| |
| |||||||
Log-Analyse und Auswertung: mein System ist extrem langsam, es wird durch etwas ausgebremst das von malwarebytes nicht gefunden wirdWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
17.12.2017, 21:52
| #1 |
 |  mein System ist extrem langsam, es wird durch etwas ausgebremst das von malwarebytes nicht gefunden wird Hallo mein computer braucht sehr lange zum aufstarten und tools wie z.b. excel, word oder den browser (firefox) zu starten. Ich habe mal frst durchlaufen lassen, die logs findet ihr im anschluss. Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2017
durchgeführt von BTA_AW- (Administrator) auf ASUSLAPTOPRUEDI (17-12-2017 18:51:11)
Gestartet von C:\Users\BTA_AW-\Desktop\Trojaner-Board.de
Geladene Profile: BTA_AW- & DefaultAppPool (Verfügbare Profile: BTA_AW- & BTA-User & ruedi & Gast & DefaultAppPool)
Platform: Windows 10 Home Version 1703 15063.786 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: "D:\Firefox\firefox.exe" -osint -url "%1")
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\NisSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ABBYY Production LLC) D:\Abbyy\ABBYY PDF Transformer+\NetworkLicenseServer.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(VMware, Inc.) D:\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe
(VMware, Inc.) D:\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
(VMware, Inc.) D:\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(Mozilla Corporation) D:\Firefox\firefox.exe
(Mozilla Corporation) D:\Firefox\firefox.exe
(Mozilla Corporation) D:\Firefox\firefox.exe
(Mozilla Corporation) D:\Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Windows Mobile Device Center] => C:\WINDOWS\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-26] (Logitech, Inc.)
HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [1878016 2017-04-21] (WinZip)
HKLM\...\Run: [WinZip PreLoader] => C:\Program Files\WinZip\WzPreloader.exe [124360 2017-04-21] (WinZip Computing, S.L.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-10-20] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-05-03] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1597440 2010-07-02] ()
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [235624 2015-01-09] (CANON INC.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567928 2017-12-05] (Dropbox, Inc.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => D:\KeePass_Password_Safe_2\KeePass.exe [2720144 2015-08-09] (Dominik Reichl)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67896 2017-10-18] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [1053656 2017-07-04] (DivX, LLC)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1298456 2015-04-20] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE [128608 2007-06-17] (CANON INC.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2010-06-25] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2957650136-178916342-3901743012-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-01-30] (Google Inc.)
HKU\S-1-5-21-2957650136-178916342-3901743012-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-10-19] (Apple Inc.)
HKU\S-1-5-21-2957650136-178916342-3901743012-1000\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2017-10-19] (Apple Inc.)
HKU\S-1-5-21-2957650136-178916342-3901743012-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-10-19] (Apple Inc.)
HKU\S-1-5-21-2957650136-178916342-3901743012-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517120 2017-03-18] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk [2011-01-30]
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk [2011-01-30]
ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe (Acresso Software Inc.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{286dd5ce-1e90-47c7-a1b5-646b1d6289bc}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5dc6ac75-fa1d-471e-a601-9b379d96dc3f}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{7c89e611-9766-4b18-b3c7-2a0ba85376ef}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{9ef5c35a-5672-427d-9082-44029a91ba6c}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{a1645a7f-20fd-4451-bef3-2cc5f2262fd2}: [NameServer] 62.109.121.17
Tcpip\..\Interfaces\{c758c481-fc2e-4658-9551-f30aef4ba5cb}: [NameServer] 195.67.199.27
Tcpip\..\Interfaces\{c75cc92e-271c-472c-aa06-967ea07d3e66}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{d0ae4d03-70cb-466b-a3a9-638d3b764934}: [NameServer] 62.109.121.17
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2957650136-178916342-3901743012-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2957650136-178916342-3901743012-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SKY2&ocid=SKY2DHP&osmkt=de-ch
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-09-14] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-09-14] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
Toolbar: HKU\S-1-5-21-2957650136-178916342-3901743012-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
DPF: HKLM-x32 {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} C:\Users\BTA_AW-\AppData\Local\Temp\f5tmp\f5tunsrv.cab
DPF: HKLM-x32 {45B69029-F3AB-4204-92DE-D5140C3E8E74} C:\Users\BTA-AD~1\AppData\Local\Temp\IXP000.TMP\InstallerControl.cab#-1,-1,-1,-1
DPF: HKLM-x32 {E0FF21FA-B857-45C5-8621-F120A0C17FF2} C:\Users\BTA-AD~1\AppData\Local\Temp\f5tmp\urxhost.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-06-01] (Skype Technologies)
FireFox:
========
FF DefaultProfile: d75ytnjn.default
FF ProfilePath: C:\Users\BTA_AW-\AppData\Roaming\Mozilla\Firefox\Profiles\rbfsl4sw.default-1490712399358 [2017-12-17]
FF Extension: (F5 Networks Host Plugin) - C:\Users\BTA_AW-\AppData\Roaming\Mozilla\Firefox\Profiles\rbfsl4sw.default-1490712399358\Extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52} [2017-03-31] [Legacy]
FF ProfilePath: C:\Users\BTA_AW-\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\d75ytnjn.default [2017-10-05]
FF Extension: (Czech (CZ) Language Pack) - C:\Users\BTA_AW-\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\d75ytnjn.default\Extensions\langpack-cs@bluegriffon.org.xpi [2017-10-05] [Legacy] [ist nicht signiert]
FF Extension: (Deutsch (DE) Language Pack) - C:\Users\BTA_AW-\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\d75ytnjn.default\Extensions\langpack-de@bluegriffon.org.xpi [2017-10-05] [Legacy] [ist nicht signiert]
FF Extension: (English (US) Language Pack) - C:\Users\BTA_AW-\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\d75ytnjn.default\Extensions\langpack-en-US@bluegriffon.org.xpi [2017-10-05] [Legacy] [ist nicht signiert]
FF Extension: (Español (España) Language Pack) - C:\Users\BTA_AW-\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\d75ytnjn.default\Extensions\langpack-es-ES@bluegriffon.org.xpi [2017-10-05] [Legacy] [ist nicht signiert]
FF Extension: (Finnish Language Pack) - C:\Users\BTA_AW-\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\d75ytnjn.default\Extensions\langpack-fi@bluegriffon.org.xpi [2017-10-05] [Legacy] [ist nicht signiert]
FF Extension: (Français Language Pack) - C:\Users\BTA_AW-\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\d75ytnjn.default\Extensions\langpack-fr@bluegriffon.org.xpi [2017-10-05] [Legacy] [ist nicht signiert]
FF Extension: (Galego (España) Language Pack) - C:\Users\BTA_AW-\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\d75ytnjn.default\Extensions\langpack-gl@bluegriffon.org.xpi [2017-10-05] [Legacy] [ist nicht signiert]
FF Extension: (Hebrew (IL) Language Pack) - C:\Users\BTA_AW-\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\d75ytnjn.default\Extensions\langpack-he@bluegriffon.org.xpi [2017-10-05] [Legacy] [ist nicht signiert]
FF Extension: (Magyar (HU) Language Pack) - C:\Users\BTA_AW-\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\d75ytnjn.default\Extensions\langpack-hu@bluegriffon.org.xpi [2017-10-05] [Legacy] [ist nicht signiert]
FF Extension: (Italiano (IT) Language Pack) - C:\Users\BTA_AW-\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\d75ytnjn.default\Extensions\langpack-it@bluegriffon.org.xpi [2017-10-05] [Legacy] [ist nicht signiert]
FF Extension: (Japanese Language Pack) - C:\Users\BTA_AW-\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\d75ytnjn.default\Extensions\langpack-ja@bluegriffon.org.xpi [2017-10-05] [Legacy] [ist nicht signiert]
FF Extension: (Korean (KR) Language Pack) - C:\Users\BTA_AW-\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\d75ytnjn.default\Extensions\langpack-ko@bluegriffon.org.xpi [2017-10-05] [Legacy] [ist nicht signiert]
FF Extension: (Nederlands (NL) Language Pack) - C:\Users\BTA_AW-\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\d75ytnjn.default\Extensions\langpack-nl@bluegriffon.org.xpi [2017-10-05] [Legacy] [ist nicht signiert]
FF Extension: (Polski Language Pack) - C:\Users\BTA_AW-\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\d75ytnjn.default\Extensions\langpack-pl@bluegriffon.org.xpi [2017-10-05] [Legacy] [ist nicht signiert]
FF Extension: (Russian (RU) Language Pack) - C:\Users\BTA_AW-\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\d75ytnjn.default\Extensions\langpack-ru@bluegriffon.org.xpi [2017-10-05] [Legacy] [ist nicht signiert]
FF Extension: (Slovenski jezik Language Pack) - C:\Users\BTA_AW-\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\d75ytnjn.default\Extensions\langpack-sl@bluegriffon.org.xpi [2017-10-05] [Legacy] [ist nicht signiert]
FF Extension: (српски (sr) Language Pack) - C:\Users\BTA_AW-\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\d75ytnjn.default\Extensions\langpack-sr@bluegriffon.org.xpi [2017-10-05] [Legacy] [ist nicht signiert]
FF Extension: (Svenska (SE) Language Pack) - C:\Users\BTA_AW-\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\d75ytnjn.default\Extensions\langpack-sv-SE@bluegriffon.org.xpi [2017-10-05] [Legacy] [ist nicht signiert]
FF Extension: (Chinese Simplified (zh-CN) Language Pack) - C:\Users\BTA_AW-\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\d75ytnjn.default\Extensions\langpack-zh-CN@bluegriffon.org.xpi [2017-10-05] [Legacy] [ist nicht signiert]
FF Extension: (Traditional Chinese (zh-TW) Language Pack) - C:\Users\BTA_AW-\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\d75ytnjn.default\Extensions\langpack-zh-TW@bluegriffon.org.xpi [2017-10-05] [Legacy] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter3\FirefoxAddOns\netsight@nielsen.xpi => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-03-04] [Legacy] [ist nicht signiert]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-17] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-17] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2017-08-07] (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-09-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-09-14] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nielsen/FirefoxTracker -> C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter3\FirefoxAddOns\npfirefoxtracker.dll [Keine Datei]
FF Plugin-x32: @photodex.com/PhotodexPresenter -> C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll [2013-05-30] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
StartMenuInternet: FIREFOX.EXE - D:\Firefox\firefox.exe
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2957650136-178916342-3901743012-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S2 ABBYY.Licensing.PDFTransformer.Classic.3.0; D:\Abby\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [759048 2010-02-01] (ABBYY)
R2 ABBYY.Licensing.PDFTransformer.Classic.4.0; D:\Abbyy\ABBYY PDF Transformer+\NetworkLicenseServer.exe [965848 2015-06-22] (ABBYY Production LLC)
R3 ADSMService; C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe [225280 2008-03-31] (ASUSTek Computer Inc.) [Datei ist nicht signiert]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-10-11] (Apple Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-07-08] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-07-08] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51016 2017-12-05] (Dropbox, Inc.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144072 2015-10-07] (ELAN Microelectronics Corp.)
