4-B17E-407176B160AD} =>  -> Keine Datei
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Keine Datei
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-02] (Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\WINDOWS\system32\igfxOSP.dll [2016-11-02] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-04-01] (NVIDIA Corporation)
ContextMenuHandlers5: [TR] -> {6A982F05-85C0-48c4-B17E-407176B160AD} =>  -> Keine Datei
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-07-18] ()
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers6: [AVK9CM] -> {CAF4C320-32F5-11D3-A222-004095200FF2} => C:\Program Files (x86)\G Data\InternetSecurity\AVK\ShellExt64.dll [2017-06-08] (G DATA Software AG)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers6: [Reisswolf] -> {1F0F1EE7-36B9-11D2-8985-0080ADA96E9B} => C:\Program Files (x86)\G Data\InternetSecurity\Shredder\Reisswlf64.dll [2017-06-08] (G DATA Software AG)
ContextMenuHandlers6: [SugarSync] -> {305BC11B-5175-492B-B569-866547FCDA40} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ContextMenuHandlers6: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2016-04-19] (Western Digital Technologies, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-02] (Alexander Roshal)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {039B2D62-D86C-4D71-A3E5-9E1EF9AE46C8} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler  /v start /t reg_dword /d 1 /f /reg:32
Task: {0A27731B-0644-4062-ADF0-0AFD83B598EA} - System32\Tasks\Gena_2 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2017-05-10] (Seagate Technology LLC)
Task: {0FABADAA-5079-48C6-8A0A-0ABD016CC58F} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-03] (NVIDIA Corporation)
Task: {198E00EF-0EC1-4025-911B-5CE90632D071} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-05-03] (NVIDIA Corporation)
Task: {2B2E2AD2-8AC9-4185-8305-4F24390A902B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-03] (Microsoft Corporation)
Task: {2F88D19A-556E-4BBC-905F-3FB0FDFEEC1C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-08-05] (Microsoft Corporation)
Task: {2FFF98D8-7ECF-4660-B437-0AE36010B04D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-03] (Google Inc.)
Task: {32A8A4BB-A436-4B23-8F55-0C8B032A1856} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-05-18] ()
Task: {33AB2FBF-EC93-4152-B490-F31977AF7796} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\107d2a06-f27d-4471-bd8d-50c6564e97aa => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-06-05] (Lenovo Group Limited)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3B8B8F6B-77BC-432C-B0FD-AFAD1F998184} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-03] (NVIDIA Corporation)
Task: {3DDDA922-4DD7-4912-9AF7-455BDE6C560B} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-05-03] (NVIDIA Corporation)
Task: {4563D974-856B-42C7-A4A8-73967ABCD319} - System32\Tasks\AdobeAAMUpdater-1.0-BigCom-Gena_2 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {473480E0-9D4B-41BC-BBA5-67CF41269E37} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\04054495-1a99-4b37-9c20-1d691b6175a9 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-06-05] (Lenovo Group Limited)
Task: {48E9D8C9-2761-4284-B55B-24C8EFCA456C} - System32\Tasks\Samsung_PSSD_Registration => C:\ProgramData\Samsung Apps\Portable SSD\Samsung Portable SSD Daemon.exe
Task: {4AF6F6B4-2BF2-4311-8579-9136AEE95063} - System32\Tasks\Gena_2 DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2017-05-10] (Seagate Technology LLC)
Task: {4C4B59C3-B8BC-43E6-9CB9-17EF37989396} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-08-10] (Microsoft Corporation)
Task: {547ECDD4-8BA2-4948-959A-2427DB30601C} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {56A4F296-4DBB-4BA0-9DBF-31A9EDBF6FF2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-03] (Google Inc.)
Task: {66BE7478-3082-4773-A506-64305CE3D70A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-30] (Piriform Ltd)
Task: {70323029-858D-4ADD-90A8-2E72B7A2E07E} - System32\Tasks\Gena_22 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2017-05-10] (Seagate Technology LLC)
Task: {77973E8A-CCB9-466D-8AF3-B9E2F87DC3FC} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {7A3C259E-E121-49E4-9755-A251DFE47278} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-05-03] (NVIDIA Corporation)
Task: {968A7E06-BD15-4FBC-A6AE-D57226E2AC30} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2017-08-16] ()
Task: {97E4A251-A276-4D50-9078-630F149BA7C5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {97ED358D-36C8-4036-A210-DBF1729CFEA2} - System32\Tasks\Gena_21 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2017-05-10] (Seagate Technology LLC)
Task: {986DA129-70AE-4B81-A3A8-C2F4D410DF13} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Gena_2\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {9BC2B296-270E-455D-8911-77C889224D35} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => %windir%\system32\sc.exe START ImControllerService
Task: {9ED4E3EA-4A16-4189-95B9-4D3F28867A03} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {AC1E0504-321F-4E19-8A49-4C3D89897DA4} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-08-05] (Microsoft Corporation)
Task: {B0C360A4-A098-4E2E-ACB7-E1DDF62984E3} - System32\Tasks\*************** => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2017-05-10] (Seagate Technology LLC)
Task: {C3A1E82E-B71D-4E9C-B517-FEE16711404B} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2017-05-10] (Seagate Technology LLC)
Task: {D40095DF-2C22-4518-A3C7-6F63CD89DC85} - System32\Tasks\*************** DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2017-05-10] (Seagate Technology LLC)
Task: {D80986EA-20E0-4142-9888-6046758FDCCA} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {DEF49A8E-CADA-4E58-93D8-67E0242F64ED} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\90550239-7ab8-4a99-8123-be5e4a37e3ec => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-06-05] (Lenovo Group Limited)
Task: {DF1FACA5-2092-4B69-9F91-14BBA48448AF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-08-05] (Microsoft Corporation)
Task: {E224D0C7-6B38-4D37-A29A-FAAEA39D34E6} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\bbb4f7eb-223a-4cfb-aeb5-cae04ec41ebf => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-06-05] (Lenovo Group Limited)
Task: {E6F85229-2129-4888-92D2-5E851347D80B} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-05-03] (NVIDIA Corporation)
Task: {E9433FBE-0605-408C-B476-89442C67EDC3} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2017-08-16] ()
Task: {EF0B1B4C-C6E7-471A-9D7D-646B40C81902} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-03] (NVIDIA Corporation)
Task: {FE51E7E7-011F-47E8-BCF3-0595F5E3B458} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-03] (Microsoft Corporation)
Task: {FF1133FB-0247-4224-8FC2-0411588B726D} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-03] (NVIDIA Corporation)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Verknüpfungen & WMI ========================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)


