Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   ?trackid=sp-004752 an jede Suche in Google Chrome angehängt (https://www.trojaner-board.de/175555-trackid-sp-004752-suche-google-chrome-angehaengt.html)

_kerstin_ 30.01.2016 20:23
?trackid=sp-004752 an jede Suche in Google Chrome angehängt
 
Liste der Anhänge anzeigen (Anzahl: 2)
Hallo,

ich habe folgendes Problem: In meinem Google Chrome wird bei jeder Suche über die Adresszeile ?trackid=sp-004752 angehängt.

Ich habe mir schon Malewarebites Antimaleware heruntergeladen und einen Scandurchlauf damit gemacht. Und den Avast Browser Cleanup habe ich auch geladen. Die Dateien sind im Anhang.

Und hier die FRST
Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
durchgeführt von Kerstin (Administrator) auf VAIO (30-01-2016 14:10:49)
Gestartet von C:\Users\Kerstin\Desktop
Geladene Profile: Kerstin (Verfügbare Profile: Kerstin & DefaultAppPool)
Platform: Windows 10 Home (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
() C:\Users\Kerstin\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Akamai Technologies, Inc.) C:\Users\Kerstin\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Kerstin\AppData\Local\Akamai\netsession_win.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD15Agent.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(AVAST Software) C:\Users\Kerstin\AppData\Roaming\AVAST Software\Browser Cleanup\bcusched.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAdmin.exe
(iolo technologies, LLC) C:\Program Files\Sony\VAIO Care\Iolo\ioloTools.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.122.14020.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.19020.0_x64__8wekyb3d8bbwe\Calculator.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Swiss Academic Software) C:\Program Files (x86)\Citavi 5\bin\Citavi.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2012-03-13] (Realtek Semiconductor)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [177936 2012-02-17] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\athbttray.exe [801920 2012-04-28] (Atheros Commnucations)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954368 2015-10-23] (Synaptics Incorporated)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [60552 2011-09-20] (Sony Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-04-09] (Intel Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => c:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [693608 2012-02-21] (Sony Corporation)
HKLM-x32\...\Run: [ContentTransferWMDetector.exe] => C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe [583016 2009-11-19] (Sony Corporation)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-12-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [803200 2015-12-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [14960 2016-01-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PowerDVD15Agent] => C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD15Agent.exe [950296 2015-03-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24952376 2015-12-22] (Dropbox, Inc.)
HKU\S-1-5-21-1366167738-2161922973-1286636927-1001\...\Run: [Amazon Music] => C:\Users\Kerstin\AppData\Local\Amazon Music\Amazon Music Helper.exe [5890368 2015-12-15] ()
HKU\S-1-5-21-1366167738-2161922973-1286636927-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1366167738-2161922973-1286636927-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Kerstin\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1366167738-2161922973-1286636927-1001\...\RunOnce: [Uninstall C:\Users\Kerstin\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Kerstin\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-1366167738-2161922973-1286636927-1001\...\RunOnce: [Uninstall C:\Users\Kerstin\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Kerstin\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
HKU\S-1-5-21-1366167738-2161922973-1286636927-1001\...\MountPoints2: {b279a196-aace-11e5-8d77-30f9edb3b1dd} - "I:\LaunchU3.exe" -a
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [MOBK649] -> {7d7a9cff-a4c1-f2b8-7421-c722f7eac08a} => C:\Program Files (x86)\McAfee Online Backup\MOBK649shell.dll [2011-04-18] (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK6492] -> {658e5c17-2ba4-ed79-d884-37ebe15e7b9b} => C:\Program Files (x86)\McAfee Online Backup\MOBK649shell.dll [2011-04-18] (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK6493] -> {22f1b264-d4dd-ef46-08eb-3eb0c80441ba} => C:\Program Files (x86)\McAfee Online Backup\MOBK649shell.dll [2011-04-18] (McAfee, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{4028513f-9b13-4011-859e-9228c8393dcc}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{f563fc56-43a8-402e-b162-a5931a41b302}: [DhcpNameServer] 10.156.33.53 141.40.103.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1366167738-2161922973-1286636927-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startseite24.net
HKU\S-1-5-21-1366167738-2161922973-1286636927-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://sony.msn.com
HKU\S-1-5-21-1366167738-2161922973-1286636927-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://sony.msn.com
SearchScopes: HKLM -> DefaultScope {13CA5C5E-58A7-4C37-9638-5CC6844E2199} URL = hxxp://www.startseite24.net/?q={searchTerms}
SearchScopes: HKLM -> {13CA5C5E-58A7-4C37-9638-5CC6844E2199} URL = hxxp://www.startseite24.net/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1366167738-2161922973-1286636927-1001 -> DefaultScope {13CA5C5E-58A7-4C37-9638-5CC6844E2199} URL = hxxp://www.startseite24.net/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1366167738-2161922973-1286636927-1001 -> {13CA5C5E-58A7-4C37-9638-5CC6844E2199} URL = hxxp://www.startseite24.net/?q={searchTerms}
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-01-18] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-04-28] (Atheros Commnucations)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-01-18] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll [2009-09-22] (TerraTec Electronic GmbH)

FireFox:
========
FF ProfilePath: C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\NsWAs5vb.default
FF SearchEngineOrder.1: Ask