R2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2010-09-17] (Firebird Project) [Datei ist nicht signiert]
R2 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [3735552 2010-09-17] (Firebird Project) [Datei ist nicht signiert]
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-10-01] (Intel Corporation) [Datei ist nicht signiert]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-02-08] (Hewlett-Packard) [Datei ist nicht signiert]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-02-08] (Hewlett-Packard) [Datei ist nicht signiert]
R3 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-04-06] () [Datei ist nicht signiert]
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-10-01] (Intel Corporation) [Datei ist nicht signiert]
R2 vmware-converter-agent; D:\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [423576 2012-10-15] (VMware, Inc.)
R2 vmware-converter-server; D:\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [423576 2012-10-15] (VMware, Inc.)
R2 vmware-converter-worker; D:\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [423576 2012-10-15] (VMware, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\NisSrv.exe [356176 2017-12-07] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe [105792 2017-12-07] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
S3 bmdrvr; C:\Windows\SysWow64\drivers\bmdrvr.sys [74352 2011-03-15] (VMware, Inc.)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2014-11-02] (Emsisoft GmbH)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-10-04] ()
R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [15416 2009-07-20] ( )
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [192952 2017-10-18] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2017-12-17] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [45504 2017-12-17] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [252232 2017-11-15] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-12-17] (Malwarebytes)
R1 MpKsl86754805; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{33C715AE-35D4-45A9-9C06-2FF544985A0D}\MpKsl86754805.sys [58120 2017-12-17] (Microsoft Corporation)
S3 mtkmbim; C:\WINDOWS\System32\drivers\mtkmbim7_x64.sys [282448 2017-01-03] (MBB)
S3 phantomtap; C:\WINDOWS\System32\drivers\phantomtap.sys [45056 2017-05-18] (The OpenVPN Project)
S3 RRNetCap; C:\WINDOWS\system32\DRIVERS\rrnetcap.sys [37480 2013-01-14] (RapidSolution Software AG)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 seehcri; C:\WINDOWS\System32\drivers\seehcri.sys [34032 2008-01-09] (Sony Ericsson Mobile Communications)
R2 TurboB; C:\WINDOWS\System32\DRIVERS\TurboB.sys [13784 2009-08-06] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2017-12-07] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288848 2017-12-07] (Microsoft Corporation)
S3 wdf_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [82944 2017-01-03] (MBB)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2017-12-07] (Microsoft Corporation)
U3 idsvc; kein ImagePath
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-12-17 18:51 - 2017-12-17 18:51 - 000000000 ____D C:\FRST
2017-12-17 18:40 - 2017-12-17 18:51 - 000000000 ____D C:\Users\BTA_AW-\Desktop\Trojaner-Board.de
2017-12-17 18:22 - 2017-12-17 18:22 - 000000000 ___HD C:\OneDriveTemp
2017-12-17 18:07 - 2017-12-17 18:17 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2017-12-17 18:04 - 2017-12-17 18:04 - 000000000 ___SD C:\WINDOWS\UpdateAssistantV2
2017-12-12 21:45 - 2017-11-30 04:33 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\OOBEUpdater.exe
2017-12-12 21:45 - 2017-11-30 04:29 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-12-12 21:45 - 2017-11-30 04:23 - 001194248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-12-12 21:45 - 2017-11-30 04:00 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-12-12 21:45 - 2017-11-30 03:59 - 023678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-12-12 21:45 - 2017-11-30 03:58 - 006763128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-12-12 21:45 - 2017-11-30 03:58 - 000702032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-12-12 21:45 - 2017-11-30 03:57 - 001123968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-12-12 21:45 - 2017-11-30 03:45 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-12-12 21:45 - 2017-11-30 03:44 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-12-12 21:45 - 2017-11-30 03:44 - 019334144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-12-12 21:45 - 2017-11-30 03:44 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-12-12 21:45 - 2017-11-30 03:43 - 020511232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-12-12 21:45 - 2017-11-30 03:43 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-12-12 21:45 - 2017-11-30 03:43 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-12-12 21:45 - 2017-11-30 03:42 - 000560640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2017-12-12 21:45 - 2017-11-30 03:42 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2017-12-12 21:45 - 2017-11-30 03:42 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscript.ocx
2017-12-12 21:45 - 2017-11-30 03:42 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-12-12 21:45 - 2017-11-30 03:41 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-12-12 21:45 - 2017-11-30 03:41 - 000146944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscript.exe
2017-12-12 21:45 - 2017-11-30 03:40 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-12-12 21:45 - 2017-11-30 03:40 - 000585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-12-12 21:45 - 2017-11-30 03:40 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2017-12-12 21:45 - 2017-11-30 03:40 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrobj.dll
2017-12-12 21:45 - 2017-11-30 03:40 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscript.exe
2017-12-12 21:45 - 2017-11-30 03:39 - 011888640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-12-12 21:45 - 2017-11-30 03:38 - 008195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-12-12 21:45 - 2017-11-30 03:38 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-12-12 21:45 - 2017-11-30 03:38 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-12-12 21:45 - 2017-11-30 03:38 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-12-12 21:45 - 2017-11-30 03:37 - 006252544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-12-12 21:45 - 2017-11-30 03:37 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-12-12 21:45 - 2017-11-30 03:36 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-12-12 21:45 - 2017-11-30 03:36 - 004726784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-12-12 21:45 - 2017-11-30 03:36 - 003652096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-12-12 21:45 - 2017-11-30 03:36 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-12-12 21:45 - 2017-11-30 03:36 - 000755200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-12-12 21:45 - 2017-11-30 03:36 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-12-12 21:45 - 2017-11-30 03:35 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-12-12 21:45 - 2017-11-30 03:34 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-12-12 21:45 - 2017-11-17 10:31 - 000223640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-12-12 21:45 - 2017-11-17 10:00 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-12-12 21:44 - 2017-11-30 04:33 - 001144728 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-12-12 21:44 - 2017-11-30 04:33 - 001015704 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-12-12 21:44 - 2017-11-30 04:26 - 002647216 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-12-12 21:44 - 2017-11-30 04:24 - 000870896 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-12-12 21:44 - 2017-11-30 04:23 - 007910960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-12-12 21:44 - 2017-11-30 03:45 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-12-12 21:44 - 2017-11-30 03:44 - 000171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2017-12-12 21:44 - 2017-11-30 03:44 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2017-12-12 21:44 - 2017-11-30 03:43 - 000164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscript.exe
2017-12-12 21:44 - 2017-11-30 03:42 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-12-12 21:44 - 2017-11-30 03:42 - 000304640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2017-12-12 21:44 - 2017-11-30 03:42 - 000164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe
2017-12-12 21:44 - 2017-11-30 03:41 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-12-12 21:44 - 2017-11-30 03:41 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2017-12-12 21:44 - 2017-11-30 03:41 - 000222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll
2017-12-12 21:44 - 2017-11-30 03:39 - 003206656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-12-12 21:44 - 2017-11-30 03:39 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-12-12 21:44 - 2017-11-30 03:39 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-12-12 21:44 - 2017-11-30 03:38 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-12-12 21:44 - 2017-11-30 03:37 - 003306496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-12-12 21:44 - 2017-11-30 03:37 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-12-12 21:44 - 2017-11-30 03:36 - 001802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-12-12 21:44 - 2017-11-30 03:36 - 001398784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-12-12 21:44 - 2017-11-17 10:46 - 002032536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-12-12 21:44 - 2017-11-17 10:46 - 001578904 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-12-12 21:44 - 2017-11-17 10:46 - 000821656 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-12-12 21:44 - 2017-11-17 10:46 - 000678808 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-12-12 21:44 - 2017-11-17 10:46 - 000613784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-12-12 21:44 - 2017-11-17 10:46 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-12-12 21:44 - 2017-11-17 10:46 - 000484248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-12-12 21:44 - 2017-11-17 10:46 - 000379288 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-12-12 21:44 - 2017-11-17 10:46 - 000259992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-12-12 21:44 - 2017-11-17 10:46 - 000190360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-12-12 21:44 - 2017-11-17 10:46 - 000136088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-12-12 21:44 - 2017-11-17 10:46 - 000067992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2017-12-12 21:44 - 2017-11-17 10:46 - 000034712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-12-12 21:44 - 2017-11-17 10:41 - 000503704 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2017-12-12 21:44 - 2017-11-17 10:39 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-12-12 21:44 - 2017-11-17 10:39 - 000643200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-12-12 21:44 - 2017-11-17 10:37 - 021353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-12-12 21:44 - 2017-11-17 10:03 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-12-12 21:44 - 2017-11-17 09:59 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-12-12 21:44 - 2017-11-17 09:56 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-12-11 17:36 - 2017-12-11 18:02 - 000001708 _____ C:\Users\BTA_AW-\Downloads\Gospelprojekt 2017.zip