Shortcut: C:\Users\genas_000\Desktop\Поиграй!.lnk -> C:\Program Files (x86)\Download Master\games.url () <==== Cyrillic
Shortcut: C:\Users\genas_000\Desktop\Энциклопедия Фэн-Шуй.lnk -> C:\Users\genas_000\AppData\Roaming\Microsoft\Installer\{2694C6A0-A36A-4DCD-B43F-9CBFC9D7393F}\_35987B591D36_44F6_A1C6_DD3345589997.exe () <==== Cyrillic
Shortcut: C:\Users\genas_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Энциклопедия Фэн-Шуй\Энциклопедия Фэн-Шуй.lnk -> C:\Users\genas_000\AppData\Roaming\Microsoft\Installer\{2694C6A0-A36A-4DCD-B43F-9CBFC9D7393F}\_35987B591D36_44F6_A1C6_DD3345589997.exe () <==== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive для бизнеса.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVE.EXE (Microsoft Corporation) <==== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype для бизнеса 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe (Microsoft Corporation) <==== Cyrillic
Shortcut: C:\Users\Public\Desktop\QUIK БКС.lnk -> C:\BCS_Work\QUIK_BCS\info.exe (ARQA Technologies) <==== Cyrillic

ShortcutWithArgument: C:\Users\genas_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Энциклопедия Фэн-Шуй\Удаление.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /x {2694C6A0-A36A-4DCD-B43F-9CBFC9D7393F} <==== Cyrillic
ShortcutWithArgument: C:\Users\Public\Desktop\Аура VI+.lnk -> C:\ELSYS\Vibraimage8Lite\Vibraimage.exe (ELSYS Corp.) -> -type DZ <==== Cyrillic

