Hallo zusammen,

erstmal ein großes Lob für dieses Forum. Wenn man einen Virus hat kommt man hier einfach nicht drum rum.

Mein PC ist von heute auf morgen sehr sehr langsam. Spielt so gut wie keine Videos mehr (ruckelt nur) und auch das Virenprogramm findet nichts. Ein anderes Virenprogramm hat einiges gefunden und in die Quarantäne verschoben. Jedoch keine Besserung. Auch eins dieser anti-malware-Programme brachte auch keine Ergebnisse.

Leider bin ich wohl ziemlich blind und habe hier weder auf den FAQ noch auf der Checkliste gefunden wo man diese Logs erstellen kann.
Sorry dafür!!!


Ich hoffe mir kann jemand weiterhelfen, da ich den PC kaum nutzen kann.

PS: Avira hat ungewöhnlich lange (über 12 Stunden) für einen vollständigen Scan gebraucht ...


Besten Dank und viele Grüße

Hallo superzocker
Vorweg ich gehöre nicht zu den Helfern hier, ich würde Dir aber empfehlen Dich erst einmal hier durchzuarbeiten, um den Helfern Ihre Arbeit zu erleichtern.
https://www.trojaner-board.de/69886-alle-hilfesuchenden-eroeffnung-themas-beachten.html
https://www.trojaner-board.de/125889-wichtig-bitte-alle-logs-funden-posten.html

Mit freundlichen Grüßen
Tim0

Zitat:

Zitat von superzocker

PS: Avira hat ungewöhnlich lange (über 12 Stunden) für einen vollständigen Scan gebraucht ...

Dann poste mal das Log von Avira. Schon ungewöhnlich, dass Avira was findet.

Code: Alles auswählenAufklappen

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 02-10-2017 01
durchgeführt von Lukas (03-10-2017 12:33:23)
Gestartet von C:\Users\Lukas\Desktop\Trojanerboard
Windows 8.1 (Update) (X64) (2014-07-09 12:07:19)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3922937922-1857203726-1302306953-500 - Administrator - Disabled)
Gast (S-1-5-21-3922937922-1857203726-1302306953-501 - Limited - Enabled) => C:\Users\Gast
Lukas (S-1-5-21-3922937922-1857203726-1302306953-1002 - Administrator - Enabled) => C:\Users\Lukas
sonstige (S-1-5-21-3922937922-1857203726-1302306953-1004 - Limited - Enabled) => C:\Users\sonstige
UpdatusUser (S-1-5-21-3922937922-1857203726-1302306953-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Emsisoft Anti-Malware (Disabled - Out of date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Disabled - Out of date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ActiveState ActivePython 2.7.8.10 (64-bit) (HKLM\...\{1C2C54C6-AC67-4BD7-825D-D16C10AE5ABF}) (Version: 2.7.10 - ActiveState Software Inc.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Apple Application Support (32-Bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.6.2310 - AVAST Software)
Avira (HKLM-x32\...\{1B48601D-0537-4589-9952-A8989BE8249A}) (Version: 1.2.96.16095 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.31.27 - Avira Operations GmbH & Co. KG)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Cossacks: Back to War (HKLM\...\Steam App 4850) (Version:  - GSC Game World)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4.6515 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.2928 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.2.4128 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.4.3130 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.4.3122 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.1.3212 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.1.3202 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell C1765 Color MFP (HKLM-x32\...\{74A03F3A-8732-427C-B9F5-CE510DA5BAA8}) (Version: 1.052.0 - Dell Inc.) Hidden
Dell C1765 Color MFP (HKLM-x32\...\InstallShield_{74A03F3A-8732-427C-B9F5-CE510DA5BAA8}) (Version: 1.052.0 - Dell Inc.)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Farming Simulator 17 (HKLM-x32\...\FarmingSimulator2017_is1) (Version: 1.0.0.0 - GIANTS Software)
Fotogalerie (HKLM-x32\...\{0FD66C6F-4023-4C74-AF8E-9B8B2053868E}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{07F6DC37-0857-4B68-A675-4E35989E85E3}) (Version: 6.0.15.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-3922937922-1857203726-1302306953-1002\...\HPConnectedMusic) (Version: 1.1 (build 112) hp - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{1154543C-D5D0-49BE-A004-82EE0A3746AE}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7045.4591 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{3AF15EEA-8EDF-4393-BB6C-CF8A9986486A}) (Version: 7.3.35.20 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{23EF407B-E7D0-4CB6-8916-43E5B9EEFDED}) (Version: 1.0.9 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{AED1C141-3AFC-47FE-AE90-C820AA60B103}) (Version: 2.2.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
HyperCam 2 (HKLM-x32\...\HyperCam 2) (Version: 2.29.01 - Hyperionics Technology LLC)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6491.0 - IDT)
Inst5675 (HKLM\...\{2DE6247C-7077-451B-8BA7-FFD1A2ABBB47}) (Version: 8.01.11 - Softex Inc.) Hidden
Inst5676 (HKLM\...\{878F6913-7421-4713-97F7-0A736EE2A188}) (Version: 8.01.11 - Softex Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3277 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{26AA61D4-B04D-4E0D-8E20-94A8FF2EE64D}) (Version: 4.2.40.2439 - Intel Corporation)
iTunes (HKLM\...\{4046F74A-28F8-48C6-A5D3-2AFC472574C1}) (Version: 12.2.0.145 - Apple Inc.)
korAccount (HKLM-x32\...\{BE8489BF-4A92-4887-BE07-274D375440D2}) (Version: 4.0.4.1 - Kornelius)
Malwarebytes Version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 15.0.4963.1002 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4963.1002 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{3C5F91EF-5C0B-4D13-BCBE-0FC6FC3ED7F9}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{45898170-E68C-4F02-AA35-C2186BF347A3}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{6066D3FE-3692-4449-A3C8-D1EAA2C0E9E7}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 53.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 53.0.3 (x86 de)) (Version: 53.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.3.6347 - Mozilla)
Mozilla Thunderbird 45.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.4.0 (x86 de)) (Version: 45.4.0 - Mozilla)
NVIDIA Grafiktreiber 326.80 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 326.80 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 18.0.1 - OBS Project)
Office 15 Click-to-Run Extensibility Component (HKLM\...\{90150000-008C-0000-1000-0000000FF1CE}) (Version: 15.0.4953.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-007E-0000-1000-0000000FF1CE}) (Version: 15.0.4953.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM\...\{90150000-008C-0407-1000-0000000FF1CE}) (Version: 15.0.4953.1001 - Microsoft Corporation) Hidden
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Opera Stable 42.0.2393.137 (HKLM-x32\...\Opera 42.0.2393.137) (Version: 42.0.2393.137 - Opera Software)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Pixum Fotobuch (HKLM-x32\...\Pixum Fotobuch) (Version: 5.1.7 - CEWE Stiftung u Co. KGaA)
Poker at bet365 (HKU\S-1-5-21-3922937922-1857203726-1302306953-1002\...\bet365poker) (Version:  - )
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version:  - PokerStars.eu)
Ralink Bluetooth Stack64 (HKLM\...\{8A2E2A41-B814-407E-2F96-4E433C42AB78}) (Version: 11.0.739.0 - Mediatek)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.29.8105 - Mediatek)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21239 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3922937922-1857203726-1302306953-1002\...\Spotify) (Version: 1.0.16.104.g3b776c9e - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.0 - Synaptics Incorporated)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43174 - TeamViewer)
Validity WBF DDK (HKLM\...\{21498212-1146-4540-8A81-6A1328BA19F2}) (Version: 4.5.228.0 - Validity Sensors, Inc.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
Web Companion (HKLM-x32\...\{01952e59-841e-4659-879e-db44483493cb}) (Version: 2.3.1479.2868 - Lavasoft)
Windows 7 Upgrade Advisor (HKLM-x32\...\{9A4D182C-35C7-4791-8484-4304EBC9101A}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
Wisdom-soft AutoScreenRecorder 3.1 Free (HKLM-x32\...\Wisdom-soft AutoScreenRecorder 3.1 Free) (Version:  - Wisdom Software Inc.)
WISO steuer:Sparbuch 2016 (HKLM-x32\...\{0DA70A2F-798A-4D17-99FE-5D385FE167D1}) (Version: 23.00.1146 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2015 (HKLM-x32\...\{17FB2B53-BEBE-49A2-B1A3-7F2ACADC3C33}) (Version: 22.00.8811 - Buhl Data Service GmbH)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-08-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-08-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-08-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-09-23] (AVAST Software)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-08-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-08-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-08-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-09-23] (AVAST Software)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-07-30] (Cyberlink)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2015-04-26] (Apple Inc.)
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2017-09-14] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-07-30] (Cyberlink)
ContextMenuHandlers2-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL [2014-07-09] (Emsisoft GmbH)
ContextMenuHandlers2-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2014-07-09] (Emsisoft GmbH)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-09-23] (AVAST Software)
ContextMenuHandlers3-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL [2014-07-09] (Emsisoft GmbH)
ContextMenuHandlers3-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2014-07-09] (Emsisoft GmbH)
ContextMenuHandlers3-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2013-08-20] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2013-08-18] (NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-09-23] (AVAST Software)
ContextMenuHandlers6-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL [2014-07-09] (Emsisoft GmbH)
ContextMenuHandlers6-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2014-07-09] (Emsisoft GmbH)
ContextMenuHandlers6-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6-x32: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2017-09-14] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers6-x32: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\Windows\system32\StartMenuHelper64.dll [2014-04-20] (IvoSoft)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {03DAD604-9332-4495-9BC4-71A5BE70572D} - System32\Tasks\{51496455-A5C2-4AC0-9814-A1950BDA4394} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.17.0.104/de/go/help.faq.installer?source=lightinstaller&LastError=1618
Task: {05D302E0-CD21-453D-A727-7725D423736B} - System32\Tasks\{6E6C010A-93AF-482B-8309-E42A754E4CC6} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.16.73.102.456/de/abandoninstall?page=tsProgressBar
Task: {09A67DB5-F8D7-4CA7-983F-075DAB498129} - System32\Tasks\{4DB7A395-D690-4826-8D07-27145E117FE4} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.16.73.102.456/de/abandoninstall?page=tsProgressBar
Task: {0A52EC88-FF33-4EBB-8039-2D5E79F4CC9D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-08-09] (Hewlett-Packard)
Task: {0B8EE425-D9B8-4F9C-AA29-5118CE94C34B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation)
Task: {13CB4529-7270-4C01-ABAB-FB8D54AD69D5} - \BlockAndSurf_wd -> Keine Datei <==== ACHTUNG
Task: {15AD4DF7-7220-41B5-8987-222CDA199985} - System32\Tasks\{03522C62-EFB3-4A15-AD60-71D9D8982BE2} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/6.20.0.104/de/abandoninstall?page=tsProgressBar
Task: {267C319D-7B36-4DAC-AC1B-A1D0652B8113} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-09-23] (AVAST Software)
Task: {27D7C071-30AE-4349-87BE-315B8FF3A474} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-15] (Adobe Systems Incorporated)
Task: {2FAB8056-3C92-4FF8-84F0-9C20D513C880} - System32\Tasks\Opera scheduled Autoupdate 1411676062 => C:\Program Files (x86)\Opera\launcher.exe [2017-01-16] (Opera Software)
Task: {313A67D9-6360-4600-982A-317BFAB0C6AD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-03-14] (Microsoft Corporation)
Task: {48CB52FE-197C-47CE-B137-07B56C4F46AB} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-12] (CyberLink)
Task: {4A15263D-60FE-4ABE-9BB2-A3D4B7CBAB47} - System32\Tasks\{4BBC70A1-506A-4513-9958-504CD0346F8A} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.16.73.102.456/de/abandoninstall?page=tsProgressBar
Task: {506F12A5-FC1A-43A5-9A00-5AEEDE9A0A3F} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-06-07] (Hewlett-Packard Development Company, L.P.)
Task: {53FFC3DE-1F9A-4AEE-98D0-E181A6BA2389} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-08-09] (Hewlett-Packard)
Task: {5B11187C-D75B-4AE4-90F4-D4B99714EC4F} - System32\Tasks\{6FFE03CA-DA4F-4564-B9CB-F5DCF2FB0572} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.16.73.102.456/de/abandoninstall?page=tsProgressBar
Task: {6351D618-705E-4EE1-83C3-DB32A4F96C55} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {69CDCBE1-2489-4DAF-A2AC-BE232A870DBF} - System32\Tasks\{DE6E82A9-D254-45BC-82A5-9448B9EE5183} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.17.0.104/de/go/help.faq.installer?source=lightinstaller&LastError=1618
Task: {6D61A165-F4DA-497A-9933-796B7361FC40} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CND8FDK46K => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-08-09] (Hewlett-Packard)
Task: {6DD34B78-8A15-4D50-813F-CB1BD9C2E3B6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {80CB4888-0EC9-478A-9AEC-97151E56CF8C} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2017-09-14] (Avira Operations GmbH & Co. KG)
Task: {85896823-057D-41AE-B758-2649AAFED8C1} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {8A69FC0C-F62F-442A-A581-F4B34083D333} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-29] (Hewlett-Packard Company)
Task: {8F1E7921-8290-4CA9-BBD1-5BE82D327AF2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-11-29] (Hewlett-Packard Company)
Task: {8F68CBE6-7D7E-453D-9BE2-48521CDE4866} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation)
Task: {9F4DC57A-A534-468C-80E2-A0A3E989AD2C} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2017-07-11] (Microsoft Corporation)
Task: {A9B411EC-FF50-4707-93FA-A4869437429A} - System32\Tasks\{0AD3ACB7-6F41-4863-85BB-38AECE39AE6D} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.16.73.102.456/de/abandoninstall?page=tsProgressBar
Task: {A9CA9951-C57F-4C5E-BBFC-8D2AC16D394E} - \BlockAndSurf Update -> Keine Datei <==== ACHTUNG
Task: {A9DD1277-B12B-40DA-8648-DBC42EA0C277} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-29] (Hewlett-Packard Company)
Task: {BBBECFB0-10D6-4DEA-80CF-0ED90F6B6474} - System32\Tasks\Avira SystrayStartTrigger => Avira.SystrayStartTrigger.exe
Task: {BDACA459-1EE2-478D-88EA-FCD76DAAD263} - System32\Tasks\{B8F375BE-BAD2-4B73-B22F-9738C73EE55F} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.24.73.104.456/de/abandoninstall?page=tsProgressBar
Task: {CE4382CF-FFD3-4558-ACE2-FFB8F6CB5B82} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-03-14] (Microsoft Corporation)
Task: {D14C167F-993E-40F6-81C6-F733F60BBBDA} - System32\Tasks\{04A804F3-82BF-4413-8405-250A55396B0D} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.4.0.102/de/abandoninstall?page=tsProgressBar