2017-12-08 19:28 - 2017-12-08 19:28 - 000007043 _____ C:\Users\BTA_AW-\AppData\Local\recently-used.xbel
2017-12-05 23:34 - 2017-12-05 23:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-12-05 02:06 - 2017-12-05 02:06 - 000051016 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-12-05 02:06 - 2017-12-05 02:06 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-12-05 02:06 - 2017-12-05 02:06 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-12-05 02:06 - 2017-12-05 02:06 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-12-04 18:38 - 2017-12-04 18:38 - 000423049 _____ C:\Users\BTA_AW-\Downloads\Maenneerweekend2018_web.pdf
2017-12-02 15:12 - 2017-12-02 15:12 - 000150586 _____ C:\Users\BTA_AW-\Downloads\doc(10).pdf
2017-12-02 15:12 - 2017-12-02 15:12 - 000149112 _____ C:\Users\BTA_AW-\Downloads\doc(9).pdf
2017-12-02 15:12 - 2017-12-02 15:12 - 000149111 _____ C:\Users\BTA_AW-\Downloads\doc(8).pdf
2017-12-02 15:12 - 2017-12-02 15:12 - 000149109 _____ C:\Users\BTA_AW-\Downloads\doc(11).pdf
2017-11-26 15:51 - 2017-11-26 15:51 - 000427256 _____ (Roadkil.Net ) C:\Users\BTA_AW-\Downloads\UnstopCpy_5_2_Win2K_UP_Setup.exe
2017-11-25 16:35 - 2017-11-25 16:35 - 000079579 _____ C:\Users\BTA_AW-\Downloads\eTicket_25112017163535_3377511_59735771.pdf
2017-11-25 16:31 - 2017-11-25 16:31 - 000079579 _____ C:\Users\BTA_AW-\Downloads\eTicket_25112017163137_3377511_59497459.pdf
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-12-17 18:33 - 2016-11-19 10:49 - 000000000 ____D C:\Users\BTA_AW-\AppData\LocalLow\Mozilla
2017-12-17 18:30 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\rescache
2017-12-17 18:22 - 2016-03-13 11:42 - 000000000 ___RD C:\Users\BTA_AW-\OneDrive
2017-12-17 18:21 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-12-17 18:21 - 2016-03-13 11:36 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-12-17 18:09 - 2017-07-18 13:56 - 000000000 ____D C:\Users\BTA_AW-
2017-12-17 18:07 - 2017-10-18 19:53 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-12-17 18:07 - 2017-10-18 19:53 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-12-17 18:07 - 2017-10-18 19:53 - 000045504 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-12-17 18:07 - 2017-07-18 13:50 - 000437600 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-12-17 18:06 - 2017-07-18 14:34 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-12-17 18:05 - 2017-03-18 12:40 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2017-12-17 18:04 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\SysWOW64\en-GB
2017-12-17 18:04 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-12-17 18:04 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\en-GB
2017-12-17 18:04 - 2017-03-18 22:01 - 000000000 ____D C:\WINDOWS\INF
2017-12-17 17:37 - 2017-03-18 22:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-12-17 17:34 - 2016-03-13 11:35 - 000000000 ____D C:\Users\BTA_AW-\AppData\Local\Packages
2017-12-17 17:29 - 2017-03-18 21:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-12-17 17:26 - 2017-07-18 13:50 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-12-17 17:09 - 2017-07-18 13:55 - 003325330 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-12-17 17:09 - 2017-03-20 05:35 - 001559454 _____ C:\WINDOWS\system32\perfh007.dat
2017-12-17 17:09 - 2017-03-20 05:35 - 000385326 _____ C:\WINDOWS\system32\perfc007.dat
2017-12-17 17:00 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-12-17 17:00 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-12-12 22:11 - 2013-08-14 12:43 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-12-12 22:00 - 2017-10-16 17:04 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-12-12 22:00 - 2011-03-25 11:10 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-12-12 21:14 - 2017-07-18 14:34 - 000004174 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7031A4AE-2238-4B34-989A-EB74E2386289}
2017-12-09 09:57 - 2017-09-23 09:23 - 000000000 ____D C:\Users\BTA_AW-\.gimp-2.8
2017-12-08 19:28 - 2016-11-22 21:50 - 000000000 ____D C:\Users\BTA_AW-\AppData\Local\gtk-2.0
2017-12-08 17:47 - 2017-08-20 22:53 - 000003380 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2957650136-178916342-3901743012-1000
2017-12-08 17:47 - 2016-03-13 11:42 - 000002442 _____ C:\Users\BTA_AW-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-12-05 23:34 - 2016-07-08 15:10 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-12-02 03:25 - 2017-03-18 22:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-12-02 03:25 - 2017-03-18 22:06 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-30 04:04 - 2009-07-29 07:03 - 000395310 __RSH C:\bootmgr
2017-11-22 17:28 - 2016-07-22 13:35 - 000545440 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-11-19 17:59 - 2017-11-02 20:52 - 000000000 ____D C:\Program Files\WinZip Smart Monitor
2017-11-19 17:58 - 2017-11-02 20:52 - 000000000 ____D C:\ProgramData\WinZip
2017-11-19 17:11 - 2011-03-24 18:37 - 000000000 ____D C:\Users\BTA_AW-\AppData\Roaming\Mozilla
2017-11-18 05:17 - 2012-08-15 18:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2013-02-25 18:13 - 2016-04-29 18:38 - 000021872 _____ () C:\Users\BTA_AW-\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
2011-12-27 18:28 - 2016-04-29 18:35 - 000021876 _____ () C:\Users\BTA_AW-\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
2013-04-26 16:56 - 2013-04-26 16:56 - 000022232 _____ () C:\Users\BTA_AW-\AppData\Roaming\Microsoft Excel 97-2003.ADR
2016-04-29 18:41 - 2016-04-29 18:41 - 000022426 _____ () C:\Users\BTA_AW-\AppData\Roaming\Tabulatorgetrennte Werte (Windows).ADR
2012-03-31 18:49 - 2013-01-14 17:11 - 000000000 _____ () C:\Users\BTA_AW-\AppData\Roaming\Woodwinds
2012-03-31 18:50 - 2013-01-14 17:12 - 000000000 _____ () C:\Users\BTA_AW-\AppData\Roaming\Work - Home
2012-03-31 18:49 - 2013-01-14 17:11 - 000000000 _____ () C:\Users\BTA_AW-\AppData\Roaming\Workflows
2017-12-08 19:28 - 2017-12-08 19:28 - 000007043 _____ () C:\Users\BTA_AW-\AppData\Local\recently-used.xbel
2013-01-26 20:06 - 2015-01-10 12:43 - 000007616 _____ () C:\Users\BTA_AW-\AppData\Local\Resmon.ResmonCfg
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-12-10 22:43
==================== Ende von FRST.txt ============================
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2017
durchgeführt von BTA_AW- (Administrator) auf ASUSLAPTOPRUEDI (17-12-2017 18:51:11)
Gestartet von C:\Users\BTA_AW-\Desktop\Trojaner-Board.de
Geladene Profile: BTA_AW- & DefaultAppPool (Verfügbare Profile: BTA_AW- & BTA-User & ruedi & Gast & DefaultAppPool)
Platform: Windows 10 Home Version 1703 15063.786 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: "D:\Firefox\firefox.exe" -osint -url "%1")
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\NisSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ABBYY Production LLC) D:\Abbyy\ABBYY PDF Transformer+\NetworkLicenseServer.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(VMware, Inc.) D:\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe
(VMware, Inc.) D:\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
(VMware, Inc.) D:\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(Mozilla Corporation) D:\Firefox\firefox.exe
(Mozilla Corporation) D:\Firefox\firefox.exe
(Mozilla Corporation) D:\Firefox\firefox.exe
(Mozilla Corporation) D:\Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Windows Mobile Device Center] => C:\WINDOWS\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-26] (Logitech, Inc.)
HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [1878016 2017-04-21] (WinZip)
HKLM\...\Run: [WinZip PreLoader] => C:\Program Files\WinZip\WzPreloader.exe [124360 2017-04-21] (WinZip Computing, S.L.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-10-20] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-05-03] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1597440 2010-07-02] ()
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [235624 2015-01-09] (CANON INC.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567928 2017-12-05] (Dropbox, Inc.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => D:\KeePass_Password_Safe_2\KeePass.exe [2720144 2015-08-09] (Dominik Reichl)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67896 2017-10-18] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [1053656 2017-07-04] (DivX, LLC)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1298456 2015-04-20] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE [128608 2007-06-17] (CANON INC.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2010-06-25] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2957650136-178916342-3901743012-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-01-30] (Google Inc.)
HKU\S-1-5-21-2957650136-178916342-3901743012-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-10-19] (Apple Inc.)
HKU\S-1-5-21-2957650136-178916342-3901743012-1000\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2017-10-19] (Apple Inc.)
HKU\S-1-5-21-2957650136-178916342-3901743012-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-10-19] (Apple Inc.)