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-07-16 13:42 - 2016-07-16 13:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-07-12 16:27 - 2017-06-21 09:48 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-07-06 14:46 - 2017-07-06 14:46 - 000216576 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2013-10-28 04:02 - 2013-10-28 04:02 - 000351824 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2014-07-23 21:11 - 2009-09-08 14:12 - 000116104 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2013-04-15 16:45 - 2013-04-15 16:45 - 000182760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2013-04-15 16:45 - 2013-04-15 16:45 - 000060392 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2017-04-06 20:22 - 2017-05-03 22:21 - 001267320 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-03-14 21:39 - 2017-03-14 21:39 - 001663368 _____ () C:\Program Files (x86)\SurfEasy VPN\client\SurfEasyService.exe
2015-05-04 20:47 - 2013-08-16 08:53 - 000671744 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
2017-06-08 05:54 - 2017-06-08 05:54 - 000554984 _____ () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll
2016-03-01 17:09 - 2016-11-02 00:05 - 000401896 _____ () C:\WINDOWS\system32\igfxTray.exe
2017-07-18 00:50 - 2017-07-18 00:50 - 000492112 _____ () C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll
2015-04-15 22:13 - 2015-04-15 22:13 - 000222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2016-09-16 19:54 - 2016-09-07 06:56 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-15 20:20 - 2017-03-04 08:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-15 20:20 - 2017-03-04 08:12 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-15 20:20 - 2017-03-04 08:05 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-15 20:20 - 2017-03-04 08:05 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-08-11 19:08 - 2017-03-04 08:05 - 001033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-08-11 19:08 - 2017-08-01 20:26 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-08-11 19:08 - 2017-08-01 20:31 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-08-24 20:44 - 2017-08-24 20:44 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-08-24 20:44 - 2017-08-24 20:44 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-08-24 20:44 - 2017-08-24 20:44 - 036162048 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-08-24 20:44 - 2017-08-24 20:44 - 002237952 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\skypert.dll
2017-04-07 09:41 - 2017-04-07 09:41 - 000054488 _____ () C:\Program Files\CCleaner\branding.dll
2017-06-30 13:22 - 2017-06-30 13:22 - 000069632 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-02-11 07:34 - 2014-02-11 07:34 - 000172552 _____ () C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe
2014-02-11 07:31 - 2013-04-17 16:26 - 000387984 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\fl_core.dll
2014-02-11 07:31 - 2013-04-17 16:26 - 001165712 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_asr.dll
2014-02-11 07:31 - 2013-04-17 16:26 - 000199056 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_base.dll
2014-02-11 07:31 - 2013-04-17 16:26 - 000035216 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_platform.dll
2014-02-11 07:31 - 2013-04-17 16:26 - 001132944 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_pron.dll
2014-02-11 07:31 - 2013-04-17 16:26 - 000229264 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\sdxg.dll
2014-02-11 07:31 - 2013-04-17 16:25 - 000027648 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\WASAPIResamplingStreamCOMServer.dll
2015-01-04 16:57 - 2016-10-27 13:18 - 000114664 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\zlib1.dll
2015-01-04 16:57 - 2016-10-27 13:18 - 000108008 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_filesystem-vc120-mt-1_56.dll
2015-01-04 16:57 - 2016-10-27 13:18 - 000024040 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_system-vc120-mt-1_56.dll
2015-01-04 16:57 - 2016-10-27 13:18 - 000048104 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_date_time-vc120-mt-1_56.dll
2017-07-06 14:33 - 2017-07-06 14:33 - 000222720 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2017-07-06 14:21 - 2017-07-06 14:21 - 000050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2017-07-06 14:33 - 2017-07-06 14:33 - 000073728 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2017-07-06 14:36 - 2017-07-06 14:36 - 000890880 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-20.dll
2017-07-06 14:27 - 2017-07-06 14:27 - 000103424 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2017-05-10 15:50 - 2017-05-10 15:50 - 000729792 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\PocoNet.dll
2017-03-14 21:40 - 2017-03-14 21:40 - 000078216 _____ () C:\Program Files (x86)\SurfEasy VPN\client\ZLIB1.dll
2015-05-04 20:47 - 2013-08-16 08:53 - 000011362 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\mingwm10.dll
2015-05-04 20:47 - 2013-08-16 08:53 - 000043008 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\libgcc_s_dw2-1.dll
2015-05-04 20:47 - 2013-08-16 08:53 - 002417152 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtCore4.dll
2015-05-04 20:47 - 2013-08-16 08:53 - 001148416 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtNetwork4.dll
2017-04-06 20:22 - 2017-05-03 22:21 - 001040504 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-08-10 11:14 - 2016-08-10 11:14 - 040523480 _____ () C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\libcef.dll
2014-02-11 07:34 - 2014-02-11 07:34 - 001623048 _____ () C:\Program Files (x86)\Lenovo\MotionControl\eyeKeys.dll
2014-02-11 07:34 - 2014-02-11 07:34 - 000030728 _____ () C:\Program Files (x86)\Lenovo\MotionControl\esmlib.dll
2012-09-23 20:43 - 2012-09-23 20:43 - 000010240 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\de_de\acrotray.deu
2017-06-22 18:56 - 2017-06-22 18:56 - 000118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2017-06-22 18:56 - 2017-06-22 18:56 - 000214528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2017-06-22 18:55 - 2017-06-22 18:55 - 000117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2017-06-22 18:56 - 2017-06-22 18:56 - 000125952 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2017-07-13 10:12 - 2017-07-13 10:12 - 000099424 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2017-06-22 18:56 - 2017-06-22 18:56 - 000086528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2017-05-19 23:49 - 2017-05-19 23:49 - 000118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\fs-ext\build\Release\fs-ext.node
2017-05-19 23:49 - 2017-05-19 23:49 - 000117760 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ref\build\Release\binding.node
2017-05-19 23:49 - 2017-05-19 23:49 - 000125440 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ffi\build\Release\ffi_bindings.node
2017-05-19 23:50 - 2017-05-19 23:50 - 000214528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2017-07-13 10:07 - 2017-07-13 10:07 - 000099424 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2017-05-19 23:49 - 2017-05-19 23:49 - 000098816 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\bufferutil\build\Release\bufferutil.node
2017-05-19 23:50 - 2017-05-19 23:50 - 000086528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\idle-gc\build\Release\idle-gc.node
2014-02-11 07:09 - 2013-05-09 14:23 - 001199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-4288807228-2172792055-1580508024-1002\...\sharepoint.com -> hxxps://htlsalzburg-files.sharepoint.com
IE trusted site: HKU\S-1-5-21-4288807228-2172792055-1580508024-1003\...\127.0.0.1 -> hxxp://127.0.0.1
IE trusted site: HKU\S-1-5-21-4288807228-2172792055-1580508024-1003\...\sharepoint.com -> hxxps://htlsalzburg.sharepoint.com