FF SelectedSearchEngine: webssearches
FF Homepage: hxxps://www.google.de/?gws_rd=ssl
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-19] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll [2015-01-18] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-19] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-03-13] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-03-13] (Intel Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll [2015-01-18] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files (x86)\Sony\MSS\3.8.130\npMcAfeeMss.dll [Keine Datei]
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll [2011-08-02] (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\NsWAs5vb.default\searchplugins\google-images.xml [2014-11-20]
FF SearchPlugin: C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\NsWAs5vb.default\searchplugins\google-maps.xml [2014-11-20]
FF SearchPlugin: C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\NsWAs5vb.default\searchplugins\websuche.xml [2015-07-08]
FF Extension: Citavi Picker - C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\NsWAs5vb.default\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE} [2016-01-11]
FF Extension: Avira Browser Safety - C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\NsWAs5vb.default\Extensions\abs@avira.com [2016-01-26]
FF Extension: Microsoft Choice Guard - C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\NsWAs5vb.default\Extensions\ChoiceGuard@Microsoft [2015-01-18] [ist nicht signiert]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\NsWAs5vb.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-06-07] [ist nicht signiert]
FF Extension: Adblock Plus - C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\NsWAs5vb.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-19]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2015-11-12]

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com/?trackid=sp-004752
CHR StartupUrls: Default -> "hxxps://www.google.com/?trackid=sp-004752"
CHR DefaultSearchURL: Default -> hxxps://www.google.de/search?q={searchTerms}?trackid=sp-004752
CHR DefaultSuggestURL: Default -> hxxps://www.google.com/complete/search?client=chrome&q={searchTerms}
CHR Profile: C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-12]
CHR Extension: (Google Docs) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-12]
CHR Extension: (Google Drive) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-12]
CHR Extension: (YouTube) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-12]
CHR Extension: (Adblock Plus) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-01-17]
CHR Extension: (Google-Suche) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-12]
CHR Extension: (Google Tabellen) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-12]
CHR Extension: (Avira Browserschutz) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-01-29]
CHR Extension: (Google Docs Offline) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-12]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-12]
CHR Extension: (Citavi Picker) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgndokldibnndfnjnagojmheejlengn [2016-01-12]
CHR Extension: (Google Mail) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-12]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <nicht gefunden>
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [948392 2015-12-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [466408 2015-12-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [466408 2015-12-03] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1418560 2015-12-03] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [251160 2015-12-08] (Avira Operations GmbH & Co. KG)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-29] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-29] (Dropbox, Inc.)
S3 DCDhcpService; C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [112256 2012-03-21] (Atheros Communication Inc.) [Datei ist nicht signiert]
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2015-02-04] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-13] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-03-13] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.8.130\McCHSvc.exe [235216 2013-10-16] (McAfee, Inc.)
R2 PMBDeviceInfoProvider; c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [473960 2012-02-21] (Sony Corporation)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2015-02-04] (Intel Corporation)
R2 SpeedupService; C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe [24224 2016-01-04] (Avira Operations GmbH & Co. KG)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Datei ist nicht signiert]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255168 2015-10-23] (Synaptics Incorporated)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2015-02-04] (Intel Corporation)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [960160 2011-12-29] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1653272 2015-07-31] (Sony Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [163456 2012-04-28] (Atheros) [Datei ist nicht signiert]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 AF9035BDA; C:\Windows\system32\DRIVERS\AF15BDA.sys [514144 2009-10-02] (ITETech                  )
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [135880 2015-12-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [146696 2015-12-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2015-12-03] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [73032 2015-12-03] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2015-01-21] (Disc Soft Ltd)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-06-18] (Realtek                                            )
R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2015-08-05] ()
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [51392 2015-10-23] (Synaptics Incorporated)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-11-19] (Cisco Systems, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
R2 {687703DE-DC6D-4649-892B-B8497854A6AB}; C:\Program Files (x86)\CyberLink\PowerDVD15\Common\NavFilter\000.fcl [29896 2015-03-19] (CyberLink Corp.)