HKU\S-1-5-21-2957650136-178916342-3901743012-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517120 2017-03-18] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk [2011-01-30]
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk [2011-01-30]
ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe (Acresso Software Inc.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{286dd5ce-1e90-47c7-a1b5-646b1d6289bc}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5dc6ac75-fa1d-471e-a601-9b379d96dc3f}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{7c89e611-9766-4b18-b3c7-2a0ba85376ef}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{9ef5c35a-5672-427d-9082-44029a91ba6c}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{a1645a7f-20fd-4451-bef3-2cc5f2262fd2}: [NameServer] 62.109.121.17
Tcpip\..\Interfaces\{c758c481-fc2e-4658-9551-f30aef4ba5cb}: [NameServer] 195.67.199.27
Tcpip\..\Interfaces\{c75cc92e-271c-472c-aa06-967ea07d3e66}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{d0ae4d03-70cb-466b-a3a9-638d3b764934}: [NameServer] 62.109.121.17
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2957650136-178916342-3901743012-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2957650136-178916342-3901743012-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SKY2&ocid=SKY2DHP&osmkt=de-ch
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-09-14] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-09-14] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
Toolbar: HKU\S-1-5-21-2957650136-178916342-3901743012-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
DPF: HKLM-x32 {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} C:\Users\BTA_AW-\AppData\Local\Temp\f5tmp\f5tunsrv.cab
DPF: HKLM-x32 {45B69029-F3AB-4204-92DE-D5140C3E8E74} C:\Users\BTA-AD~1\AppData\Local\Temp\IXP000.TMP\InstallerControl.cab#-1,-1,-1,-1
DPF: HKLM-x32 {E0FF21FA-B857-45C5-8621-F120A0C17FF2} C:\Users\BTA-AD~1\AppData\Local\Temp\f5tmp\urxhost.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-06-01] (Skype Technologies)
FireFox:
========
FF DefaultProfile: d75ytnjn.default
FF ProfilePath: C:\Users\BTA_AW-\AppData\Roaming\Mozilla\Firefox\Profiles\rbfsl4sw.default-1490712399358 [2017-12-17]
FF Extension: (F5 Networks Host Plugin) - C:\Users\BTA_AW-\AppData\Roaming\Mozilla\Firefox\Profiles\rbfsl4sw.default-1490712399358\Extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52} [2017-03-31] [Legacy]
FF ProfilePath: C:\Users\BTA_AW-\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\d75ytnjn.default [2017-10-05]
FF Extension: (Czech (CZ) Language Pack) - C:\Users\BTA_AW-\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\d75ytnjn.default\Extensions\langpack-cs@bluegriffon.org.xpi [2017-10-05] [Legacy] [ist nicht signiert]
FF Extension: (Deutsch (DE) Language Pack) - C:\Users\BTA_AW-\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\d75ytnjn.default\Extensions\langpack-de@bluegriffon.org.xpi [2017-10-05] [Legacy] [ist nicht signiert]
FF Extension: (English (US) Language Pack) - C:\Users\BTA_AW-\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\d75ytnjn.default\Extensions\langpack-en-US@bluegriffon.org.xpi [2017-10-05] [Legacy] [ist nicht signiert]
FF Extension: (Español (España) Language Pack) - C:\Users\BTA_AW-\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\d75ytnjn.default\Extensions\langpack-es-ES@bluegriffon.org.xpi [2017-10-05] [Legacy] [ist nicht signiert]
FF Extension: (Finnish Language Pack) - C:\Users\BTA_AW-\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\d75ytnjn.default\Extensions\langpack-fi@bluegriffon.org.xpi [2017-10-05] [Legacy] [ist nicht signiert]
FF Extension: (Français Language Pack) - C:\Users\BTA_AW-\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\d75ytnjn.default\Extensions\langpack-fr@bluegriffon.org.xpi [2017-10-05] [Legacy] [ist nicht signiert]
FF Extension: (Galego (España) Language Pack) - C:\Users\BTA_AW-\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\d75ytnjn.default\Extensions\langpack-gl@bluegriffon.org.xpi [2017-10-05] [Legacy] [ist nicht signiert]
FF Extension: (Hebrew (IL) Language Pack) - C:\Users\BTA_AW-\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\d75ytnjn.default\Extensions\langpack-he@bluegriffon.org.xpi [2017-10-05] [Legacy] [ist nicht signiert]
FF Extension: (Magyar (HU) Language Pack) - C:\Users\BTA_AW-\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\d75ytnjn.default\Extensions\langpack-hu@bluegriffon.org.xpi [2017-10-05] [Legacy] [ist nicht signiert]
FF Extension: (Italiano (IT) Language Pack) - C:\Users\BTA_AW-\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\d75ytnjn.default\Extensions\langpack-it@bluegriffon.org.xpi [2017-10-05] [Legacy] [ist nicht signiert]
FF Extension: (Japanese Language Pack) - C:\Users\BTA_AW-\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\d75ytnjn.default\Extensions\langpack-ja@bluegriffon.org.xpi [2017-10-05] [Legacy] [ist nicht signiert]
FF Extension: (Korean (KR) Language Pack) - C:\Users\BTA_AW-\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\d75ytnjn.default\Extensions\langpack-ko@bluegriffon.org.xpi [2017-10-05] [Legacy] [ist nicht signiert]
FF Extension: (Nederlands (NL) Language Pack) - C:\Users\BTA_AW-\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\d75ytnjn.default\Extensions\langpack-nl@bluegriffon.org.xpi [2017-10-05] [Legacy] [ist nicht signiert]
FF Extension: (Polski Language Pack) - C:\Users\BTA_AW-\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\d75ytnjn.default\Extensions\langpack-pl@bluegriffon.org.xpi [2017-10-05] [Legacy] [ist nicht signiert]
FF Extension: (Russian (RU) Language Pack) - C:\Users\BTA_AW-\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\d75ytnjn.default\Extensions\langpack-ru@bluegriffon.org.xpi [2017-10-05] [Legacy] [ist nicht signiert]
FF Extension: (Slovenski jezik Language Pack) - C:\Users\BTA_AW-\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\d75ytnjn.default\Extensions\langpack-sl@bluegriffon.org.xpi [2017-10-05] [Legacy] [ist nicht signiert]
FF Extension: (српски (sr) Language Pack) - C:\Users\BTA_AW-\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\d75ytnjn.default\Extensions\langpack-sr@bluegriffon.org.xpi [2017-10-05] [Legacy] [ist nicht signiert]
FF Extension: (Svenska (SE) Language Pack) - C:\Users\BTA_AW-\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\d75ytnjn.default\Extensions\langpack-sv-SE@bluegriffon.org.xpi [2017-10-05] [Legacy] [ist nicht signiert]
FF Extension: (Chinese Simplified (zh-CN) Language Pack) - C:\Users\BTA_AW-\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\d75ytnjn.default\Extensions\langpack-zh-CN@bluegriffon.org.xpi [2017-10-05] [Legacy] [ist nicht signiert]
FF Extension: (Traditional Chinese (zh-TW) Language Pack) - C:\Users\BTA_AW-\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\d75ytnjn.default\Extensions\langpack-zh-TW@bluegriffon.org.xpi [2017-10-05] [Legacy] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter3\FirefoxAddOns\netsight@nielsen.xpi => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-03-04] [Legacy] [ist nicht signiert]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-17] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-17] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2017-08-07] (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-09-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-09-14] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nielsen/FirefoxTracker -> C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter3\FirefoxAddOns\npfirefoxtracker.dll [Keine Datei]
FF Plugin-x32: @photodex.com/PhotodexPresenter -> C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll [2013-05-30] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
StartMenuInternet: FIREFOX.EXE - D:\Firefox\firefox.exe
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2957650136-178916342-3901743012-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S2 ABBYY.Licensing.PDFTransformer.Classic.3.0; D:\Abby\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [759048 2010-02-01] (ABBYY)
R2 ABBYY.Licensing.PDFTransformer.Classic.4.0; D:\Abbyy\ABBYY PDF Transformer+\NetworkLicenseServer.exe [965848 2015-06-22] (ABBYY Production LLC)
R3 ADSMService; C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe [225280 2008-03-31] (ASUSTek Computer Inc.) [Datei ist nicht signiert]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-10-11] (Apple Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-07-08] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-07-08] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51016 2017-12-05] (Dropbox, Inc.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144072 2015-10-07] (ELAN Microelectronics Corp.)
R2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2010-09-17] (Firebird Project) [Datei ist nicht signiert]
R2 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [3735552 2010-09-17] (Firebird Project) [Datei ist nicht signiert]
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-10-01] (Intel Corporation) [Datei ist nicht signiert]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-02-08] (Hewlett-Packard) [Datei ist nicht signiert]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-02-08] (Hewlett-Packard) [Datei ist nicht signiert]
R3 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-04-06] () [Datei ist nicht signiert]
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-10-01] (Intel Corporation) [Datei ist nicht signiert]
R2 vmware-converter-agent; D:\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [423576 2012-10-15] (VMware, Inc.)
R2 vmware-converter-server; D:\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [423576 2012-10-15] (VMware, Inc.)