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Verknüpfungen & WMI ========================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)


==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2014-03-28 14:31 - 2014-03-28 14:31 - 002110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-03-28 14:27 - 2014-03-28 14:27 - 000021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-03-28 14:27 - 2014-03-28 14:27 - 000035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-03-28 14:27 - 2014-03-28 14:27 - 000055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-03-28 14:48 - 2014-03-28 14:48 - 000367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-03-28 14:48 - 2014-03-28 14:48 - 000712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2015-05-16 17:47 - 2012-06-20 15:15 - 000032768 _____ () C:\Windows\system32\spool\PRTPROCS\x64\dltfm1zPP.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 000085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 001346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-21 22:01 - 2017-01-17 04:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-07-23 19:25 - 2014-07-23 19:25 - 000243912 _____ () C:\Program Files (x86)\Dell Printers\Printer SSW\Status Monitor\dlm1db.exe
2013-08-12 20:06 - 2013-08-12 20:06 - 000198120 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2013-08-12 20:06 - 2013-08-12 20:06 - 000054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2013-08-12 20:06 - 2013-08-12 20:06 - 000034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2014-03-28 14:36 - 2014-03-28 14:36 - 000065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2017-09-19 23:33 - 2017-08-24 11:27 - 002264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2014-07-09 23:28 - 2014-06-18 15:50 - 000703800 _____ () C:\Program Files (x86)\Emsisoft Anti-Malware\fw32.dll
2014-02-19 10:36 - 2013-03-12 16:51 - 000626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-12 23:53 - 2013-03-12 23:53 - 000015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-05-15 16:27 - 2015-05-15 16:27 - 001044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2017-09-23 00:31 - 2017-09-23 00:31 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-09-23 00:31 - 2017-09-23 00:31 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-09-23 00:31 - 2017-09-23 00:31 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-09-23 00:31 - 2017-09-23 00:31 - 000211904 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-09-23 00:31 - 2017-09-23 00:31 - 000241960 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-09-23 00:30 - 2017-09-23 00:30 - 000233768 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-09-23 00:31 - 2017-09-23 00:31 - 000685688 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2014-02-19 10:20 - 2013-08-09 14:25 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-3922937922-1857203726-1302306953-1002\...\localhost -> localhost