U3 idsvc; kein ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-01-30 14:10 - 2016-01-30 14:11 - 00033796 _____ C:\Users\Kerstin\Desktop\FRST.txt
2016-01-30 14:10 - 2016-01-30 14:10 - 00000000 ____D C:\FRST
2016-01-30 14:07 - 2016-01-30 14:10 - 02370560 _____ (Farbar) C:\Users\Kerstin\Desktop\FRST64.exe
2016-01-30 13:38 - 2016-01-30 13:38 - 00016148 _____ C:\WINDOWS\system32\VAIO_Kerstin_HistoryPrediction.bin
2016-01-30 12:41 - 2016-01-30 12:45 - 00000000 ___HD C:\$WINDOWS.~BT
2016-01-29 17:40 - 2016-01-29 17:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-01-29 17:38 - 2016-01-30 13:43 - 00001226 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-01-29 17:38 - 2016-01-30 11:20 - 00001222 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-01-29 17:38 - 2016-01-29 17:40 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-01-29 17:38 - 2016-01-29 17:38 - 00004286 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2016-01-29 17:38 - 2016-01-29 17:38 - 00004054 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2016-01-25 14:30 - 2016-01-25 14:30 - 00002501 _____ C:\Users\Public\Desktop\PRIMER 7.lnk
2016-01-25 14:30 - 2016-01-25 14:30 - 00000000 ____D C:\ProgramData\PRIMER-E
2016-01-25 14:30 - 2016-01-25 14:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PRIMER 7
2016-01-25 14:30 - 2016-01-25 14:30 - 00000000 ____D C:\Program Files (x86)\PRIMER-E
2016-01-22 21:45 - 2016-01-22 21:46 - 00000000 ____D C:\Users\Public\Documents\CyberLink
2016-01-22 21:44 - 2016-01-22 21:44 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 15
2016-01-22 21:44 - 2016-01-22 21:44 - 00000000 ____D C:\ProgramData\PDVD
2016-01-22 21:44 - 2016-01-22 21:44 - 00000000 ____D C:\Program Files (x86)\NSIS Uninstall Information
2016-01-22 21:41 - 2016-01-22 21:41 - 00000000 ____D C:\ProgramData\SUPPORTDIR
2016-01-22 21:41 - 2016-01-22 21:41 - 00000000 ____D C:\ProgramData\install_clap
2016-01-22 21:38 - 2016-01-22 21:41 - 164277560 _____ C:\Users\Kerstin\Downloads\PowerDVD_15.0.1510.58_DVD150306-02.exe
2016-01-22 21:35 - 2016-01-22 21:37 - 00000000 ____D C:\Users\Kerstin\AppData\Roaming\vlc
2016-01-22 21:35 - 2016-01-22 21:35 - 00000000 ____D C:\Users\Kerstin\AppData\Roaming\dvdcss
2016-01-22 21:35 - 2016-01-22 21:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-01-22 21:34 - 2016-01-22 21:34 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2016-01-19 20:55 - 2016-01-19 20:55 - 822679159 _____ C:\WINDOWS\MEMORY.DMP
2016-01-19 20:55 - 2016-01-19 20:55 - 00275192 _____ C:\WINDOWS\Minidump\011916-45859-01.dmp
2016-01-17 14:07 - 2016-01-05 04:07 - 02463704 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-01-17 14:07 - 2016-01-05 04:07 - 00377592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP4SDECD.DLL
2016-01-17 14:07 - 2016-01-05 04:06 - 08022368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-01-17 14:07 - 2016-01-05 04:06 - 01991120 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVENCOD.DLL
2016-01-17 14:07 - 2016-01-05 04:06 - 01270104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-01-17 14:07 - 2016-01-05 04:06 - 01063504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2016-01-17 14:07 - 2016-01-05 04:06 - 00119800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-01-17 14:07 - 2016-01-05 04:04 - 02824248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2016-01-17 14:07 - 2016-01-05 04:04 - 02641928 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2016-01-17 14:07 - 2016-01-05 04:04 - 01591848 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-17 14:07 - 2016-01-05 04:04 - 01150816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-17 14:07 - 2016-01-05 04:04 - 00862056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-01-17 14:07 - 2016-01-05 04:04 - 00787720 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-01-17 14:07 - 2016-01-05 04:04 - 00784136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-17 14:07 - 2016-01-05 04:04 - 00779928 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-17 14:07 - 2016-01-05 04:04 - 00772448 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-17 14:07 - 2016-01-05 04:04 - 00751992 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOE.DLL
2016-01-17 14:07 - 2016-01-05 04:04 - 00667856 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-17 14:07 - 2016-01-05 04:04 - 00250520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPG4DECD.DLL
2016-01-17 14:07 - 2016-01-05 04:04 - 00249464 _____ (Microsoft Corporation) C:\WINDOWS\system32\RESAMPLEDMO.DLL