R2 vmware-converter-worker; D:\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [423576 2012-10-15] (VMware, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\NisSrv.exe [356176 2017-12-07] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe [105792 2017-12-07] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
S3 bmdrvr; C:\Windows\SysWow64\drivers\bmdrvr.sys [74352 2011-03-15] (VMware, Inc.)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2014-11-02] (Emsisoft GmbH)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-10-04] ()
R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [15416 2009-07-20] ( )
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [192952 2017-10-18] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2017-12-17] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [45504 2017-12-17] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [252232 2017-11-15] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-12-17] (Malwarebytes)
R1 MpKsl86754805; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{33C715AE-35D4-45A9-9C06-2FF544985A0D}\MpKsl86754805.sys [58120 2017-12-17] (Microsoft Corporation)
S3 mtkmbim; C:\WINDOWS\System32\drivers\mtkmbim7_x64.sys [282448 2017-01-03] (MBB)
S3 phantomtap; C:\WINDOWS\System32\drivers\phantomtap.sys [45056 2017-05-18] (The OpenVPN Project)
S3 RRNetCap; C:\WINDOWS\system32\DRIVERS\rrnetcap.sys [37480 2013-01-14] (RapidSolution Software AG)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 seehcri; C:\WINDOWS\System32\drivers\seehcri.sys [34032 2008-01-09] (Sony Ericsson Mobile Communications)
R2 TurboB; C:\WINDOWS\System32\DRIVERS\TurboB.sys [13784 2009-08-06] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2017-12-07] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288848 2017-12-07] (Microsoft Corporation)
S3 wdf_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [82944 2017-01-03] (MBB)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2017-12-07] (Microsoft Corporation)
U3 idsvc; kein ImagePath
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-12-17 18:51 - 2017-12-17 18:51 - 000000000 ____D C:\FRST
2017-12-17 18:40 - 2017-12-17 18:51 - 000000000 ____D C:\Users\BTA_AW-\Desktop\Trojaner-Board.de
2017-12-17 18:22 - 2017-12-17 18:22 - 000000000 ___HD C:\OneDriveTemp
2017-12-17 18:07 - 2017-12-17 18:17 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2017-12-17 18:04 - 2017-12-17 18:04 - 000000000 ___SD C:\WINDOWS\UpdateAssistantV2
2017-12-12 21:45 - 2017-11-30 04:33 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\OOBEUpdater.exe
2017-12-12 21:45 - 2017-11-30 04:29 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-12-12 21:45 - 2017-11-30 04:23 - 001194248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-12-12 21:45 - 2017-11-30 04:00 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-12-12 21:45 - 2017-11-30 03:59 - 023678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-12-12 21:45 - 2017-11-30 03:58 - 006763128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-12-12 21:45 - 2017-11-30 03:58 - 000702032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-12-12 21:45 - 2017-11-30 03:57 - 001123968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-12-12 21:45 - 2017-11-30 03:45 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-12-12 21:45 - 2017-11-30 03:44 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-12-12 21:45 - 2017-11-30 03:44 - 019334144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-12-12 21:45 - 2017-11-30 03:44 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-12-12 21:45 - 2017-11-30 03:43 - 020511232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-12-12 21:45 - 2017-11-30 03:43 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-12-12 21:45 - 2017-11-30 03:43 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-12-12 21:45 - 2017-11-30 03:42 - 000560640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2017-12-12 21:45 - 2017-11-30 03:42 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2017-12-12 21:45 - 2017-11-30 03:42 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscript.ocx
2017-12-12 21:45 - 2017-11-30 03:42 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-12-12 21:45 - 2017-11-30 03:41 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-12-12 21:45 - 2017-11-30 03:41 - 000146944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscript.exe
2017-12-12 21:45 - 2017-11-30 03:40 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-12-12 21:45 - 2017-11-30 03:40 - 000585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-12-12 21:45 - 2017-11-30 03:40 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2017-12-12 21:45 - 2017-11-30 03:40 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrobj.dll
2017-12-12 21:45 - 2017-11-30 03:40 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscript.exe
2017-12-12 21:45 - 2017-11-30 03:39 - 011888640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-12-12 21:45 - 2017-11-30 03:38 - 008195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-12-12 21:45 - 2017-11-30 03:38 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-12-12 21:45 - 2017-11-30 03:38 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-12-12 21:45 - 2017-11-30 03:38 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-12-12 21:45 - 2017-11-30 03:37 - 006252544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-12-12 21:45 - 2017-11-30 03:37 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-12-12 21:45 - 2017-11-30 03:36 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-12-12 21:45 - 2017-11-30 03:36 - 004726784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-12-12 21:45 - 2017-11-30 03:36 - 003652096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-12-12 21:45 - 2017-11-30 03:36 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-12-12 21:45 - 2017-11-30 03:36 - 000755200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-12-12 21:45 - 2017-11-30 03:36 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-12-12 21:45 - 2017-11-30 03:35 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-12-12 21:45 - 2017-11-30 03:34 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-12-12 21:45 - 2017-11-17 10:31 - 000223640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-12-12 21:45 - 2017-11-17 10:00 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-12-12 21:44 - 2017-11-30 04:33 - 001144728 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-12-12 21:44 - 2017-11-30 04:33 - 001015704 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-12-12 21:44 - 2017-11-30 04:26 - 002647216 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-12-12 21:44 - 2017-11-30 04:24 - 000870896 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-12-12 21:44 - 2017-11-30 04:23 - 007910960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-12-12 21:44 - 2017-11-30 03:45 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-12-12 21:44 - 2017-11-30 03:44 - 000171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2017-12-12 21:44 - 2017-11-30 03:44 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2017-12-12 21:44 - 2017-11-30 03:43 - 000164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscript.exe
2017-12-12 21:44 - 2017-11-30 03:42 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-12-12 21:44 - 2017-11-30 03:42 - 000304640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2017-12-12 21:44 - 2017-11-30 03:42 - 000164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe
2017-12-12 21:44 - 2017-11-30 03:41 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-12-12 21:44 - 2017-11-30 03:41 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2017-12-12 21:44 - 2017-11-30 03:41 - 000222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll
2017-12-12 21:44 - 2017-11-30 03:39 - 003206656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-12-12 21:44 - 2017-11-30 03:39 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-12-12 21:44 - 2017-11-30 03:39 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-12-12 21:44 - 2017-11-30 03:38 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-12-12 21:44 - 2017-11-30 03:37 - 003306496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-12-12 21:44 - 2017-11-30 03:37 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-12-12 21:44 - 2017-11-30 03:36 - 001802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-12-12 21:44 - 2017-11-30 03:36 - 001398784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-12-12 21:44 - 2017-11-17 10:46 - 002032536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-12-12 21:44 - 2017-11-17 10:46 - 001578904 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-12-12 21:44 - 2017-11-17 10:46 - 000821656 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-12-12 21:44 - 2017-11-17 10:46 - 000678808 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-12-12 21:44 - 2017-11-17 10:46 - 000613784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-12-12 21:44 - 2017-11-17 10:46 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-12-12 21:44 - 2017-11-17 10:46 - 000484248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-12-12 21:44 - 2017-11-17 10:46 - 000379288 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-12-12 21:44 - 2017-11-17 10:46 - 000259992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-12-12 21:44 - 2017-11-17 10:46 - 000190360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-12-12 21:44 - 2017-11-17 10:46 - 000136088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-12-12 21:44 - 2017-11-17 10:46 - 000067992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2017-12-12 21:44 - 2017-11-17 10:46 - 000034712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-12-12 21:44 - 2017-11-17 10:41 - 000503704 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2017-12-12 21:44 - 2017-11-17 10:39 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-12-12 21:44 - 2017-11-17 10:39 - 000643200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-12-12 21:44 - 2017-11-17 10:37 - 021353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-12-12 21:44 - 2017-11-17 10:03 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-12-12 21:44 - 2017-11-17 09:59 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-12-12 21:44 - 2017-11-17 09:56 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-12-11 17:36 - 2017-12-11 18:02 - 000001708 _____ C:\Users\BTA_AW-\Downloads\Gospelprojekt 2017.zip
2017-12-08 19:28 - 2017-12-08 19:28 - 000007043 _____ C:\Users\BTA_AW-\AppData\Local\recently-used.xbel
2017-12-05 23:34 - 2017-12-05 23:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-12-05 02:06 - 2017-12-05 02:06 - 000051016 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-12-05 02:06 - 2017-12-05 02:06 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-12-05 02:06 - 2017-12-05 02:06 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-12-05 02:06 - 2017-12-05 02:06 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-12-04 18:38 - 2017-12-04 18:38 - 000423049 _____ C:\Users\BTA_AW-\Downloads\Maenneerweekend2018_web.pdf
2017-12-02 15:12 - 2017-12-02 15:12 - 000150586 _____ C:\Users\BTA_AW-\Downloads\doc(10).pdf
2017-12-02 15:12 - 2017-12-02 15:12 - 000149112 _____ C:\Users\BTA_AW-\Downloads\doc(9).pdf
2017-12-02 15:12 - 2017-12-02 15:12 - 000149111 _____ C:\Users\BTA_AW-\Downloads\doc(8).pdf
2017-12-02 15:12 - 2017-12-02 15:12 - 000149109 _____ C:\Users\BTA_AW-\Downloads\doc(11).pdf
2017-11-26 15:51 - 2017-11-26 15:51 - 000427256 _____ (Roadkil.Net ) C:\Users\BTA_AW-\Downloads\UnstopCpy_5_2_Win2K_UP_Setup.exe