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 15:25 - 2013-08-22 15:25 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3922937922-1857203726-1302306953-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

HKU\S-1-5-21-3922937922-1857203726-1302306953-1002\...\StartupApproved\Run: => "HKCU"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{5EDD8235-BC77-4C85-84AE-BD6AED9C7CF7}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{08F50CE2-D1A9-48E9-93DF-649D96C9E1D5}] => (Allow) LPort=2869
FirewallRules: [{1D004CDB-87A6-4FBD-89E8-D476A67EB36F}] => (Allow) LPort=1900
FirewallRules: [{005F1615-6375-41F4-8CCF-D4E543B9609A}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{EAAD2A1E-D6D8-4F74-9A1C-4864D8AFC9F6}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{B5BBD5B7-8846-4F42-A83B-7C06FB065EED}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{51B223AA-DCD7-43E8-8EE2-A5ABAFD9B54D}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{61AA8F28-E5F8-47B9-80CF-5CEC7B293C02}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{E3848C26-F4AA-4F2A-91D7-274FFB095576}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{20A3FA5F-AA49-4FAD-AC91-CF7491A23A36}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{014EAE99-4B30-46F4-AAE7-B1716658E74C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{6F85F753-64A2-446E-8FD9-ABAA512145D1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{69F69FA3-EB19-4611-B3EE-114A5262CE64}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{AAFB7315-577C-4649-908D-9B04EA58F284}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{331165B1-2EE1-4CFF-8F3D-A42008F89958}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{D548EFCE-BA05-422F-B5F4-B71830785B25}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{368FA9F3-A9C0-45A8-972C-5371D2EA7217}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{8F7AC404-6B6B-487E-8ABD-DA1A62E7958C}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{3F12812F-BED7-4837-A218-E6D6939895D8}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{6810AD81-7A7C-4C7A-9ED8-CD33F833A12A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [TCP Query User{E5A43CF8-6DE6-4C4B-A53A-EEF9DE59031D}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{644E523B-B6AC-4803-B5BD-403E7667A913}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{FE0FEB6A-3ECA-4110-B219-9C24F00EA16D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{EAB72159-858C-47BD-A722-DEFABCB38E21}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2015\FarmingSimulator2015.exe
FirewallRules: [{0ADF8515-05A9-452F-9324-0D3855D2D1B4}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2015\FarmingSimulator2015.exe
FirewallRules: [{7A77D233-AB86-4575-86DF-982C713A1638}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2015\x86\FarmingSimulator2015Game.exe
FirewallRules: [{C99447C9-9CBE-466D-BEDD-79BF754AED0B}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2015\x86\FarmingSimulator2015Game.exe
FirewallRules: [{D91D4FED-2454-4918-A1A3-346E5331E260}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2015\x64\FarmingSimulator2015Game.exe
FirewallRules: [{2887FA78-8DE3-4236-8C22-A23976CA3C79}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2015\x64\FarmingSimulator2015Game.exe
FirewallRules: [TCP Query User{2E35B35A-D863-4652-B86E-D4A5998946F7}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{836293CB-0FFD-4F9B-A27C-9A6C2B4D2A8D}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{29793AF2-4259-4D98-A88A-9E4BE1D8386F}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{8778DCC3-2366-40D0-8CCD-B12558EFF153}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{DBCF8CD2-12D2-4150-BC75-EF5D450FEB6A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6D0DA6E1-20EC-47F7-AA9C-8D3A1CA36ED7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{A88A92B1-BAB2-41CB-B553-32FE43BD68FC}C:\users\lukas\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\lukas\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{2B202684-1CDD-4174-99E7-31E63450E4B1}C:\users\lukas\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\lukas\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{0BDD2666-1E5D-4E38-9BEA-ED2AD98EE930}C:\users\lukas\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\lukas\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{5791884A-7C91-4E9C-BDCD-4ACDE13FDB05}C:\users\lukas\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\lukas\appdata\roaming\spotify\spotify.exe
FirewallRules: [{A79692AD-A6E0-4BDB-8310-D871E84E3B6C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{728CE5E8-FF4E-4C14-AC6E-6ECB17A902FD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{822D244E-CCE2-49CC-870E-8D2C442CEF73}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{82CD1A74-BCC6-4868-B5A3-34170B227A06}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E2512148-8AD1-4A96-90E4-AEE92BA990E4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5896F549-81E6-414B-B173-5D115E8170EF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A5FE499F-BB98-43F3-9BDB-88ED8005C1AF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2DFE89D1-A969-45EA-8AAD-7F1C5AFE8F29}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{62A2EB92-EA6D-4FE7-9629-4D7FA8A8F218}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{C36B333A-A6BA-4745-A760-58F76F6D9AF9}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{E06A4837-66D2-44D2-97E4-79FEF223447E}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{9725E36A-E8A4-430B-9EC7-47A4984A0EFD}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{673E3EAF-735D-49AC-A800-0353DF82428E}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{9B2C2D81-6829-45D7-B12E-6EE931922B0A}] => (Allow) C:\Program Files (x86)\Farming Simulator 2017\FarmingSimulator2017.exe
FirewallRules: [{7925BD0D-65DD-4B28-A368-B43D92F00BD1}] => (Allow) C:\Program Files (x86)\Farming Simulator 2017\FarmingSimulator2017.exe
FirewallRules: [{3A1541CC-0F4A-489C-9081-37D239178C60}] => (Allow) C:\Program Files (x86)\Farming Simulator 2017\x86\FarmingSimulator2017Game.exe
FirewallRules: [{77645D65-6EAB-42C5-8050-2A77B1E5BF8D}] => (Allow) C:\Program Files (x86)\Farming Simulator 2017\x86\FarmingSimulator2017Game.exe
FirewallRules: [{81308139-1903-4648-B1F2-B21F65887CAE}] => (Allow) C:\Program Files (x86)\Farming Simulator 2017\x64\FarmingSimulator2017Game.exe
FirewallRules: [{44265A09-E565-4C53-9D87-ADCBDF6CDF5A}] => (Allow) C:\Program Files (x86)\Farming Simulator 2017\x64\FarmingSimulator2017Game.exe
FirewallRules: [{90851F5E-EFB6-4A2D-9340-A4F28EB39293}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A3336D69-1FA6-4517-AF9E-A813CA101438}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6CC4C63F-21CB-4CB7-BCD1-AD04032D4F27}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{4682D443-7620-4FEA-A188-97D34A539BA4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{6B6A30B2-CBC9-45D9-A245-E0EF727B0340}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cossacks Back to War\bin\csbtw.exe
FirewallRules: [{B9385F54-3D5D-48CF-9A9C-F996F5CAB340}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cossacks Back to War\bin\csbtw.exe
FirewallRules: [{DF512A11-C112-4899-8E2F-A2B9D98A5F76}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cossacks Back to War\bin\HView.exe
FirewallRules: [{31B622CD-B5D8-443A-81E0-A8433BFB1AAC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cossacks Back to War\bin\HView.exe
FirewallRules: [{964EA3B0-74D9-4917-9BFC-F7315793FFBE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cossacks Back to War\bin\ScenarioEditor.exe
FirewallRules: [{BF33A353-B79D-4A41-BA74-D1DD8FE4AE41}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cossacks Back to War\bin\ScenarioEditor.exe
FirewallRules: [{2565BA41-9D68-48C1-888C-47824B6BB397}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cossacks Back to War\bin\cshlp.exe
FirewallRules: [{0740D66B-FE47-4FB4-87D4-A38569F2562C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cossacks Back to War\bin\cshlp.exe
FirewallRules: [{F03FC135-3E2B-4CF4-BED5-EF21DB8E76C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cossacks Back to War\bin\dmcr.exe
FirewallRules: [{93E8995E-5E99-4F95-8FAA-4B6EAF218A1D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cossacks Back to War\bin\dmcr.exe
FirewallRules: [{EF0705B4-6BE3-41F6-8CC5-45B25B453DF4}] => (Allow) C:\Windows\SysWOW64\dplaysvr.exe
FirewallRules: [{DD82C2CD-0D9B-471F-B422-FDB99333B8CF}] => (Allow) C:\Windows\SysWOW64\dplaysvr.exe
FirewallRules: [{7C0E44A1-7597-4D82-AB23-5D5C68BE3B55}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cossacks Back to War\bin\dmcr.exe
FirewallRules: [{EA961CE3-1714-4D5A-9FF5-B99C700EDA48}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cossacks Back to War\bin\dmcr.exe
FirewallRules: [{18C736D3-860F-40C7-9EC9-D1BAA99C551B}] => (Allow) C:\Windows\SysWOW64\dplaysvr.exe
FirewallRules: [{D6A4EADC-9600-443F-9165-AD1CE43EBF61}] => (Allow) C:\Windows\SysWOW64\dplaysvr.exe
FirewallRules: [{1C44F03E-C6CA-41C3-B2DA-F958D0FE434C}] => (Allow) C:\Program Files (x86)\Opera\42.0.2393.137_0\opera.exe
FirewallRules: [{4D87931B-696C-424D-97CB-299397B7F032}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe

==================== Wiederherstellungspunkte =========================

22-09-2017 18:43:25 Geplanter Prüfpunkt

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (09/24/2017 08:56:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvtray.exe, Version: 7.17.13.2680, Zeitstempel: 0x52111a6a
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000012ba9a
ID des fehlerhaften Prozesses: 0x1190
Startzeit der fehlerhaften Anwendung: 0x01d335024770bfc8
Pfad der fehlerhaften Anwendung: C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 86b768e7-a0f5-11e7-82e3-a01d48fb08bb
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/24/2017 08:55:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvtray.exe, Version: 7.17.13.2680, Zeitstempel: 0x52111a6a
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000012ba9a
ID des fehlerhaften Prozesses: 0x1b64
Startzeit der fehlerhaften Anwendung: 0x01d33502112399f8
Pfad der fehlerhaften Anwendung: C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 53903929-a0f5-11e7-82e3-a01d48fb08bb
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/24/2017 07:29:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: msoia.exe, Version: 15.0.4919.1000, Zeitstempel: 0x58c7b4cc
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000012ba9a
ID des fehlerhaften Prozesses: 0x1ee8
Startzeit der fehlerhaften Anwendung: 0x01d334f607c29a89
Pfad der fehlerhaften Anwendung: C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 4ec1edb9-a0e9-11e7-82e3-a01d48fb08bb
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/24/2017 07:29:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: taskhost.exe, Version: 6.3.9600.17415, Zeitstempel: 0x545040f5
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000012ba9a
ID des fehlerhaften Prozesses: 0xc04
Startzeit der fehlerhaften Anwendung: 0x01d334f6033bc696
Pfad der fehlerhaften Anwendung: C:\Windows\system32\taskhost.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 48e3c1b0-a0e9-11e7-82e3-a01d48fb08bb
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/23/2017 11:59:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: msoia.exe, Version: 15.0.4919.1000, Zeitstempel: 0x58c7b4cc
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000012ba9a
ID des fehlerhaften Prozesses: 0x16b0
Startzeit der fehlerhaften Anwendung: 0x01d334b728817654
Pfad der fehlerhaften Anwendung: C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 816c925a-a0aa-11e7-82e3-a01d48fb08bb
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/23/2017 11:59:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: taskhost.exe, Version: 6.3.9600.17415, Zeitstempel: 0x545040f5
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000012ba9a
ID des fehlerhaften Prozesses: 0x19f8
Startzeit der fehlerhaften Anwendung: 0x01d334b725ef64b6
Pfad der fehlerhaften Anwendung: C:\Windows\system32\taskhost.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 6a2c8fe7-a0aa-11e7-82e3-a01d48fb08bb
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/23/2017 11:43:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: taskhost.exe, Version: 6.3.9600.17415, Zeitstempel: 0x545040f5
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000012ba9a
ID des fehlerhaften Prozesses: 0x1e8c
Startzeit der fehlerhaften Anwendung: 0x01d334b50d24265d
Pfad der fehlerhaften Anwendung: C:\Windows\system32\taskhost.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 4b13bd40-a0a8-11e7-82e3-a01d48fb08bb
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/23/2017 11:43:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvtray.exe, Version: 7.17.13.2680, Zeitstempel: 0x52111a6a
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000012ba9a
ID des fehlerhaften Prozesses: 0x1d98
Startzeit der fehlerhaften Anwendung: 0x01d334b50532220b
Pfad der fehlerhaften Anwendung: C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 44e41595-a0a8-11e7-82e3-a01d48fb08bb
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/23/2017 11:42:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.3.9600.17415, Zeitstempel: 0x54504134
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000012ba9a
ID des fehlerhaften Prozesses: 0x17e8
Startzeit der fehlerhaften Anwendung: 0x01d334b4ddeae096
Pfad der fehlerhaften Anwendung: C:\Windows\system32\DllHost.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 1ba35830-a0a8-11e7-82e3-a01d48fb08bb
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/23/2017 11:42:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.3.9600.17415, Zeitstempel: 0x54504134
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000012ba9a
ID des fehlerhaften Prozesses: 0x1d48
Startzeit der fehlerhaften Anwendung: 0x01d334b4dce49d39
Pfad der fehlerhaften Anwendung: C:\Windows\system32\DllHost.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 1aa1d97a-a0a8-11e7-82e3-a01d48fb08bb
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:


Systemfehler:
=============
Error: (10/03/2017 12:15:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Wondershare Application Framework Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (10/03/2017 12:15:05 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Wondershare Application Framework Service erreicht.

Error: (10/03/2017 12:13:11 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎24.‎09.‎2017 um 11:28:17 unerwartet heruntergefahren.

Error: (09/24/2017 07:41:57 AM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 70.

Error: (09/24/2017 02:34:01 AM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: Der Server "{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (09/23/2017 11:42:36 PM) (Source: DCOM) (EventID: 10010) (User: HP-ENVY-j105)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (09/23/2017 11:42:34 PM) (Source: DCOM) (EventID: 10010) (User: HP-ENVY-j105)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (09/23/2017 11:42:32 PM) (Source: DCOM) (EventID: 10010) (User: HP-ENVY-j105)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (09/23/2017 11:42:31 PM) (Source: DCOM) (EventID: 10010) (User: HP-ENVY-j105)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (09/23/2017 11:42:29 PM) (Source: DCOM) (EventID: 10010) (User: HP-ENVY-j105)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.


CodeIntegrity:
===================================
  Date: 2015-02-24 16:44:43.344
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\smdmf\x64\sysapcrt.dll that did not meet the Windows signing level requirements.

  Date: 2015-02-24 16:44:43.266
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\smdmf\sysapcrt.dll that did not meet the Windows signing level requirements.

  Date: 2015-02-22 21:13:35.198
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\smdmf\x64\sysapcrt.dll that did not meet the Windows signing level requirements.

  Date: 2015-02-22 21:13:35.105
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\smdmf\sysapcrt.dll that did not meet the Windows signing level requirements.

  Date: 2015-02-13 22:06:36.370
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\smdmf\x64\sysapcrt.dll that did not meet the Windows signing level requirements.

  Date: 2015-02-13 22:06:36.277
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\smdmf\sysapcrt.dll that did not meet the Windows signing level requirements.

  Date: 2015-02-12 19:31:18.071
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\smdmf\x64\sysapcrt.dll that did not meet the Windows signing level requirements.

  Date: 2015-02-12 19:31:17.992
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\smdmf\sysapcrt.dll that did not meet the Windows signing level requirements.

  Date: 2015-02-11 20:30:53.365
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\smdmf\x64\sysapcrt.dll that did not meet the Windows signing level requirements.

  Date: 2015-02-11 20:30:53.287
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\smdmf\sysapcrt.dll that did not meet the Windows signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-4702MQ CPU @ 2.20GHz
Prozentuale Nutzung des RAM: 27%
Installierter physikalischer RAM: 12220.02 MB
Verfügbarer physikalischer RAM: 8850.95 MB
Summe virtueller Speicher: 14076.02 MB
Verfügbarer virtueller Speicher: 10317.71 MB

==================== Laufwerke ================================

Drive c: (Windows) (Fixed) (Total:681.17 GB) (Free:402.32 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:16.69 GB) (Free:1.67 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 1E1F4777)

Partition: GPT.