2016-01-17 14:07 - 2016-01-05 04:04 - 00243248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-01-17 14:07 - 2016-01-05 04:04 - 00233992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2016-01-17 14:07 - 2016-01-05 04:04 - 00115704 _____ (Microsoft Corporation) C:\WINDOWS\system32\VIDRESZR.DLL
2016-01-17 14:07 - 2016-01-05 04:04 - 00090912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devenum.dll
2016-01-17 14:07 - 2016-01-05 04:04 - 00083704 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfvdsp.dll
2016-01-17 14:07 - 2016-01-05 03:59 - 00781976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-01-17 14:07 - 2016-01-05 03:52 - 00441696 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-17 14:07 - 2016-01-05 03:50 - 01817064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-01-17 14:07 - 2016-01-05 03:50 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-01-17 14:07 - 2016-01-05 03:50 - 00723648 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-01-17 14:07 - 2016-01-05 03:50 - 00345080 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSDECD.DLL
2016-01-17 14:07 - 2016-01-05 03:50 - 00251544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP43DECD.DLL
2016-01-17 14:07 - 2016-01-05 03:50 - 00205072 _____ (Microsoft Corporation) C:\WINDOWS\system32\COLORCNV.DLL
2016-01-17 14:07 - 2016-01-05 03:31 - 01365576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-17 14:07 - 2016-01-05 03:30 - 02459096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2016-01-17 14:07 - 2016-01-05 03:30 - 02162064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVENCOD.DLL
2016-01-17 14:07 - 2016-01-05 03:30 - 02152744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-17 14:07 - 2016-01-05 03:30 - 01106872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-17 14:07 - 2016-01-05 03:30 - 00882208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2016-01-17 14:07 - 2016-01-05 03:30 - 00368776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP4SDECD.DLL
2016-01-17 14:07 - 2016-01-05 03:30 - 00232896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL
2016-01-17 14:07 - 2016-01-05 03:30 - 00100712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-17 14:07 - 2016-01-05 03:29 - 00208688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2016-01-17 14:07 - 2016-01-05 03:28 - 02445128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2016-01-17 14:07 - 2016-01-05 03:28 - 00714808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-17 14:07 - 2016-01-05 03:28 - 00696192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOE.DLL
2016-01-17 14:07 - 2016-01-05 03:28 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-17 14:07 - 2016-01-05 03:28 - 00645144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-17 14:07 - 2016-01-05 03:28 - 00635312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-17 14:07 - 2016-01-05 03:28 - 00497896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-17 14:07 - 2016-01-05 03:28 - 00277400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MPG4DECD.DLL
2016-01-17 14:07 - 2016-01-05 03:28 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-01-17 14:07 - 2016-01-05 03:28 - 00107952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VIDRESZR.DLL
2016-01-17 14:07 - 2016-01-05 03:28 - 00082096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devenum.dll
2016-01-17 14:07 - 2016-01-05 03:28 - 00072808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfvdsp.dll
2016-01-17 14:07 - 2016-01-05 03:21 - 00658528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-01-17 14:07 - 2016-01-05 03:18 - 21873152 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-01-17 14:07 - 2016-01-05 03:15 - 24592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-01-17 14:07 - 2016-01-05 03:15 - 00931328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2016-01-17 14:07 - 2016-01-05 03:15 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-01-17 14:07 - 2016-01-05 03:15 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
2016-01-17 14:07 - 2016-01-05 03:10 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfh264enc.dll
2016-01-17 14:07 - 2016-01-05 03:10 - 00305776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSDECD.DLL
2016-01-17 14:07 - 2016-01-05 03:10 - 00278424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP43DECD.DLL
2016-01-17 14:07 - 2016-01-05 03:10 - 00188032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\COLORCNV.DLL