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 15:25 - 2017-09-13 15:18 - 000000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-4288807228-2172792055-1580508024-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\genas_000\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img4.jpg
HKU\S-1-5-21-4288807228-2172792055-1580508024-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Gena_2\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

HKU\S-1-5-21-4288807228-2172792055-1580508024-1003\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-4288807228-2172792055-1580508024-1003\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{7DCA83E0-AED3-4A40-A274-EC1D2CCFB027}] => (Allow) LPort=8888
FirewallRules: [{6CA095EE-2D95-423D-B630-8C61B1AB6952}] => (Allow) LPort=8888
FirewallRules: [{B29A7DB6-56EB-4EC9-B3EF-AD78A7AB69CE}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{7545A3D5-97C1-4B6F-8D49-5E1664613C2E}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe

==================== Wiederherstellungspunkte =========================

ACHTUNG: Systemwiederherstellung ist deaktiviert

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (09/13/2017 03:19:15 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - netDetect::AOACWLANProset::LocateAdapters   Net Detect:  Net Detect Supported Error Getting Adapter List Error=0x80040302\n

Error: (09/13/2017 03:19:14 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.

Error: (09/13/2017 03:18:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname BigCom.local already in use; will try BigCom-2.local instead

Error: (09/13/2017 03:18:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 1; will deregister    4 BigCom.local. Addr 192.168.178.25

Error: (09/13/2017 03:18:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.178.25:5353   16 BigCom.local. AAAA 2A02:810D:1B00:0254:EDA8:7C83:F2EC:0B47

Error: (09/13/2017 03:18:29 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - CWinPcapWrapper::InitializeDLL   You must be running with Free version of WinPcap!!!

Error: (09/13/2017 03:18:28 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Die erweiterbare Leistungsindikator-DLL rdyboost kann nicht geladen werden. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Windows-Fehlercode.