==================== Ende von Addition.txt ============================
         

Code: Alles auswählenAufklappen

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 02-10-2017 01
durchgeführt von Lukas (Administrator) auf HP-ENVY-J105 (03-10-2017 12:32:51)
Gestartet von C:\Users\Lukas\Desktop\Trojanerboard
Geladene Profile: UpdatusUser & Lukas (Verfügbare Profile: UpdatusUser & Lukas & sonstige & Gast)
Platform: Windows 8.1 (Update) (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
() C:\Program Files (x86)\Dell Printers\Printer SSW\Status Monitor\dlm1db.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Spotify Ltd) C:\Users\Lukas\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe.old
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_27_0_0_130.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_27_0_0_130.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
() C:\Users\Lukas\Downloads\Trojanerboard\FRST64.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-16] (IDT, Inc.)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-08-02] (Synaptics Incorporated)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-06-29] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [239856 2017-09-23] (AVAST Software)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-24] (Hewlett-Packard Company)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-08-01] (CyberLink Corp.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-07-23] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [LauncherC1765nf] => C:\Program Files (x86)\Dell Printers\Printer SSW\Launcher\dlm1launcher.exe [2471928 2013-08-13] (Dell Inc.)
HKLM-x32\...\Run: [StatusAutoRunC1765nf] => C:\Program Files (x86)\Dell Printers\Printer SSW\Status Monitor\dlm1pl.exe [3846856 2014-07-23] (Dell Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3922937922-1857203726-1302306953-1002\...\Run: [Spotify Web Helper] => C:\Users\Lukas\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2030912 2015-11-06] (Spotify Ltd)
HKU\S-1-5-21-3922937922-1857203726-1302306953-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-3922937922-1857203726-1302306953-1002\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-3922937922-1857203726-1302306953-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3074336 2017-09-27] (Valve Corporation)
HKU\S-1-5-21-3922937922-1857203726-1302306953-1002\...\MountPoints2: {22e164ed-46a7-11e5-829b-a01d48fb08bb} - "F:\LaunchU3.exe" -a
HKU\S-1-5-21-3922937922-1857203726-1302306953-1002\...\MountPoints2: {2616167d-2fa7-11e4-826b-a01d48fb08bb} - "F:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-3922937922-1857203726-1302306953-1002\...\MountPoints2: {36d59514-156e-11e4-8267-a01d48fb08bb} - "F:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-3922937922-1857203726-1302306953-1002\...\MountPoints2: {d3667577-71b0-11e4-8279-a01d48fb08bb} - "F:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [43816 2015-04-26] (Apple Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2014-02-19]
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{2B715723-C260-49CE-A888-0DB5E0372283}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{59058F7F-07DC-42A6-AA42-EF44BFBC18BA}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-3922937922-1857203726-1302306953-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-3922937922-1857203726-1302306953-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-3922937922-1857203726-1302306953-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
URLSearchHook: [S-1-5-21-3922937922-1857203726-1302306953-1001] ACHTUNG => Standard URLSearchHook fehlt
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {333F16B1-26A4-4EE6-86E4-CC4CDE08DA62} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt
SearchScopes: HKU\S-1-5-21-3922937922-1857203726-1302306953-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3922937922-1857203726-1302306953-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2017-08-15] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-09-23] (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-08-15] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll [2017-08-15] (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-09-23] (AVAST Software)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL [2017-08-15] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\rfryvurn.default [2017-10-03]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\rfryvurn.default -> Bing®
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\rfryvurn.default -> default-search.net
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\rfryvurn.default -> Bing®
FF Homepage: Mozilla\Firefox\Profiles\rfryvurn.default -> www.google.de
FF NetworkProxy: Mozilla\Firefox\Profiles\rfryvurn.default -> autoconfig_url", "hxxp://chaturbate.com/"
FF NetworkProxy: Mozilla\Firefox\Profiles\rfryvurn.default -> type", 2
FF Extension: (Avast SafePrice) - C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\rfryvurn.default\Extensions\sp@avast.com.xpi [2017-09-23]
FF Extension: (Avast Online Security) - C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\rfryvurn.default\Extensions\wrc@avast.com.xpi [2017-09-23]
FF HKU\S-1-5-21-3922937922-1857203726-1302306953-1002\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\rfryvurn.default\extensions\cliqz@cliqz.com => nicht gefunden
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-15] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-10-21] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-28] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-09] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2014-10-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-01] (Adobe Systems Inc.)