2016-01-17 14:07 - 2016-01-05 03:09 - 01234944 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-01-17 14:07 - 2016-01-05 03:09 - 00205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-01-17 14:07 - 2016-01-05 03:02 - 01672192 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-17 14:07 - 2016-01-05 03:02 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-01-17 14:07 - 2016-01-05 03:02 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-01-17 14:07 - 2016-01-05 03:01 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-01-17 14:07 - 2016-01-05 03:00 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-01-17 14:07 - 2016-01-05 03:00 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-01-17 14:07 - 2016-01-05 02:59 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-01-17 14:07 - 2016-01-05 02:57 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-01-17 14:07 - 2016-01-05 02:57 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-01-17 14:07 - 2016-01-05 02:57 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-01-17 14:07 - 2016-01-05 02:56 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-01-17 14:07 - 2016-01-05 02:51 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-01-17 14:07 - 2016-01-05 02:51 - 01009664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-01-17 14:07 - 2016-01-05 02:51 - 00634368 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVXENCD.DLL
2016-01-17 14:07 - 2016-01-05 02:51 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFWMAAEC.DLL
2016-01-17 14:07 - 2016-01-05 02:51 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSENCD.DLL
2016-01-17 14:07 - 2016-01-05 02:44 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-01-17 14:07 - 2016-01-05 02:44 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll
2016-01-17 14:07 - 2016-01-05 02:43 - 19324928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-01-17 14:07 - 2016-01-05 02:42 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2016-01-17 14:07 - 2016-01-05 02:38 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfh264enc.dll
2016-01-17 14:07 - 2016-01-05 02:32 - 01541632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-17 14:07 - 2016-01-05 02:32 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-01-17 14:07 - 2016-01-05 02:31 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-17 14:07 - 2016-01-05 02:31 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-17 14:07 - 2016-01-05 02:30 - 18802176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-01-17 14:07 - 2016-01-05 02:29 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-01-17 14:07 - 2016-01-05 02:29 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-01-17 14:07 - 2016-01-05 02:26 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-17 14:07 - 2016-01-05 02:24 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-01-17 14:07 - 2016-01-05 02:20 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-17 14:07 - 2016-01-05 02:19 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-17 14:07 - 2016-01-05 02:19 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVXENCD.DLL
2016-01-17 14:07 - 2016-01-05 02:19 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSENCD.DLL
2016-01-17 14:07 - 2016-01-05 02:19 - 00404992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFWMAAEC.DLL
2016-01-17 13:19 - 2016-01-17 14:41 - 00000000 ____D C:\AdwCleaner
2016-01-17 12:56 - 2016-01-17 12:57 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-01-17 12:56 - 2016-01-17 12:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-17 12:56 - 2016-01-17 12:56 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-17 12:56 - 2016-01-17 12:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-17 12:56 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-01-17 12:56 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-01-17 12:56 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-01-17 11:39 - 2016-01-17 11:39 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2016-01-17 11:39 - 2016-01-17 11:39 - 00000000 _SHDL C:\Users\DefaultAppPool\Vorlagen
2016-01-17 11:39 - 2016-01-17 11:39 - 00000000 _SHDL C:\Users\DefaultAppPool\Startmenü
2016-01-17 11:39 - 2016-01-17 11:39 - 00000000 _SHDL C:\Users\DefaultAppPool\Netzwerkumgebung
2016-01-17 11:39 - 2016-01-17 11:39 - 00000000 _SHDL C:\Users\DefaultAppPool\Lokale Einstellungen
2016-01-17 11:39 - 2016-01-17 11:39 - 00000000 _SHDL C:\Users\DefaultAppPool\Eigene Dateien
2016-01-17 11:39 - 2016-01-17 11:39 - 00000000 _SHDL C:\Users\DefaultAppPool\Druckumgebung
2016-01-17 11:39 - 2016-01-17 11:39 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\Eigene Videos
2016-01-17 11:39 - 2016-01-17 11:39 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\Eigene Musik
2016-01-17 11:39 - 2016-01-17 11:39 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\Eigene Bilder
2016-01-17 11:39 - 2016-01-17 11:39 - 00000000 _SHDL C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2016-01-17 11:39 - 2016-01-17 11:39 - 00000000 _SHDL C:\Users\DefaultAppPool\AppData\Local\Verlauf