Error: (09/13/2017 03:18:28 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - CWinPcapWrapper::InitializeDLL   Error starting WinPcap Professional: Unable to copy the WinPcap Professional files. Administrative privileges are required for this operation.

Error: (09/12/2017 06:39:06 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - netDetect::AOACWLANProset::LocateAdapters   Net Detect:  Net Detect Supported Error Getting Adapter List Error=0x80040302\n

Error: (09/12/2017 06:36:14 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - netDetect::AOACWLANProset::LocateAdapters   Net Detect:  Net Detect Supported Error Getting Adapter List Error=0x80040302\n


Systemfehler:
=============
Error: (09/13/2017 03:23:13 PM) (Source: DCOM) (EventID: 10010) (User: BigCom)
Description: Der Server "{DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (09/13/2017 03:19:02 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 und der APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (09/13/2017 03:19:02 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 und der APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (09/13/2017 03:19:02 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 und der APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (09/13/2017 03:19:02 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 und der APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (09/13/2017 03:18:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Internet Manager. RunOuc" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (09/13/2017 03:18:55 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Internet Manager. RunOuc erreicht.

Error: (09/13/2017 03:18:33 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (09/13/2017 03:18:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Canon Inkjet Printer/Scanner/Fax Extended Survey Program" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/13/2017 03:18:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "System Interface Foundation Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 20 Millisekunden durchgeführt: Neustart des Diensts.


CodeIntegrity:
===================================
  Date: 2017-09-06 15:58:09.788
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltDll64.dll that did not meet the Store signing level requirements.

  Date: 2017-09-06 15:49:15.976
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltDll64.dll that did not meet the Store signing level requirements.

  Date: 2016-09-28 22:25:30.242
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-28 22:25:30.240
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-28 22:25:30.236
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-28 22:25:30.233
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-28 22:25:30.229
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-28 22:25:30.226
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-28 22:25:30.214
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-28 22:25:30.201
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-4500U CPU @ 1.80GHz
Prozentuale Nutzung des RAM: 42%
Installierter physikalischer RAM: 8104.27 MB
Verfügbarer physikalischer RAM: 4620.78 MB
Summe virtueller Speicher: 9384.27 MB
Verfügbarer virtueller Speicher: 5570.35 MB

==================== Laufwerke ================================

Drive c: (Windows8_OS) (Fixed) (Total:122.8 GB) (Free:18.88 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (Zwieschenspeicher) (Fixed) (Total:25 GB) (Free:4.78 GB) NTFS
Drive g: (LENOVO_S) (Fixed) (Total:51.88 GB) (Free:1.32 GB) NTFS
Drive h: (Volume) (Fixed) (Total:23.17 GB) (Free:6.88 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: BC09B5DB)

Partition: GPT.

==================== Ende von Addition.txt ============================
         

Alt 13.09.2017, 14:34   #26
M-K-D-B
/// TB-Ausbilder
 
Trojaner Verdacht, Win10 64bit - Standard

Trojaner Verdacht, Win10 64bit



Servus,



gibt es immer noch das Problem mit dem CMD Fenster?

Alt 13.09.2017, 14:59   #27
Gewin
 
Trojaner Verdacht, Win10 64bit - Standard

Trojaner Verdacht, Win10 64bit



leider ja

Alt 13.09.2017, 15:52   #28
M-K-D-B
/// TB-Ausbilder
 
Trojaner Verdacht, Win10 64bit - Standard

Trojaner Verdacht, Win10 64bit



Servus,



seit wann genau (Datum?) hast du das Problem?

Die Erweiterung "helper-sig@savefrom" hast du selbst installiert?