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4741384 2014-07-09] (Emsisoft GmbH)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1128432 2017-09-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [490968 2017-09-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [490968 2017-09-14] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1525240 2017-09-14] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7452288 2017-09-23] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [275208 2017-09-23] (AVAST Software)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [402768 2017-08-30] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3059440 2017-07-18] (Microsoft Corporation)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink)
R2 DLNBDB; C:\Program Files (x86)\Dell Printers\Printer SSW\Status Monitor\dlm1db.exe [243912 2014-07-23] ()
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-08-29] (Hewlett-Packard Company) [Datei ist nicht signiert]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-07-23] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-22] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-09] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-12] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-09] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [Datei ist nicht signiert]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-08-16] (IDT, Inc.) [Datei ist nicht signiert]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-01] (TeamViewer GmbH)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [32768 2013-08-01] (Validity Sensors, Inc.) [Datei ist nicht signiert]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.2.219\WsAppService.exe [440832 2016-12-07] (Wondershare) [Datei ist nicht signiert]
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\dr.fone toolkit for Android\Library\DriverInstaller\DriverInstall.exe" [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [320528 2017-09-23] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [198976 2017-09-23] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [343296 2017-09-23] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [57736 2017-09-23] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [47016 2017-09-23] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [147784 2017-09-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [110376 2017-09-23] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [84416 2017-09-23] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1016384 2017-09-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [590880 2017-09-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [199312 2017-09-23] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [361784 2017-10-03] (AVAST Software)
R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [60920 2017-09-14] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [176224 2017-09-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [167464 2017-09-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [44488 2017-09-14] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [88488 2017-09-14] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [38048 2017-09-14] (Avira Operations GmbH & Co. KG)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-08-24] ()
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-08] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-08] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-07] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-07] ()
S3 ksapi64; C:\Windows\system32\drivers\ksapi64.sys [56680 2016-12-30] (Kingsoft Corporation)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [192960 2017-09-23] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\DRIVERS\farflt.sys [101824 2017-10-03] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [45472 2017-10-03] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [253888 2017-10-03] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [94144 2017-10-03] (Malwarebytes)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-09] (Intel Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [429272 2013-08-22] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-08-02] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-02] (Synaptics Incorporated)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-10-03 12:23 - 2017-10-03 12:31 - 000000000 ____D C:\Users\Lukas\Desktop\Trojanerboard
2017-09-23 23:35 - 2017-09-23 23:35 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-09-23 00:33 - 2017-09-23 00:33 - 000001945 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-09-23 00:33 - 2017-09-23 00:33 - 000000000 ____D C:\Users\Lukas\AppData\Roaming\AVAST Software
2017-09-23 00:33 - 2017-09-23 00:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-09-23 00:32 - 2017-10-03 12:22 - 000361784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2017-09-23 00:32 - 2017-09-23 00:33 - 000199312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2017-09-23 00:32 - 2017-09-23 00:32 - 000003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-09-23 00:32 - 2017-09-23 00:31 - 001016384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-09-23 00:32 - 2017-09-23 00:31 - 000590880 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-09-23 00:32 - 2017-09-23 00:31 - 000361336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.150702614143702
2017-09-23 00:32 - 2017-09-23 00:31 - 000147784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-09-23 00:32 - 2017-09-23 00:31 - 000110376 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-09-23 00:32 - 2017-09-23 00:31 - 000084416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-09-23 00:32 - 2017-09-23 00:31 - 000047016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-09-23 00:32 - 2017-09-23 00:30 - 000343296 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-09-23 00:32 - 2017-09-23 00:30 - 000320528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-09-23 00:32 - 2017-09-23 00:30 - 000198976 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-09-23 00:32 - 2017-09-23 00:30 - 000057736 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-09-23 00:31 - 2017-09-23 00:31 - 000401488 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-09-23 00:30 - 2017-10-03 12:16 - 000101824 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-09-23 00:30 - 2017-09-23 00:30 - 000000000 ____D C:\Program Files\AVAST Software
2017-09-22 18:26 - 2017-09-23 01:43 - 000000000 ____D C:\ProgramData\AVAST Software
2017-09-22 18:24 - 2017-09-22 18:24 - 006948808 _____ (AVAST Software) C:\Users\Lukas\Downloads\avast_free_antivirus_setup_online2310.exe
2017-09-22 18:23 - 2017-09-22 18:23 - 008182736 _____ (Malwarebytes) C:\Users\Lukas\Downloads\adwcleaner_7.0.2.1.exe
2017-09-20 22:08 - 2017-09-20 22:08 - 000003292 _____ C:\Windows\System32\Tasks\Avira_Antivirus_Systray
2017-09-20 22:08 - 2017-09-14 23:30 - 000176224 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2017-09-20 22:08 - 2017-09-14 23:30 - 000167464 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2017-09-20 22:08 - 2017-09-14 23:30 - 000088488 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2017-09-20 22:08 - 2017-09-14 23:30 - 000060920 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avdevprot.sys
2017-09-20 22:08 - 2017-09-14 23:30 - 000044488 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2017-09-20 22:08 - 2017-09-14 23:30 - 000038048 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avusbflt.sys
2017-09-20 21:41 - 2017-09-20 21:41 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2017-09-20 21:30 - 2017-09-20 21:30 - 001532424 _____ (CHIP Digital GmbH) C:\Users\Lukas\Downloads\AntiVir Avira Free Antivirus - CHIP-Installer.exe
2017-09-19 23:34 - 2017-10-03 12:23 - 000094144 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-09-19 23:34 - 2017-10-03 12:16 - 000045472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-09-19 23:33 - 2017-10-03 12:16 - 000253888 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-09-19 23:33 - 2017-09-19 23:33 - 000001890 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-09-19 23:33 - 2017-09-19 23:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-09-19 23:33 - 2017-09-19 23:33 - 000000000 ____D C:\Program Files\Malwarebytes
2017-09-19 23:33 - 2017-08-24 11:27 - 000077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-09-18 20:14 - 2017-09-18 20:14 - 000003122 _____ C:\Windows\System32\Tasks\Avira SystrayStartTrigger
2017-09-15 15:55 - 2017-08-19 19:27 - 000237568 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2017-09-15 15:55 - 2017-08-19 18:48 - 000215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2017-09-15 15:55 - 2017-08-18 00:07 - 000537200 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2017-09-15 15:55 - 2017-08-18 00:07 - 000140016 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2017-09-15 15:55 - 2017-08-18 00:03 - 000450392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2017-09-15 15:55 - 2017-08-18 00:03 - 000136832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2017-09-15 15:55 - 2017-08-15 16:06 - 015260160 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-09-15 15:55 - 2017-08-15 16:01 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-09-15 15:55 - 2017-08-15 16:01 - 000128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2017-09-15 15:55 - 2017-08-15 16:01 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-09-15 15:55 - 2017-08-15 15:58 - 013673984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-09-15 15:55 - 2017-08-13 20:58 - 025730560 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-09-15 15:55 - 2017-08-13 19:19 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys
2017-09-15 15:55 - 2017-08-13 19:05 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-09-15 15:55 - 2017-08-13 19:04 - 002899968 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-09-15 15:55 - 2017-08-13 18:54 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-09-15 15:55 - 2017-08-13 18:51 - 005981696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-09-15 15:55 - 2017-08-13 18:50 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-09-15 15:55 - 2017-08-13 18:29 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-09-15 15:55 - 2017-08-13 18:28 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-09-15 15:55 - 2017-08-13 18:24 - 002291200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-09-15 15:55 - 2017-08-13 18:23 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-09-15 15:55 - 2017-08-13 18:21 - 000145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2017-09-15 15:55 - 2017-08-13 18:20 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-09-15 15:55 - 2017-08-13 18:17 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-09-15 15:55 - 2017-08-13 18:15 - 007078912 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2017-09-15 15:55 - 2017-08-13 18:14 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-09-15 15:55 - 2017-08-13 18:07 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-09-15 15:55 - 2017-08-13 18:05 - 000380416 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-09-15 15:55 - 2017-08-13 18:04 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-09-15 15:55 - 2017-08-13 18:04 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-09-15 15:55 - 2017-08-13 18:01 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-09-15 15:55 - 2017-08-13 17:52 - 005274624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2017-09-15 15:55 - 2017-08-13 17:52 - 000486912 _____ (Microsoft Corporation) C:\Windows\system32\tpmvsc.dll
2017-09-15 15:55 - 2017-08-13 17:51 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-09-15 15:55 - 2017-08-13 17:48 - 004547072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-09-15 15:55 - 2017-08-13 17:46 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-09-15 15:55 - 2017-08-13 17:44 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-09-15 15:55 - 2017-08-13 17:44 - 000331776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-09-15 15:55 - 2017-08-13 17:43 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-09-15 15:55 - 2017-08-13 17:40 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-09-15 15:55 - 2017-08-13 17:27 - 001544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-09-15 15:55 - 2017-08-13 17:25 - 007797248 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2017-09-15 15:55 - 2017-08-13 17:18 - 005270016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2017-09-15 15:55 - 2017-08-13 17:18 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-09-15 15:55 - 2017-08-13 17:17 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-09-15 15:55 - 2017-08-13 17:14 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-09-15 15:55 - 2017-08-13 17:13 - 001314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-09-15 15:55 - 2017-08-12 11:30 - 022361344 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-09-15 15:55 - 2017-08-12 11:26 - 019789736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-09-15 15:55 - 2017-08-12 02:39 - 001364552 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-09-15 15:55 - 2017-08-12 01:59 - 007440728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-09-15 15:55 - 2017-08-12 01:58 - 001737600 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-09-15 15:55 - 2017-08-12 01:58 - 001502000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-09-15 15:55 - 2017-08-11 22:46 - 000367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPTpm12.dll
2017-09-15 15:55 - 2017-08-11 22:29 - 000425984 _____ (Microsoft Corporation) C:\Windows\system32\PCPTpm12.dll
2017-09-15 15:55 - 2017-08-11 22:13 - 000175616 _____ (Microsoft Corporation) C:\Windows\system32\TpmTasks.dll
2017-09-15 15:55 - 2017-08-11 05:30 - 004170240 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-09-15 15:55 - 2017-08-11 05:27 - 000281600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2017-09-15 15:55 - 2017-08-11 05:27 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-09-15 15:55 - 2017-08-11 04:38 - 000477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2017-09-15 15:55 - 2017-08-11 04:08 - 001753600 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2017-09-15 15:55 - 2017-08-11 04:08 - 000329216 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2017-09-15 15:55 - 2017-08-11 04:02 - 001084928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-09-15 15:55 - 2017-08-11 03:52 - 001491456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2017-09-15 15:55 - 2017-08-11 03:49 - 000346624 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2017-09-15 15:55 - 2017-08-11 03:44 - 001095680 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-09-15 15:55 - 2017-08-11 03:43 - 000865792 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-09-15 15:55 - 2017-08-11 03:41 - 000307200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2017-09-15 15:55 - 2017-08-06 23:20 - 000607232 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2017-09-15 15:55 - 2017-08-06 09:13 - 000530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2017-09-15 15:55 - 2017-07-22 20:34 - 000033792 _____ (Microsoft Corporation) C:\Windows\system32\iscsium.dll
2017-09-15 15:55 - 2017-07-22 19:32 - 000027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iscsium.dll
2017-09-15 15:55 - 2017-07-17 21:53 - 004298240 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2017-09-15 15:55 - 2017-07-17 01:55 - 003551744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2017-09-15 15:55 - 2017-07-14 01:03 - 002013528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-09-15 15:55 - 2017-07-12 22:29 - 000420440 _____ (Microsoft Corporation) C:\Windows\system32\wevtapi.dll
2017-09-15 15:55 - 2017-07-12 22:29 - 000075440 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-09-15 15:55 - 2017-07-12 22:25 - 000308872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wevtapi.dll
2017-09-15 15:55 - 2017-07-12 22:25 - 000066112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-09-15 15:55 - 2017-07-08 21:03 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-09-15 15:55 - 2017-07-08 20:43 - 000197632 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-09-15 15:55 - 2017-07-08 20:30 - 000039936 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-09-15 15:55 - 2017-07-08 20:20 - 000445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-09-15 15:55 - 2017-07-08 19:25 - 001436160 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-09-15 15:55 - 2017-07-08 19:00 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-09-15 15:55 - 2017-07-08 05:14 - 000100184 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-10-03 12:32 - 2014-07-10 19:22 - 000000000 ____D C:\FRST
2017-10-03 12:22 - 2013-08-22 15:36 - 000000000 ____D C:\Windows\Inf
2017-10-03 12:20 - 2014-07-09 16:01 - 000000000 ____D C:\Users\Lukas\AppData\Roaming\ClassicShell
2017-10-03 12:20 - 2014-07-09 14:13 - 000003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3922937922-1857203726-1302306953-1002
2017-10-03 12:19 - 2017-06-27 19:19 - 000000000 ____D C:\Program Files (x86)\Steam
2017-10-03 12:18 - 2016-12-12 00:18 - 000000000 ____D C:\Users\Lukas\AppData\LocalLow\Mozilla
2017-10-03 12:18 - 2015-09-09 21:30 - 000000000 ___RD C:\Users\Lukas\iCloudDrive
2017-10-03 12:18 - 2014-07-09 14:09 - 000000000 ____D C:\Users\Lukas\Documents\Youcam
2017-10-03 12:16 - 2014-07-09 23:28 - 000000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2017-10-03 12:14 - 2013-08-22 16:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-24 08:56 - 2014-07-09 21:14 - 000000000 ____D C:\Users\Lukas\AppData\Local\CrashDumps
2017-09-23 23:33 - 2014-02-19 10:20 - 000000000 ____D C:\Users\UpdatusUser
2017-09-23 23:28 - 2014-07-09 14:07 - 000000000 ____D C:\Users\Lukas
2017-09-23 23:27 - 2014-09-25 22:14 - 000000000 ____D C:\Program Files (x86)\Opera
2017-09-23 00:30 - 2014-07-11 19:18 - 000192960 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-09-22 18:30 - 2017-04-01 00:10 - 000000000 ____D C:\Users\Lukas\AppData\Local\Downloaded Installations
2017-09-22 18:30 - 2017-01-17 21:51 - 000000000 ____D C:\Users\Lukas\AppData\Roaming\Lavasoft
2017-09-22 18:30 - 2017-01-17 21:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2017-09-22 18:30 - 2017-01-17 21:51 - 000000000 ____D C:\ProgramData\Lavasoft
2017-09-22 18:30 - 2017-01-17 21:51 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2017-09-22 18:29 - 2014-07-09 21:48 - 000000000 ____D C:\AdwCleaner
2017-09-22 18:28 - 2014-09-25 22:14 - 000003876 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1411676062
2017-09-22 18:28 - 2014-09-25 22:14 - 000001064 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2017-09-21 06:21 - 2014-07-09 20:53 - 000000000 ____D C:\Users\Lukas\AppData\Roaming\Skype
2017-09-20 22:08 - 2014-12-27 21:10 - 000000000 ____D C:\ProgramData\Avira
2017-09-20 22:08 - 2014-12-27 21:10 - 000000000 ____D C:\Program Files (x86)\Avira
2017-09-20 22:08 - 2014-07-09 23:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-09-20 21:31 - 2014-07-09 20:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-09-20 00:05 - 2006-01-08 08:08 - 000000000 _RSHD C:\Users\Lukas\AppData\Roaming\install
2017-09-19 23:48 - 2014-07-09 23:33 - 000000000 ____D C:\Users\Lukas\AppData\Roaming\vlc
2017-09-19 23:33 - 2014-07-11 19:18 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-09-18 20:15 - 2014-02-19 10:23 - 000000000 ____D C:\ProgramData\Package Cache
2017-09-18 20:09 - 2014-10-21 22:01 - 000000000 ____D C:\Program Files\Microsoft Office 15
2017-09-16 18:46 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\rescache
2017-09-16 17:47 - 2013-08-22 16:44 - 000520272 _____ C:\Windows\system32\FNTCACHE.DAT
2017-09-16 12:40 - 2013-08-22 17:36 - 000000000 ___RD C:\Windows\ToastData
2017-09-16 12:39 - 2013-08-22 17:20 - 000000000 ____D C:\Windows\CbsTemp
2017-09-15 21:17 - 2013-08-22 15:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2017-09-15 16:00 - 2014-07-12 18:25 - 000000000 ____D C:\Windows\system32\MRT
2017-09-15 15:58 - 2014-07-12 18:24 - 138202976 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-09-15 15:35 - 2014-12-14 20:47 - 000004342 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-09-15 15:35 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-09-15 15:35 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\system32\Macromed
2017-09-09 13:00 - 2017-03-02 22:28 - 000000000 ___RD C:\Program Files (x86)\Skype
2017-09-09 13:00 - 2014-07-09 20:53 - 000000000 ____D C:\ProgramData\Skype