2016-01-17 11:39 - 2016-01-17 11:39 - 00000000 _SHDL C:\Users\DefaultAppPool\AppData\Local\Anwendungsdaten
2016-01-17 11:39 - 2016-01-17 11:39 - 00000000 _SHDL C:\Users\DefaultAppPool\Anwendungsdaten
2016-01-17 11:39 - 2016-01-17 11:39 - 00000000 ____D C:\Users\DefaultAppPool
2016-01-17 11:39 - 2015-12-18 21:42 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\ATI
2016-01-17 11:39 - 2015-12-18 21:42 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Local\ATI
2016-01-17 11:39 - 2015-10-23 17:19 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Media Center Programs
2016-01-17 11:39 - 2015-10-23 17:19 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Local\Microsoft Help
2016-01-15 14:29 - 2016-01-15 14:29 - 00001000 _____ C:\Users\Kerstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Masterarbeit.lnk
2016-01-15 09:46 - 2016-01-15 14:29 - 00000886 _____ C:\Users\Kerstin\Desktop\Masterarbeit.lnk
2016-01-14 20:05 - 2016-01-14 20:05 - 00000000 ____D C:\Users\Kerstin\AppData\Local\Avira
2016-01-14 19:40 - 2016-01-14 19:40 - 00000000 ____D C:\Users\Kerstin\AppData\Local\AviraSpeedup
2016-01-14 17:34 - 2016-01-27 08:03 - 00000000 ____D C:\Users\Public\Speedup Sessions
2016-01-14 17:34 - 2016-01-14 17:34 - 00003430 _____ C:\WINDOWS\System32\Tasks\Avira System Speedup Tray
2016-01-14 17:34 - 2016-01-14 17:34 - 00000000 ____D C:\Users\Kerstin\AppData\Roaming\Avira
2016-01-14 17:30 - 2015-12-03 15:24 - 00146696 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2016-01-14 17:30 - 2015-12-03 15:24 - 00135880 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2016-01-14 17:30 - 2015-12-03 15:24 - 00073032 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2016-01-14 17:30 - 2015-12-03 15:24 - 00035488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2016-01-14 17:23 - 2016-01-14 17:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-01-12 17:07 - 2016-01-14 20:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-01-11 20:03 - 2016-01-11 20:03 - 00000000 ____D C:\Users\Kerstin\AppData\Local\{3F02AF43-C197-4042-AEBB-82A4EBDEE4B3}
2016-01-10 22:29 - 2016-01-19 20:55 - 00000000 ____D C:\WINDOWS\Minidump

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-01-30 13:15 - 2015-01-18 15:17 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-30 12:53 - 2015-01-18 19:55 - 00001124 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-30 12:51 - 2015-11-12 21:22 - 00000000 ____D C:\Users\Kerstin\Documents\Citavi 5
2016-01-30 12:48 - 2015-10-23 17:59 - 00000000 ___DC C:\WINDOWS\Panther
2016-01-29 21:45 - 2015-01-21 11:06 - 00000000 ____D C:\Users\Kerstin\AppData\Roaming\Dropbox
2016-01-29 18:35 - 2015-09-21 21:44 - 00000000 ____D C:\Users\Kerstin\AppData\Local\Dropbox
2016-01-29 17:55 - 2015-07-30 23:42 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-29 17:55 - 2015-07-30 23:42 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-29 17:48 - 2015-07-30 22:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-29 17:48 - 2015-07-10 10:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-01-29 12:38 - 2015-10-23 17:07 - 02077126 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-29 12:38 - 2015-09-10 06:10 - 00884826 _____ C:\WINDOWS\system32\perfh007.dat
2016-01-29 12:38 - 2015-09-10 06:10 - 00195924 _____ C:\WINDOWS\system32\perfc007.dat
2016-01-29 12:38 - 2015-07-30 23:40 - 00000000 ____D C:\WINDOWS\INF
2016-01-29 08:32 - 2015-01-18 19:56 - 00002264 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-01-27 20:33 - 2015-04-21 14:52 - 00000000 ____D C:\Users\Kerstin\AppData\Local\RStudio-Desktop
2016-01-27 10:10 - 2015-10-23 17:08 - 00000000 ____D C:\Users\Kerstin
2016-01-27 08:59 - 2015-12-17 09:21 - 00000000 ____D C:\Users\Kerstin\Desktop\Kram
2016-01-26 21:42 - 2015-07-30 23:42 - 00000000 ____D C:\WINDOWS\rescache
2016-01-25 14:30 - 2015-10-23 17:04 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-22 21:55 - 2015-03-07 13:20 - 00000000 ____D C:\Users\Kerstin\AppData\Roaming\CyberLink
2016-01-22 21:55 - 2015-01-18 15:22 - 00000000 ____D C:\ProgramData\CyberLink
2016-01-22 21:45 - 2015-03-07 13:20 - 00000000 ____D C:\Users\Kerstin\Documents\CyberLink
2016-01-22 21:44 - 2015-03-07 13:20 - 00000000 ____D C:\Users\Kerstin\AppData\Local\Cyberlink
2016-01-22 21:44 - 2015-01-18 14:52 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-01-22 21:42 - 2015-01-18 15:21 - 00000000 ____D C:\Program Files (x86)\CyberLink
2016-01-22 20:28 - 2015-01-18 15:21 - 00000000 ____D C:\ProgramData\Temp
2016-01-21 09:06 - 2015-10-23 17:41 - 00000000 ____D C:\Users\Kerstin\AppData\Local\Packages