2017-11-25 16:35 - 2017-11-25 16:35 - 000079579 _____ C:\Users\BTA_AW-\Downloads\eTicket_25112017163535_3377511_59735771.pdf
2017-11-25 16:31 - 2017-11-25 16:31 - 000079579 _____ C:\Users\BTA_AW-\Downloads\eTicket_25112017163137_3377511_59497459.pdf
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-12-17 18:33 - 2016-11-19 10:49 - 000000000 ____D C:\Users\BTA_AW-\AppData\LocalLow\Mozilla
2017-12-17 18:30 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\rescache
2017-12-17 18:22 - 2016-03-13 11:42 - 000000000 ___RD C:\Users\BTA_AW-\OneDrive
2017-12-17 18:21 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-12-17 18:21 - 2016-03-13 11:36 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-12-17 18:09 - 2017-07-18 13:56 - 000000000 ____D C:\Users\BTA_AW-
2017-12-17 18:07 - 2017-10-18 19:53 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-12-17 18:07 - 2017-10-18 19:53 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-12-17 18:07 - 2017-10-18 19:53 - 000045504 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-12-17 18:07 - 2017-07-18 13:50 - 000437600 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-12-17 18:06 - 2017-07-18 14:34 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-12-17 18:05 - 2017-03-18 12:40 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2017-12-17 18:04 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\SysWOW64\en-GB
2017-12-17 18:04 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-12-17 18:04 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\en-GB
2017-12-17 18:04 - 2017-03-18 22:01 - 000000000 ____D C:\WINDOWS\INF
2017-12-17 17:37 - 2017-03-18 22:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-12-17 17:34 - 2016-03-13 11:35 - 000000000 ____D C:\Users\BTA_AW-\AppData\Local\Packages
2017-12-17 17:29 - 2017-03-18 21:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-12-17 17:26 - 2017-07-18 13:50 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-12-17 17:09 - 2017-07-18 13:55 - 003325330 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-12-17 17:09 - 2017-03-20 05:35 - 001559454 _____ C:\WINDOWS\system32\perfh007.dat
2017-12-17 17:09 - 2017-03-20 05:35 - 000385326 _____ C:\WINDOWS\system32\perfc007.dat
2017-12-17 17:00 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-12-17 17:00 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-12-12 22:11 - 2013-08-14 12:43 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-12-12 22:00 - 2017-10-16 17:04 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-12-12 22:00 - 2011-03-25 11:10 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-12-12 21:14 - 2017-07-18 14:34 - 000004174 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7031A4AE-2238-4B34-989A-EB74E2386289}
2017-12-09 09:57 - 2017-09-23 09:23 - 000000000 ____D C:\Users\BTA_AW-\.gimp-2.8
2017-12-08 19:28 - 2016-11-22 21:50 - 000000000 ____D C:\Users\BTA_AW-\AppData\Local\gtk-2.0
2017-12-08 17:47 - 2017-08-20 22:53 - 000003380 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2957650136-178916342-3901743012-1000
2017-12-08 17:47 - 2016-03-13 11:42 - 000002442 _____ C:\Users\BTA_AW-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-12-05 23:34 - 2016-07-08 15:10 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-12-02 03:25 - 2017-03-18 22:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-12-02 03:25 - 2017-03-18 22:06 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-30 04:04 - 2009-07-29 07:03 - 000395310 __RSH C:\bootmgr
2017-11-22 17:28 - 2016-07-22 13:35 - 000545440 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-11-19 17:59 - 2017-11-02 20:52 - 000000000 ____D C:\Program Files\WinZip Smart Monitor
2017-11-19 17:58 - 2017-11-02 20:52 - 000000000 ____D C:\ProgramData\WinZip
2017-11-19 17:11 - 2011-03-24 18:37 - 000000000 ____D C:\Users\BTA_AW-\AppData\Roaming\Mozilla
2017-11-18 05:17 - 2012-08-15 18:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2013-02-25 18:13 - 2016-04-29 18:38 - 000021872 _____ () C:\Users\BTA_AW-\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
2011-12-27 18:28 - 2016-04-29 18:35 - 000021876 _____ () C:\Users\BTA_AW-\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
2013-04-26 16:56 - 2013-04-26 16:56 - 000022232 _____ () C:\Users\BTA_AW-\AppData\Roaming\Microsoft Excel 97-2003.ADR
2016-04-29 18:41 - 2016-04-29 18:41 - 000022426 _____ () C:\Users\BTA_AW-\AppData\Roaming\Tabulatorgetrennte Werte (Windows).ADR
2012-03-31 18:49 - 2013-01-14 17:11 - 000000000 _____ () C:\Users\BTA_AW-\AppData\Roaming\Woodwinds
2012-03-31 18:50 - 2013-01-14 17:12 - 000000000 _____ () C:\Users\BTA_AW-\AppData\Roaming\Work - Home
2012-03-31 18:49 - 2013-01-14 17:11 - 000000000 _____ () C:\Users\BTA_AW-\AppData\Roaming\Workflows
2017-12-08 19:28 - 2017-12-08 19:28 - 000007043 _____ () C:\Users\BTA_AW-\AppData\Local\recently-used.xbel
2013-01-26 20:06 - 2015-01-10 12:43 - 000007616 _____ () C:\Users\BTA_AW-\AppData\Local\Resmon.ResmonCfg
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-12-10 22:43
==================== Ende von FRST.txt ============================
|
|
17.12.2017, 21:53
| #2 |
| | zugehörige addition.log zugehörige addition.log
__________________Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2017
durchgeführt von BTA_AW- (Administrator) auf ASUSLAPTOPRUEDI (17-12-2017 18:51:11)
Gestartet von C:\Users\BTA_AW-\Desktop\Trojaner-Board.de
Geladene Profile: BTA_AW- & DefaultAppPool (Verfügbare Profile: BTA_AW- & BTA-User & ruedi & Gast & DefaultAppPool)
Platform: Windows 10 Home Version 1703 15063.786 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: "D:\Firefox\firefox.exe" -osint -url "%1")
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\NisSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ABBYY Production LLC) D:\Abbyy\ABBYY PDF Transformer+\NetworkLicenseServer.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(VMware, Inc.) D:\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe
(VMware, Inc.) D:\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
(VMware, Inc.) D:\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(Mozilla Corporation) D:\Firefox\firefox.exe
(Mozilla Corporation) D:\Firefox\firefox.exe
(Mozilla Corporation) D:\Firefox\firefox.exe
(Mozilla Corporation) D:\Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Windows Mobile Device Center] => C:\WINDOWS\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-26] (Logitech, Inc.)
HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [1878016 2017-04-21] (WinZip)
HKLM\...\Run: [WinZip PreLoader] => C:\Program Files\WinZip\WzPreloader.exe [124360 2017-04-21] (WinZip Computing, S.L.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-10-20] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-05-03] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1597440 2010-07-02] ()
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [235624 2015-01-09] (CANON INC.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567928 2017-12-05] (Dropbox, Inc.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => D:\KeePass_Password_Safe_2\KeePass.exe [2720144 2015-08-09] (Dominik Reichl)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67896 2017-10-18] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [1053656 2017-07-04] (DivX, LLC)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1298456 2015-04-20] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE [128608 2007-06-17] (CANON INC.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2010-06-25] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2957650136-178916342-3901743012-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-01-30] (Google Inc.)
HKU\S-1-5-21-2957650136-178916342-3901743012-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-10-19] (Apple Inc.)
HKU\S-1-5-21-2957650136-178916342-3901743012-1000\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2017-10-19] (Apple Inc.)
HKU\S-1-5-21-2957650136-178916342-3901743012-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-10-19] (Apple Inc.)
HKU\S-1-5-21-2957650136-178916342-3901743012-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517120 2017-03-18] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk [2011-01-30]
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk [2011-01-30]
ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe (Acresso Software Inc.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{286dd5ce-1e90-47c7-a1b5-646b1d6289bc}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5dc6ac75-fa1d-471e-a601-9b379d96dc3f}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{7c89e611-9766-4b18-b3c7-2a0ba85376ef}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{9ef5c35a-5672-427d-9082-44029a91ba6c}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{a1645a7f-20fd-4451-bef3-2cc5f2262fd2}: [NameServer] 62.109.121.17
Tcpip\..\Interfaces\{c758c481-fc2e-4658-9551-f30aef4ba5cb}: [NameServer] 195.67.199.27
Tcpip\..\Interfaces\{c75cc92e-271c-472c-aa06-967ea07d3e66}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{d0ae4d03-70cb-466b-a3a9-638d3b764934}: [NameServer] 62.109.121.17
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2957650136-178916342-3901743012-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2957650136-178916342-3901743012-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SKY2&ocid=SKY2DHP&osmkt=de-ch
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-09-14] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-09-14] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
Toolbar: HKU\S-1-5-21-2957650136-178916342-3901743012-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
DPF: HKLM-x32 {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} C:\Users\BTA_AW-\AppData\Local\Temp\f5tmp\f5tunsrv.cab
DPF: HKLM-x32 {45B69029-F3AB-4204-92DE-D5140C3E8E74} C:\Users\BTA-AD~1\AppData\Local\Temp\IXP000.TMP\InstallerControl.cab#-1,-1,-1,-1
DPF: HKLM-x32 {E0FF21FA-B857-45C5-8621-F120A0C17FF2} C:\Users\BTA-AD~1\AppData\Local\Temp\f5tmp\urxhost.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-06-01] (Skype Technologies)
FireFox:
========
FF DefaultProfile: d75ytnjn.default
FF ProfilePath: C:\Users\BTA_AW-\AppData\Roaming\Mozilla\Firefox\Profiles\rbfsl4sw.default-1490712399358 [2017-12-17]
FF Extension: (F5 Networks Host Plugin) - C:\Users\BTA_AW-\AppData\Roaming\Mozilla\Firefox\Profiles\rbfsl4sw.default-1490712399358\Extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52} [2017-03-31] [Legacy]
FF ProfilePath: C:\Users\BTA_AW-\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\d75ytnjn.default [2017-10-05]
FF Extension: (Czech (CZ) Language Pack) - C:\Users\BTA_AW-\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\d75ytnjn.default\Extensions\langpack-cs@bluegriffon.org.xpi [2017-10-05] [Legacy] [ist nicht signiert]
FF Extension: (Deutsch (DE) Language Pack) - C:\Users\BTA_AW-\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\d75ytnjn.default\Extensions\langpack-de@bluegriffon.org.xpi [2017-10-05] [Legacy] [ist nicht signiert]
FF Extension: (English (US) Language Pack) - C:\Users\BTA_AW-\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\d75ytnjn.default\Extensions\langpack-en-US@bluegriffon.org.xpi [2017-10-05] [Legacy] [ist nicht signiert]
FF Extension: (Español (España) Language Pack) - C:\Users\BTA_AW-\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\d75ytnjn.default\Extensions\langpack-es-ES@bluegriffon.org.xpi [2017-10-05] [Legacy] [ist nicht signiert]
FF Extension: (Finnish Language Pack) - C:\Users\BTA_AW-\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\d75ytnjn.default\Extensions\langpack-fi@bluegriffon.org.xpi [2017-10-05] [Legacy] [ist nicht signiert]