Den folgenden Fix ausführen und berichten, wie es nach dem Neustart aussieht und die Logdatei posten:

  • Kopiere den Inhalt der folgenden Code-Box:
    Code:
    ATTFilter
    Start::
    HKLM\...\RunOnce: [*EmptyTemp] => cmd /c rd /q/s C:\FRST\Temp
    HKU\S-1-5-21-4288807228-2172792055-1580508024-1002\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[C0].tx
    HKU\S-1-5-21-4288807228-2172792055-1580508024-1002\...\MountPoints2: {50b30d4b-8405-11e6-bf7b-fcf8ae9ac78d} - "E:\run.exe" 
    HKU\S-1-5-21-4288807228-2172792055-1580508024-1002\...\MountPoints2: {cba4bbd6-565a-11e6-bf56-fcf8ae9ac78d} - "J:\HPLauncher.exe" 
    CMD: type "C:\Users\Gena_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZenMate.bat"
    Reboot:
    End::
             
  • Starte nun FRST und klicke den Entfernen Button.
  • Das Tool führt die gewünschten Schritte aus und erstellt eine fixlog.txt im selben Verzeichnis, in dem sich die FRST/FRST64.exe befindet.
  • Gegebenenfalls muss dein Rechner dafür neu gestartet werden.
  • Poste mir den Inhalt der fixlog.txt mit deiner nächsten Antwort.

Alt 13.09.2017, 17:10   #29
Gewin
 
Trojaner Verdacht, Win10 64bit - Standard

Trojaner Verdacht, Win10 64bit



Servus,

das Problem besteht seit ca. 06.2017

die Erweiterung "helper-sig@savefrom"!? sagt mir nicht´s, hat sich vermutlich irgendwie eingeschlichen.

Ordner C:\WINDOWS\SysWOW64 wird wieder geöffnet.

Code:
ATTFilter
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 13-09-2017
durchgeführt von *************** (13-09-2017 18:11:28) Run:8
Gestartet von C:\Users\Gena_2\Desktop
Geladene Profile: *************** & Gena_2 (Verfügbare Profile: *************** & Gena_2 & Lilia & Gast & DefaultAppPool)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************

HKLM\...\RunOnce: [*EmptyTemp] => cmd /c rd /q/s C:\FRST\Temp
HKU\S-1-5-21-4288807228-2172792055-1580508024-1002\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[C0].tx
HKU\S-1-5-21-4288807228-2172792055-1580508024-1002\...\MountPoints2: {50b30d4b-8405-11e6-bf7b-fcf8ae9ac78d} - "E:\run.exe" 
HKU\S-1-5-21-4288807228-2172792055-1580508024-1002\...\MountPoints2: {cba4bbd6-565a-11e6-bf56-fcf8ae9ac78d} - "J:\HPLauncher.exe" 
CMD: type "C:\Users\Gena_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZenMate.bat"
Reboot:

*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*EmptyTemp => Wert erfolgreich entfernt
HKU\S-1-5-21-4288807228-2172792055-1580508024-1002\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Report => Wert erfolgreich entfernt
HKU\S-1-5-21-4288807228-2172792055-1580508024-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50b30d4b-8405-11e6-bf7b-fcf8ae9ac78d} => Schlüssel erfolgreich entfernt
HKLM\Software\Classes\CLSID\{50b30d4b-8405-11e6-bf7b-fcf8ae9ac78d} => Schlüssel nicht gefunden. 
HKU\S-1-5-21-4288807228-2172792055-1580508024-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cba4bbd6-565a-11e6-bf56-fcf8ae9ac78d} => Schlüssel erfolgreich entfernt
HKLM\Software\Classes\CLSID\{cba4bbd6-565a-11e6-bf56-fcf8ae9ac78d} => Schlüssel nicht gefunden. 

========= type "C:\Users\Gena_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZenMate.bat" =========

@echo off
IF EXIST "%appdata%\..\Local\ZenMate\Update.exe" (
"%appdata%\..\Local\ZenMate\Update.exe" --processStart ZenMate.exe
) ELSE (
(goto) 2>nul & del "%~f0"
)


========= Ende von CMD: =========



Das System musste neu gestartet werden.

==== Ende von Fixlog 18:11:33 ====
         

Geändert von Gewin (13.09.2017 um 17:16 Uhr)

Alt 13.09.2017, 20:27   #30
M-K-D-B
/// TB-Ausbilder
 
Trojaner Verdacht, Win10 64bit - Standard

Trojaner Verdacht, Win10 64bit



Servus,



danach immer noch das gleiche Problem?