2016-01-20 15:33 - 2015-01-21 12:01 - 00000000 ____D C:\Users\Kerstin\AppData\Roaming\Skype
2016-01-19 20:55 - 2015-10-23 17:27 - 00153072 ____N (CyberLink Corp.) C:\WINDOWS\system32\Drivers\rikvm_9EC60124.sys
2016-01-18 08:14 - 2015-07-30 23:25 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-17 11:48 - 2015-07-30 22:49 - 04936160 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-01-14 21:52 - 2015-01-18 16:03 - 00112272 _____ C:\Users\Kerstin\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-14 20:59 - 2015-10-23 13:33 - 00000000 ____D C:\Program Files (x86)\MozBackup
2016-01-14 20:59 - 2015-06-02 18:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-14 20:59 - 2015-01-20 17:23 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-01-14 20:59 - 2015-01-18 21:15 - 00000000 ____D C:\Users\Kerstin\AppData\Local\CrashDumps
2016-01-14 20:58 - 2015-07-30 23:42 - 00000000 ____D C:\WINDOWS\system32\MsDtc
2016-01-14 17:34 - 2015-01-18 20:09 - 00000000 ____D C:\ProgramData\Avira
2016-01-14 17:34 - 2015-01-18 20:09 - 00000000 ____D C:\Program Files (x86)\Avira
2016-01-14 17:18 - 2015-01-18 21:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-14 14:00 - 2015-01-21 11:17 - 00000000 ____D C:\Users\Kerstin\AppData\Local\Amazon Music
2016-01-11 22:45 - 2015-11-12 21:22 - 00000000 ____D C:\Users\Kerstin\AppData\Roaming\Swiss Academic Software
2016-01-05 09:51 - 2015-01-23 08:59 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP
2016-01-03 02:40 - 2015-07-30 23:43 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-01-03 02:40 - 2015-07-30 23:43 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-02-13 12:34 - 2015-08-31 12:11 - 0000132 _____ () C:\Users\Kerstin\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-01-20 14:59 - 2015-01-20 14:59 - 0002880 _____ () C:\Users\Kerstin\AppData\Local\WiDiSetupLog.20150120.145917.txt

Einige Dateien in TEMP:
====================
C:\Users\Kerstin\AppData\Local\Temp\avgnt.exe
C:\Users\Kerstin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppmqosv.dll
C:\Users\Kerstin\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-01-29 09:15

==================== Ende von FRST.txt ============================
und Addition:
Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:27-01-2016
durchgeführt von Kerstin (2016-01-30 14:12:17)
Gestartet von C:\Users\Kerstin\Desktop
Windows 10 Home (X64) (2015-10-23 16:40:50)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-1366167738-2161922973-1286636927-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1366167738-2161922973-1286636927-503 - Limited - Disabled)
Gast (S-1-5-21-1366167738-2161922973-1286636927-501 - Limited - Disabled)
Kerstin (S-1-5-21-1366167738-2161922973-1286636927-1001 - Administrator - Enabled) => C:\Users\Kerstin

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}) (Version: 9.0.0 - Adobe Systems)
Adobe Acrobat 9 Pro Extended 64-bit Add-On (HKLM\...\{AC76BA86-1033-0000-0064-0003D0000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Creative Suite 5 Master Collection (HKLM-x32\...\{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-1366167738-2161922973-1286636927-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Amazon Music (HKU\S-1-5-21-1366167738-2161922973-1286636927-1001\...\Amazon Amazon Music) (Version: 4.0.0.1205 - Amazon Services LLC)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{EBF1529E-D2D5-47CF-97EC-7D90CEF0FE04}) (Version: 3.0.859.0 - Advanced Micro Devices, Inc.)
ArcGIS 10.3.1 for Desktop (HKLM-x32\...\ArcGIS 10.3.1 for Desktop) (Version: 10.3.4959 - Environmental Systems Research Institute, Inc.)
ArcGIS 10.3.1 for Desktop (x32 Version: 10.3.4959 - Environmental Systems Research Institute, Inc.) Hidden
ArcGIS Editor for OpenStreetMap (HKLM-x32\...\{3B46855B-DCBA-44A1-ADB3-CC7C5D43F42D}) (Version: 10.3.0.13 - ESRI)
ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{61438020-DDD4-42FA-99A2-50225441980A}) (Version: 2.0.1.161 - ArcSoft)
ArcSoft WebCam Companion 4 (HKLM-x32\...\{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}) (Version: 4.0.21.457 - ArcSoft)
ASTERICS 4.0.4 (HKLM-x32\...\{F66B9ED8-DB45-4A0C-BE7B-513BE9E28226}) (Version: 4.0.4 - University Duisburg-Essen, Germany)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.135 - Atheros)
Avast Browser Cleanup (HKU\S-1-5-21-1366167738-2161922973-1286636927-1001\...\Avast Browser Cleanup) (Version: 10.3.2223.101 - AVAST Software)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.15.129 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{eac7da46-2097-4dd4-80a6-8b67cbb2b23f}) (Version: 1.1.53.13962 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.53.13962 - Avira Operations GmbH & Co. KG) Hidden