FF Extension: (Français Language Pack) - C:\Users\BTA_AW-\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\d75ytnjn.default\Extensions\langpack-fr@bluegriffon.org.xpi [2017-10-05] [Legacy] [ist nicht signiert]
FF Extension: (Galego (España) Language Pack) - C:\Users\BTA_AW-\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\d75ytnjn.default\Extensions\langpack-gl@bluegriffon.org.xpi [2017-10-05] [Legacy] [ist nicht signiert]
FF Extension: (Hebrew (IL) Language Pack) - C:\Users\BTA_AW-\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\d75ytnjn.default\Extensions\langpack-he@bluegriffon.org.xpi [2017-10-05] [Legacy] [ist nicht signiert]
FF Extension: (Magyar (HU) Language Pack) - C:\Users\BTA_AW-\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\d75ytnjn.default\Extensions\langpack-hu@bluegriffon.org.xpi [2017-10-05] [Legacy] [ist nicht signiert]
FF Extension: (Italiano (IT) Language Pack) - C:\Users\BTA_AW-\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\d75ytnjn.default\Extensions\langpack-it@bluegriffon.org.xpi [2017-10-05] [Legacy] [ist nicht signiert]
FF Extension: (Japanese Language Pack) - C:\Users\BTA_AW-\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\d75ytnjn.default\Extensions\langpack-ja@bluegriffon.org.xpi [2017-10-05] [Legacy] [ist nicht signiert]
FF Extension: (Korean (KR) Language Pack) - C:\Users\BTA_AW-\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\d75ytnjn.default\Extensions\langpack-ko@bluegriffon.org.xpi [2017-10-05] [Legacy] [ist nicht signiert]
FF Extension: (Nederlands (NL) Language Pack) - C:\Users\BTA_AW-\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\d75ytnjn.default\Extensions\langpack-nl@bluegriffon.org.xpi [2017-10-05] [Legacy] [ist nicht signiert]
FF Extension: (Polski Language Pack) - C:\Users\BTA_AW-\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\d75ytnjn.default\Extensions\langpack-pl@bluegriffon.org.xpi [2017-10-05] [Legacy] [ist nicht signiert]
FF Extension: (Russian (RU) Language Pack) - C:\Users\BTA_AW-\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\d75ytnjn.default\Extensions\langpack-ru@bluegriffon.org.xpi [2017-10-05] [Legacy] [ist nicht signiert]
FF Extension: (Slovenski jezik Language Pack) - C:\Users\BTA_AW-\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\d75ytnjn.default\Extensions\langpack-sl@bluegriffon.org.xpi [2017-10-05] [Legacy] [ist nicht signiert]
FF Extension: (српски (sr) Language Pack) - C:\Users\BTA_AW-\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\d75ytnjn.default\Extensions\langpack-sr@bluegriffon.org.xpi [2017-10-05] [Legacy] [ist nicht signiert]
FF Extension: (Svenska (SE) Language Pack) - C:\Users\BTA_AW-\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\d75ytnjn.default\Extensions\langpack-sv-SE@bluegriffon.org.xpi [2017-10-05] [Legacy] [ist nicht signiert]
FF Extension: (Chinese Simplified (zh-CN) Language Pack) - C:\Users\BTA_AW-\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\d75ytnjn.default\Extensions\langpack-zh-CN@bluegriffon.org.xpi [2017-10-05] [Legacy] [ist nicht signiert]
FF Extension: (Traditional Chinese (zh-TW) Language Pack) - C:\Users\BTA_AW-\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\d75ytnjn.default\Extensions\langpack-zh-TW@bluegriffon.org.xpi [2017-10-05] [Legacy] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter3\FirefoxAddOns\netsight@nielsen.xpi => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-03-04] [Legacy] [ist nicht signiert]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-17] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-17] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2017-08-07] (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-09-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-09-14] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nielsen/FirefoxTracker -> C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter3\FirefoxAddOns\npfirefoxtracker.dll [Keine Datei]
FF Plugin-x32: @photodex.com/PhotodexPresenter -> C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll [2013-05-30] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
StartMenuInternet: FIREFOX.EXE - D:\Firefox\firefox.exe
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2957650136-178916342-3901743012-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S2 ABBYY.Licensing.PDFTransformer.Classic.3.0; D:\Abby\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [759048 2010-02-01] (ABBYY)
R2 ABBYY.Licensing.PDFTransformer.Classic.4.0; D:\Abbyy\ABBYY PDF Transformer+\NetworkLicenseServer.exe [965848 2015-06-22] (ABBYY Production LLC)
R3 ADSMService; C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe [225280 2008-03-31] (ASUSTek Computer Inc.) [Datei ist nicht signiert]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-10-11] (Apple Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-07-08] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-07-08] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51016 2017-12-05] (Dropbox, Inc.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144072 2015-10-07] (ELAN Microelectronics Corp.)
R2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2010-09-17] (Firebird Project) [Datei ist nicht signiert]
R2 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [3735552 2010-09-17] (Firebird Project) [Datei ist nicht signiert]
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-10-01] (Intel Corporation) [Datei ist nicht signiert]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-02-08] (Hewlett-Packard) [Datei ist nicht signiert]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-02-08] (Hewlett-Packard) [Datei ist nicht signiert]
R3 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-04-06] () [Datei ist nicht signiert]
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-10-01] (Intel Corporation) [Datei ist nicht signiert]
R2 vmware-converter-agent; D:\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [423576 2012-10-15] (VMware, Inc.)
R2 vmware-converter-server; D:\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [423576 2012-10-15] (VMware, Inc.)
R2 vmware-converter-worker; D:\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [423576 2012-10-15] (VMware, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\NisSrv.exe [356176 2017-12-07] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe [105792 2017-12-07] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
S3 bmdrvr; C:\Windows\SysWow64\drivers\bmdrvr.sys [74352 2011-03-15] (VMware, Inc.)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2014-11-02] (Emsisoft GmbH)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-10-04] ()
R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [15416 2009-07-20] ( )
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [192952 2017-10-18] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2017-12-17] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [45504 2017-12-17] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [252232 2017-11-15] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-12-17] (Malwarebytes)
R1 MpKsl86754805; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{33C715AE-35D4-45A9-9C06-2FF544985A0D}\MpKsl86754805.sys [58120 2017-12-17] (Microsoft Corporation)
S3 mtkmbim; C:\WINDOWS\System32\drivers\mtkmbim7_x64.sys [282448 2017-01-03] (MBB)
S3 phantomtap; C:\WINDOWS\System32\drivers\phantomtap.sys [45056 2017-05-18] (The OpenVPN Project)
S3 RRNetCap; C:\WINDOWS\system32\DRIVERS\rrnetcap.sys [37480 2013-01-14] (RapidSolution Software AG)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 seehcri; C:\WINDOWS\System32\drivers\seehcri.sys [34032 2008-01-09] (Sony Ericsson Mobile Communications)
R2 TurboB; C:\WINDOWS\System32\DRIVERS\TurboB.sys [13784 2009-08-06] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2017-12-07] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288848 2017-12-07] (Microsoft Corporation)
S3 wdf_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [82944 2017-01-03] (MBB)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2017-12-07] (Microsoft Corporation)
U3 idsvc; kein ImagePath
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-12-17 18:51 - 2017-12-17 18:51 - 000000000 ____D C:\FRST
2017-12-17 18:40 - 2017-12-17 18:51 - 000000000 ____D C:\Users\BTA_AW-\Desktop\Trojaner-Board.de
2017-12-17 18:22 - 2017-12-17 18:22 - 000000000 ___HD C:\OneDriveTemp
2017-12-17 18:07 - 2017-12-17 18:17 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2017-12-17 18:04 - 2017-12-17 18:04 - 000000000 ___SD C:\WINDOWS\UpdateAssistantV2
2017-12-12 21:45 - 2017-11-30 04:33 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\OOBEUpdater.exe
2017-12-12 21:45 - 2017-11-30 04:29 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-12-12 21:45 - 2017-11-30 04:23 - 001194248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-12-12 21:45 - 2017-11-30 04:00 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-12-12 21:45 - 2017-11-30 03:59 - 023678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-12-12 21:45 - 2017-11-30 03:58 - 006763128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-12-12 21:45 - 2017-11-30 03:58 - 000702032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-12-12 21:45 - 2017-11-30 03:57 - 001123968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-12-12 21:45 - 2017-11-30 03:45 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-12-12 21:45 - 2017-11-30 03:44 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-12-12 21:45 - 2017-11-30 03:44 - 019334144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-12-12 21:45 - 2017-11-30 03:44 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-12-12 21:45 - 2017-11-30 03:43 - 020511232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-12-12 21:45 - 2017-11-30 03:43 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-12-12 21:45 - 2017-11-30 03:43 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-12-12 21:45 - 2017-11-30 03:42 - 000560640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2017-12-12 21:45 - 2017-11-30 03:42 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2017-12-12 21:45 - 2017-11-30 03:42 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscript.ocx
2017-12-12 21:45 - 2017-11-30 03:42 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-12-12 21:45 - 2017-11-30 03:41 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-12-12 21:45 - 2017-11-30 03:41 - 000146944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscript.exe
2017-12-12 21:45 - 2017-11-30 03:40 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-12-12 21:45 - 2017-11-30 03:40 - 000585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-12-12 21:45 - 2017-11-30 03:40 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2017-12-12 21:45 - 2017-11-30 03:40 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrobj.dll
2017-12-12 21:45 - 2017-11-30 03:40 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscript.exe