Schritt 1
  • Kopiere den Inhalt der folgenden Code-Box:
    Code:
    ATTFilter
    Start::
    CloseProcesses:
    FF Extension: (SaveFrom.net helper) - C:\Users\genas_000\AppData\Roaming\Mozilla\Firefox\Profiles\30yofb6a.default-1460833065739\Extensions\helper-sig@savefrom.net.xpi [2017-09-12]
    Reboot:
    End::
             
  • Starte nun FRST und klicke den Entfernen Button.
  • Das Tool führt die gewünschten Schritte aus und erstellt eine fixlog.txt im selben Verzeichnis, in dem sich die FRST/FRST64.exe befindet.
  • Gegebenenfalls muss dein Rechner dafür neu gestartet werden.
  • Poste mir den Inhalt der fixlog.txt mit deiner nächsten Antwort.





Schritt 2
  • Starte die FRST.exe erneut. Vergewissere dich, dass vor Addition.txt ein Haken gesetzt ist und drücke auf Untersuchen.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die beiden neuen Logdateien von FRST (FRST.txt und Addition.txt).

Antwort

Themen zu Trojaner Verdacht, Win10 64bit
.dll, administrator, beim starten, defender, desktop, explorer, firewall, g-data, gdata, home, internet, mozilla, node.js, nvidia, ordner, pdf, prozesse, realtek, registry, rundll, scan, security, software, starten, trojaner, usb, windowsapps



Ähnliche Themen: Trojaner Verdacht, Win10 64bit


  1. Win10: Trojaner? Uhrzeiten von Files teilweise in der Zukunft, TrustedInstaller
    Alles rund um Windows - 18.08.2017 (11)
  2. Win10 (64bit): Internet Browser Hijack, Phishingseiten als Startseite
    Log-Analyse und Auswertung - 23.05.2017 (15)
  3. Win10 64bit: Spam-Taps in Browsern (FRST-Log)
    Log-Analyse und Auswertung - 15.04.2017 (24)
  4. vorinstallierte Programme nach Win10 64bit Installation sowie sofortige Gruppeneinschränkungen
    Alles rund um Windows - 30.03.2017 (6)
  5. Windows Defender wird durch Gruppenrichtlinien blockiert + Adware gefunden (Win10 Home 64bit)
    Plagegeister aller Art und deren Bekämpfung - 09.03.2017 (13)
  6. WIN10 64bit - unbekannte Aktivität, schwarzer Bildschirm+herunterfahren
    Plagegeister aller Art und deren Bekämpfung - 07.01.2017 (17)
  7. WIN10 - Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 30.12.2016 (23)
  8. PC ist seit letztem Start extrem langsam win10 64bit
    Alles rund um Windows - 12.05.2016 (0)
  9. Win10 - evtl. Virus od. Trojaner - Kontextmenü schwarz, rote Schrift
    Log-Analyse und Auswertung - 20.04.2016 (7)
  10. Trojaner TR/Crypt.XPACK.Gen auf Win10 Neuinstallation
    Log-Analyse und Auswertung - 11.03.2016 (15)
  11. Verdacht auf "TR/Patched.Ren.Gen2" Win10
    Plagegeister aller Art und deren Bekämpfung - 01.02.2016 (18)
  12. Rootkit verdacht unter win7 64bit ultimate
    Log-Analyse und Auswertung - 30.11.2015 (35)
  13. Win10: 7Zip Chip Installer - McAfee entdeckte Trojaner
    Plagegeister aller Art und deren Bekämpfung - 26.11.2015 (18)
  14. WIN10 DNS Keeper lässt sich nicht entfernen/Verdacht auf andere Malware
    Log-Analyse und Auswertung - 07.09.2015 (4)
  15. Yahoo Account versendet Spam. Trojaner-Verdacht. Windows 7 64bit
    Log-Analyse und Auswertung - 24.06.2014 (15)
  16. Laptop Windows 7 Professional (SP1) 64bit Verdacht auf "eyestye"
    Log-Analyse und Auswertung - 20.11.2012 (11)
  17. Verdacht auf Rootkit-Verseuchung Windows 7 64bit
    Log-Analyse und Auswertung - 22.08.2011 (4)

Zum Thema Trojaner Verdacht, Win10 64bit - Servus, wir entfernen noch ein bisschen was und kontrollieren nochmal alles. Hinweis: Der Suchlauf mit ESET kann länger dauern. Schritt 1 Kopiere den Inhalt der folgenden Code-Box: Code: Alles auswählen - Trojaner Verdacht, Win10 64bit...
Archiv
Du betrachtest: Trojaner Verdacht, Win10 64bit auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.