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2005-04-15 14:31 - 2015-02-24 21:22 - 000015767 ____H () C:\Users\Lukas\AppData\Roaming\Lukaslog.dat
2017-02-18 20:50 - 2017-02-18 20:50 - 000000857 _____ () C:\Users\Lukas\AppData\Local\recently-used.xbel

Einige Dateien in TEMP:
====================
2014-12-05 14:39 - 2015-01-05 22:57 - 000000000 ____D () C:\Users\Gast\AppData\Local\Temp\avgnt.exe
2014-12-04 22:27 - 2014-12-27 21:12 - 000000000 ____D () C:\Users\Lukas\AppData\Local\Temp\avgnt.exe
2017-05-18 23:12 - 2012-11-23 23:52 - 000759912 _____ (Microsoft Corporation) C:\Users\Lukas\AppData\Local\Temp\OfficeSetup.exe
2015-01-06 01:49 - 2015-01-06 01:49 - 000000000 ____D () C:\Users\sonstige\AppData\Local\Temp\avgnt.exe

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-09-23 04:39

==================== Ende von FRST.txt ============================
         

Berichte Malwarebytes:

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes
www.malwarebytes.com

-Protokolldetails-
Scan-Datum: 19.09.17
Scan-Zeit: 23:35
Protokolldatei: 77615f0a-9d82-11e7-8740-a01d48fb08bb.json
Administrator: Ja

-Softwaredaten-
Version: 3.2.2.2029
Komponentenversion: 1.0.188
Version des Aktualisierungspakets: 1.0.2845
Lizenz: Testversion

-Systemdaten-
Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: HP-ENVY-j105\Lukas

-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Ergebnis: Abgeschlossen
Gescannte Objekte: 449201
Erkannte Bedrohungen: 60
In die Quarantäne verschobene Bedrohungen: 54
Abgelaufene Zeit: 29 Min., 26 Sek.

-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung

-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)

Modul: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 16
PUP.Optional.SettingsManager, HKU\S-1-5-21-3922937922-1857203726-1302306953-501\SOFTWARE\SmdmF, Löschen bei Neustart, [6655], [242949],1.0.2845
PUP.Optional.Conduit, HKU\S-1-5-21-3922937922-1857203726-1302306953-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Löschen bei Neustart, [570], [236865],1.0.2845
PUP.Optional.Conduit, HKU\S-1-5-21-3922937922-1857203726-1302306953-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Löschen bei Neustart, [570], [236865],1.0.2845
PUP.Optional.Conduit, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, In Quarantäne, [570], [236865],1.0.2845
PUP.Optional.Conduit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, In Quarantäne, [570], [236865],1.0.2845
PUP.Optional.Conduit, HKU\S-1-5-21-3922937922-1857203726-1302306953-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, In Quarantäne, [570], [236865],1.0.2845
PUP.Optional.DefaultSearch.ShrtCln, HKU\S-1-5-21-3922937922-1857203726-1302306953-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}, Löschen bei Neustart, [10048], [237679],1.0.2845
PUP.Optional.DefaultSearch.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}, In Quarantäne, [10048], [237679],1.0.2845
PUP.Optional.DefaultSearch.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}, In Quarantäne, [10048], [237679],1.0.2845
PUP.Optional.DefaultSearch.ShrtCln, HKU\S-1-5-21-3922937922-1857203726-1302306953-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}, In Quarantäne, [10048], [237679],1.0.2845
PUP.Optional.FreeSoftToday, HKLM\SOFTWARE\WOW6432NODE\FrEeSoFtOdAy, In Quarantäne, [3367], [238538],1.0.2845
PUP.Optional.SettingsManager, HKLM\SOFTWARE\WOW6432NODE\SmdmF, In Quarantäne, [6655], [242950],1.0.2845
PUP.Optional.Revizer.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\BlockAndSurf Update, In Quarantäne, [8992], [250933],1.0.2845
PUP.Optional.Revizer.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, In Quarantäne, [8992], [-1],0.0.0
PUP.Optional.Revizer.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\BlockAndSurf_wd, In Quarantäne, [8992], [250933],1.0.2845
PUP.Optional.FastStart, HKU\S-1-5-21-3922937922-1857203726-1302306953-1002\SOFTWARE\MOZILLA\EXTENDS, In Quarantäne, [11346], [238267],1.0.2845