2017-12-12 21:45 - 2017-11-30 03:39 - 011888640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-12-12 21:45 - 2017-11-30 03:38 - 008195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-12-12 21:45 - 2017-11-30 03:38 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-12-12 21:45 - 2017-11-30 03:38 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-12-12 21:45 - 2017-11-30 03:38 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-12-12 21:45 - 2017-11-30 03:37 - 006252544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-12-12 21:45 - 2017-11-30 03:37 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-12-12 21:45 - 2017-11-30 03:36 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-12-12 21:45 - 2017-11-30 03:36 - 004726784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-12-12 21:45 - 2017-11-30 03:36 - 003652096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-12-12 21:45 - 2017-11-30 03:36 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-12-12 21:45 - 2017-11-30 03:36 - 000755200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-12-12 21:45 - 2017-11-30 03:36 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-12-12 21:45 - 2017-11-30 03:35 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-12-12 21:45 - 2017-11-30 03:34 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-12-12 21:45 - 2017-11-17 10:31 - 000223640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-12-12 21:45 - 2017-11-17 10:00 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-12-12 21:44 - 2017-11-30 04:33 - 001144728 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-12-12 21:44 - 2017-11-30 04:33 - 001015704 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-12-12 21:44 - 2017-11-30 04:26 - 002647216 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-12-12 21:44 - 2017-11-30 04:24 - 000870896 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-12-12 21:44 - 2017-11-30 04:23 - 007910960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-12-12 21:44 - 2017-11-30 03:45 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-12-12 21:44 - 2017-11-30 03:44 - 000171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2017-12-12 21:44 - 2017-11-30 03:44 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2017-12-12 21:44 - 2017-11-30 03:43 - 000164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscript.exe
2017-12-12 21:44 - 2017-11-30 03:42 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-12-12 21:44 - 2017-11-30 03:42 - 000304640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2017-12-12 21:44 - 2017-11-30 03:42 - 000164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe
2017-12-12 21:44 - 2017-11-30 03:41 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-12-12 21:44 - 2017-11-30 03:41 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2017-12-12 21:44 - 2017-11-30 03:41 - 000222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll
2017-12-12 21:44 - 2017-11-30 03:39 - 003206656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-12-12 21:44 - 2017-11-30 03:39 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-12-12 21:44 - 2017-11-30 03:39 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-12-12 21:44 - 2017-11-30 03:38 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-12-12 21:44 - 2017-11-30 03:37 - 003306496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-12-12 21:44 - 2017-11-30 03:37 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-12-12 21:44 - 2017-11-30 03:36 - 001802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-12-12 21:44 - 2017-11-30 03:36 - 001398784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-12-12 21:44 - 2017-11-17 10:46 - 002032536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-12-12 21:44 - 2017-11-17 10:46 - 001578904 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-12-12 21:44 - 2017-11-17 10:46 - 000821656 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-12-12 21:44 - 2017-11-17 10:46 - 000678808 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-12-12 21:44 - 2017-11-17 10:46 - 000613784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-12-12 21:44 - 2017-11-17 10:46 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-12-12 21:44 - 2017-11-17 10:46 - 000484248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-12-12 21:44 - 2017-11-17 10:46 - 000379288 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-12-12 21:44 - 2017-11-17 10:46 - 000259992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-12-12 21:44 - 2017-11-17 10:46 - 000190360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-12-12 21:44 - 2017-11-17 10:46 - 000136088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-12-12 21:44 - 2017-11-17 10:46 - 000067992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2017-12-12 21:44 - 2017-11-17 10:46 - 000034712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-12-12 21:44 - 2017-11-17 10:41 - 000503704 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2017-12-12 21:44 - 2017-11-17 10:39 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-12-12 21:44 - 2017-11-17 10:39 - 000643200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-12-12 21:44 - 2017-11-17 10:37 - 021353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-12-12 21:44 - 2017-11-17 10:03 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-12-12 21:44 - 2017-11-17 09:59 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-12-12 21:44 - 2017-11-17 09:56 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-12-11 17:36 - 2017-12-11 18:02 - 000001708 _____ C:\Users\BTA_AW-\Downloads\Gospelprojekt 2017.zip
2017-12-08 19:28 - 2017-12-08 19:28 - 000007043 _____ C:\Users\BTA_AW-\AppData\Local\recently-used.xbel
2017-12-05 23:34 - 2017-12-05 23:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-12-05 02:06 - 2017-12-05 02:06 - 000051016 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-12-05 02:06 - 2017-12-05 02:06 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-12-05 02:06 - 2017-12-05 02:06 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-12-05 02:06 - 2017-12-05 02:06 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-12-04 18:38 - 2017-12-04 18:38 - 000423049 _____ C:\Users\BTA_AW-\Downloads\Maenneerweekend2018_web.pdf
2017-12-02 15:12 - 2017-12-02 15:12 - 000150586 _____ C:\Users\BTA_AW-\Downloads\doc(10).pdf
2017-12-02 15:12 - 2017-12-02 15:12 - 000149112 _____ C:\Users\BTA_AW-\Downloads\doc(9).pdf
2017-12-02 15:12 - 2017-12-02 15:12 - 000149111 _____ C:\Users\BTA_AW-\Downloads\doc(8).pdf
2017-12-02 15:12 - 2017-12-02 15:12 - 000149109 _____ C:\Users\BTA_AW-\Downloads\doc(11).pdf
2017-11-26 15:51 - 2017-11-26 15:51 - 000427256 _____ (Roadkil.Net ) C:\Users\BTA_AW-\Downloads\UnstopCpy_5_2_Win2K_UP_Setup.exe
2017-11-25 16:35 - 2017-11-25 16:35 - 000079579 _____ C:\Users\BTA_AW-\Downloads\eTicket_25112017163535_3377511_59735771.pdf
2017-11-25 16:31 - 2017-11-25 16:31 - 000079579 _____ C:\Users\BTA_AW-\Downloads\eTicket_25112017163137_3377511_59497459.pdf
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-12-17 18:33 - 2016-11-19 10:49 - 000000000 ____D C:\Users\BTA_AW-\AppData\LocalLow\Mozilla
2017-12-17 18:30 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\rescache
2017-12-17 18:22 - 2016-03-13 11:42 - 000000000 ___RD C:\Users\BTA_AW-\OneDrive
2017-12-17 18:21 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-12-17 18:21 - 2016-03-13 11:36 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-12-17 18:09 - 2017-07-18 13:56 - 000000000 ____D C:\Users\BTA_AW-
2017-12-17 18:07 - 2017-10-18 19:53 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-12-17 18:07 - 2017-10-18 19:53 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-12-17 18:07 - 2017-10-18 19:53 - 000045504 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-12-17 18:07 - 2017-07-18 13:50 - 000437600 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-12-17 18:06 - 2017-07-18 14:34 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-12-17 18:05 - 2017-03-18 12:40 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2017-12-17 18:04 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\SysWOW64\en-GB
2017-12-17 18:04 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-12-17 18:04 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\en-GB
2017-12-17 18:04 - 2017-03-18 22:01 - 000000000 ____D C:\WINDOWS\INF
2017-12-17 17:37 - 2017-03-18 22:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-12-17 17:34 - 2016-03-13 11:35 - 000000000 ____D C:\Users\BTA_AW-\AppData\Local\Packages
2017-12-17 17:29 - 2017-03-18 21:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-12-17 17:26 - 2017-07-18 13:50 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-12-17 17:09 - 2017-07-18 13:55 - 003325330 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-12-17 17:09 - 2017-03-20 05:35 - 001559454 _____ C:\WINDOWS\system32\perfh007.dat
2017-12-17 17:09 - 2017-03-20 05:35 - 000385326 _____ C:\WINDOWS\system32\perfc007.dat
2017-12-17 17:00 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-12-17 17:00 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-12-12 22:11 - 2013-08-14 12:43 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-12-12 22:00 - 2017-10-16 17:04 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-12-12 22:00 - 2011-03-25 11:10 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-12-12 21:14 - 2017-07-18 14:34 - 000004174 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7031A4AE-2238-4B34-989A-EB74E2386289}
2017-12-09 09:57 - 2017-09-23 09:23 - 000000000 ____D C:\Users\BTA_AW-\.gimp-2.8
2017-12-08 19:28 - 2016-11-22 21:50 - 000000000 ____D C:\Users\BTA_AW-\AppData\Local\gtk-2.0
2017-12-08 17:47 - 2017-08-20 22:53 - 000003380 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2957650136-178916342-3901743012-1000
2017-12-08 17:47 - 2016-03-13 11:42 - 000002442 _____ C:\Users\BTA_AW-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-12-05 23:34 - 2016-07-08 15:10 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-12-02 03:25 - 2017-03-18 22:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-12-02 03:25 - 2017-03-18 22:06 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-30 04:04 - 2009-07-29 07:03 - 000395310 __RSH C:\bootmgr
2017-11-22 17:28 - 2016-07-22 13:35 - 000545440 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-11-19 17:59 - 2017-11-02 20:52 - 000000000 ____D C:\Program Files\WinZip Smart Monitor
2017-11-19 17:58 - 2017-11-02 20:52 - 000000000 ____D C:\ProgramData\WinZip
2017-11-19 17:11 - 2011-03-24 18:37 - 000000000 ____D C:\Users\BTA_AW-\AppData\Roaming\Mozilla
2017-11-18 05:17 - 2012-08-15 18:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2013-02-25 18:13 - 2016-04-29 18:38 - 000021872 _____ () C:\Users\BTA_AW-\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
2011-12-27 18:28 - 2016-04-29 18:35 - 000021876 _____ () C:\Users\BTA_AW-\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
2013-04-26 16:56 - 2013-04-26 16:56 - 000022232 _____ () C:\Users\BTA_AW-\AppData\Roaming\Microsoft Excel 97-2003.ADR
2016-04-29 18:41 - 2016-04-29 18:41 - 000022426 _____ () C:\Users\BTA_AW-\AppData\Roaming\Tabulatorgetrennte Werte (Windows).ADR
2012-03-31 18:49 - 2013-01-14 17:11 - 000000000 _____ () C:\Users\BTA_AW-\AppData\Roaming\Woodwinds
2012-03-31 18:50 - 2013-01-14 17:12 - 000000000 _____ () C:\Users\BTA_AW-\AppData\Roaming\Work - Home
2012-03-31 18:49 - 2013-01-14 17:11 - 000000000 _____ () C:\Users\BTA_AW-\AppData\Roaming\Workflows
2017-12-08 19:28 - 2017-12-08 19:28 - 000007043 _____ () C:\Users\BTA_AW-\AppData\Local\recently-used.xbel
2013-01-26 20:06 - 2015-01-10 12:43 - 000007616 _____ () C:\Users\BTA_AW-\AppData\Local\Resmon.ResmonCfg
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-12-10 22:43
==================== Ende von FRST.txt ============================
|
|
| Themen zu mein System ist extrem langsam, es wird durch etwas ausgebremst das von malwarebytes nicht gefunden wird |
| administrator, bonjour, browser, canon, computer, converter, defender, desktop, excel, explorer, firefox, google, home, langsam, mozilla, pdf, prozesse, registry, rundll, scan, security, system, temp, usb, windows, windowsapps, winlogon.exe |