Registrierungswert: 30
Backdoor.SpyNet, HKU\S-1-5-21-3922937922-1857203726-1302306953-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|HKCU, In Quarantäne, [254], [198951],1.0.2845
PUP.Optional.DataMngr.AppFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, In Quarantäne, [8996], [-1],0.0.0
PUP.Optional.DataMngr.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, In Quarantäne, [8996], [-1],0.0.0
PUP.Optional.Conduit, HKU\S-1-5-21-3922937922-1857203726-1302306953-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, In Quarantäne, [570], [236865],1.0.2845
PUP.Optional.Conduit, HKU\S-1-5-21-3922937922-1857203726-1302306953-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TOPRESULTURL, In Quarantäne, [570], [236865],1.0.2845
PUP.Optional.DefaultSearch.ShrtCln, HKU\S-1-5-21-3922937922-1857203726-1302306953-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}|DISPLAYNAME, In Quarantäne, [10048], [237679],1.0.2845
PUP.Optional.DefaultSearch.ShrtCln, HKU\S-1-5-21-3922937922-1857203726-1302306953-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}|URL, In Quarantäne, [10048], [237679],1.0.2845
PUP.Optional.DefaultSearch.ShrtCln, HKU\S-1-5-21-3922937922-1857203726-1302306953-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}|SUGGESTIONSURL_JSON, In Quarantäne, [10048], [237679],1.0.2845
PUP.Optional.Bandoo.AppFlsh, HKU\S-1-5-21-3922937922-1857203726-1302306953-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}|FAVICONPATH, In Quarantäne, [8903], [253585],1.0.2845
PUP.Optional.DefaultSearch.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}|DISPLAYNAME, In Quarantäne, [10048], [237681],1.0.2845
PUP.Optional.DefaultSearch.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}|DISPLAYNAME, In Quarantäne, [10048], [237681],1.0.2845
PUP.Optional.DefaultSearch.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}|URL, In Quarantäne, [10048], [237681],1.0.2845
PUP.Optional.DefaultSearch.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}|URL, In Quarantäne, [10048], [237681],1.0.2845
PUP.Optional.DefaultSearch.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}|SUGGESTIONSURL_JSON, In Quarantäne, [10048], [237681],1.0.2845
PUP.Optional.DefaultSearch.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}|SUGGESTIONSURL_JSON, In Quarantäne, [10048], [237681],1.0.2845
PUP.Optional.Bandoo.AppFlsh, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}|FAVICONPATH, In Quarantäne, [8903], [253597],1.0.2845
PUP.Optional.Bandoo.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}|FAVICONPATH, In Quarantäne, [8903], [253597],1.0.2845
PUP.Optional.DefaultSearch.ShrtCln, HKU\S-1-5-21-3922937922-1857203726-1302306953-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}|DISPLAYNAME, In Quarantäne, [10048], [237679],1.0.2845
PUP.Optional.DefaultSearch.ShrtCln, HKU\S-1-5-21-3922937922-1857203726-1302306953-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}|URL, In Quarantäne, [10048], [237679],1.0.2845
PUP.Optional.DefaultSearch.ShrtCln, HKU\S-1-5-21-3922937922-1857203726-1302306953-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}|SUGGESTIONSURL_JSON, In Quarantäne, [10048], [237679],1.0.2845
PUP.Optional.Revizer.PrxySvrRST, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Entfernung fehlgeschlagen, [8992], [-1],0.0.0
PUP.Optional.Revizer.PrxySvrRST, HKU\S-1-5-21-3922937922-1857203726-1302306953-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, In Quarantäne, [8992], [-1],0.0.0
PUP.Optional.Revizer.PrxySvrRST, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYSERVER, Entfernung fehlgeschlagen, [8992], [-1],0.0.0
PUP.Optional.Revizer.PrxySvrRST, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYOVERRIDE, Entfernung fehlgeschlagen, [8992], [-1],0.0.0
PUP.Optional.Revizer.PrxySvrRST, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Entfernung fehlgeschlagen, [8992], [-1],0.0.0
PUP.Optional.Revizer.PrxySvrRST, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYSERVER, Entfernung fehlgeschlagen, [8992], [-1],0.0.0
PUP.Optional.Revizer.PrxySvrRST, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYOVERRIDE, Entfernung fehlgeschlagen, [8992], [-1],0.0.0
PUP.Optional.Revizer.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, In Quarantäne, [8992], [-1],0.0.0
PUP.Optional.Revizer.PrxySvrRST, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, In Quarantäne, [8992], [-1],0.0.0
PUP.Optional.FastStart, HKU\S-1-5-21-3922937922-1857203726-1302306953-1002\SOFTWARE\MOZILLA\EXTENDS|APPID, In Quarantäne, [11346], [238267],1.0.2845

Registrierungsdaten: 1
PUP.Optional.HelperBar, HKU\S-1-5-21-3922937922-1857203726-1302306953-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|DEFAULT, Ersetzt, [11445], [293091],1.0.2845

Daten-Stream: 0
(keine bösartigen Elemente erkannt)

Ordner: 2
PUP.Optional.FreeSoftwareToday, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\FREESOFTODAY, In Quarantäne, [11377], [177296],1.0.2845
PUP.Optional.DataMngr.AppFlsh, C:\USERS\GAST\APPDATA\LOCALLOW\DATAMNGR, In Quarantäne, [8996], [181454],1.0.2845

Datei: 11
Backdoor.SpyNet, C:\USERS\LUKAS\APPDATA\ROAMING\INSTALL\SVCHOST.EXE, In Quarantäne, [254], [198951],1.0.2845
PUP.Optional.FreeSoftwareToday, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FrEeSoFtOdAy\Freesofttoday.lnk, In Quarantäne, [11377], [177296],1.0.2845
PUP.Optional.DefaultSearch.ShrtCln, C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\BROWSER\SEARCHPLUGINS\DEFAULT-SEARCH.XML, In Quarantäne, [10048], [237677],1.0.2845
PUP.Optional.WebInstr, C:\WINDOWS\SYSTEM32\DRIVERS\Msft_Kernel_webinstr_01009.Wdf, In Quarantäne, [14363], [244814],1.0.2845
PUP.Optional.DataMngr.AppFlsh, C:\Users\Gast\AppData\LocalLow\DataMngr\{99BB1406-1CFB-488C-90D1-2D978E04F707}64, In Quarantäne, [8996], [181454],1.0.2845
PUP.Optional.Conduit, C:\USERS\LUKAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RFRYVURN.DEFAULT\PREFS.JS, Ersetzt, [570], [301520],1.0.2845
PUP.Optional.DefaultSearch.ShrtCln, C:\USERS\LUKAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RFRYVURN.DEFAULT\PREFS.JS, Ersetzt, [10048], [301536],1.0.2845
PUP.Optional.DownloadGuide, C:\$RECYCLE.BIN\S-1-5-21-3922937922-1857203726-1302306953-1002\$RJTS2MW.EXE, In Quarantäne, [182], [100902],1.0.2845
PUP.Optional.DownloadSponsor, C:\USERS\LUKAS\APPDATA\LOCAL\TEMP\DMR\DMR_72.EXE, In Quarantäne, [515], [373684],1.0.2845
PUP.Optional.SpeedingUpMyPC, C:\USERS\LUKAS\APPDATA\LOCAL\TEMP\IS45637729\21980965_STP.EXE, In Quarantäne, [910], [331684],1.0.2845
PUP.Optional.DownloadGuide, C:\USERS\LUKAS\DOWNLOADS\KORACCOUNT_CB-DL-MANAGER.EXE, In Quarantäne, [182], [100902],1.0.2845

Physischer Sektor: 0
(keine bösartigen Elemente erkannt)


(end)
         

Ich wollte das Log von Avira. Die Auswertung von Farbar Malwarebytes erfolgt in der Malwarefraktion. Dort gibt es dafür die Fachleute.

Hey Felix,

sorry dass ich mich so lang nicht gemeldet habe. Wird immer misteriöser. Am Anfang geht er manchmal einigermasen und nach paar minuten geht so gut wie gar nichts. Bis ich avira und co. überhaupt offen habe vergeht eine ewigkeit.

War zwar der meinung das avira vor kurzem was gefunden habe, jedoch finde ich keinen bericht, der einen fund enthält ...???

wie könnte ich jetzt noch weiterkommen?


besten dank viele grüße

Code: Alles auswählenAufklappen

ATTFilter

AV: Emsisoft Anti-Malware (Disabled - Out of date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
         

Du hast drei AV drauf und wunderst dich dass der Rechner langsam ist? Dein Ernst?

Wenn du ne Lizenz für Emsi hast, lass das drauf, ansonsten alles deinstallieren!!