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 2.0.10.1066 - Avira Operations GmbH & Co. KG)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.6.5931 - CDBurnerXP)
Cinergy T Stick MKII V9.06.3.01 (HKLM-x32\...\Cinergy T Stick MKII) (Version: 9.06.3.01 - )
Citavi 5 (HKLM-x32\...\{7EB278FB-0C3C-445E-8665-4A6CDD9B794E}) (Version: 5.2.0.8 - Swiss Academic Software)
Content Transfer (HKLM-x32\...\{CFADE4AF-C0CF-4A04-A776-741318F1658F}) (Version: 1.3.0.23190 - Sony Corporation)
CyberLink PowerDVD 15 (HKLM-x32\...\{DE85B8F3-D088-4D6E-A970-EE0BC7883A66}) (Version: 15.0.1510.58 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.12.6 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.77 - Dropbox, Inc.) Hidden
Duden-Rechtschreibprüfung (HKLM-x32\...\{2085B2F0-3806-4E3C-933B-45212C1EAC80}) (Version: 9.0.0 - Bibliographisches Institut GmbH)
DVBViewer TERRATEC Edition (HKLM-x32\...\DVBViewer TERRATEC Edition_is1) (Version:  - CM&V)
Echo of Soul (HKLM-x32\...\Echo of Soul) (Version:  - )
FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
FreeCommander XE (HKLM-x32\...\FreeCommander XE_is1) (Version:  - Marek Jasinski)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.97 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{520C4DD4-2BC7-409B-BA48-E1A4F832662D}) (Version: 2.1.0.0140 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
Intel® PROSet/Wireless WiFi-Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0642 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Java(TM) 7 Update 1 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417001FF}) (Version: 7.0.10 - Oracle)
Java(TM) 7 Update 1 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217001FF}) (Version: 7.0.10 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
KUx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Media Gallery (HKLM\...\{0EB7792D-EFA2-42AB-9A22-F33D9458E974}) (Version: 2.1.0.13300 - Sony Corporation)
Media Go (HKLM-x32\...\{167A1F6A-9BF2-4B24-83DB-C6D659F680EA}) (Version: 2.0.317 - Sony)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
Mozilla Thunderbird 38.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 38.5.0 (x86 de)) (Version: 38.5.0 - Mozilla)
Mozilla Thunderbird 38.5.1 (x86 de) (HKU\S-1-5-21-1366167738-2161922973-1286636927-1001\...\Mozilla Thunderbird 38.5.1 (x86 de)) (Version: 38.5.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PlayMemories Home (HKLM-x32\...\{E03CD71A-F595-49DF-9ADC-0CFC93B1B211}) (Version: 6.1.01.14210 - Sony Corporation)
PlayMemories Home/PMB VAIO Edition Plug-in 3D Theme Data (x32 Version: 1.0.00.16130 - Sony Corporation) Hidden
PlayMemories Home/PMB VAIO Edition Plug-in Ver.2.2 Upgrade Program (x32 Version: 2.2.00.18250 - Sony Corporation) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PRIMER 7 (HKLM-x32\...\{392f5a02-0dd2-4ff7-a561-1b487ad88f02}) (Version: 7.0.10.0 - PRIMER-E)
PRIMER 7 (x32 Version: 7.0.10.0 - PRIMER-E) Hidden
PYV_x86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Qualcomm Atheros Direct Connect (x32 Version: 3.1 - Qualcomm Atheros) Hidden
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{E727B31A-8B24-4C1C-934A-69634E0D2C0B}) (Version: 3.0 - Qualcomm Atheros)
R for Windows 3.2.0 (HKLM\...\R for Windows 3.2.0_is1) (Version: 3.2.0 - R Core Team)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6564 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.91 - Realtek Semiconductor Corp.)
Remote Keyboard (x32 Version: 1.2.0.09270 - Sony Corporation) Hidden
RStudio (HKLM-x32\...\RStudio) (Version: 0.98.1103 - RStudio)
Skype™ 7.14 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.14.106 - Skype Technologies S.A.)
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.15.2 - Synaptics Incorporated)
TerraTec Home Cinema (HKLM-x32\...\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}) (Version: 6.11.5 - )
TrackID(TM) with BRAVIA (x32 Version: 1.2.0.09270 - Sony Corportaion) Hidden
TriDef 3D (Sony) 2.0.5 (HKLM-x32\...\experience-sony-bundle) (Version: 2.0.5 - Dynamic Digital Depth Australia Pty Ltd)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
V3DPx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VAIO - Media Gallery - VAIO Personalization Manager Update (HKLM\...\{50A7190B-5DA6-4A51-B275-3D413E617BA6}) (Version: 4.2.5.07160 - Sony Corporation)
VAIO - Microsoft Visual C++ 2010 SP1 Runtime 10.0.40219.325 (HKLM\...\{34EB42BE-F4D3-44C1-B28E-9740115DB72C}) (Version: 1.0.00.01300 - Sony Corporation)
VAIO - PlayMemories Home Plug-in (HKLM\...\{886C0C18-F905-49B2-90BA-EFC0FEDF27C6}) (Version: 2.0.00.14200 - Sony Corporation)
VAIO - PlayMemories Home Plug-in (HKLM-x32\...\InstallShield_{F9395F3D-4198-476C-8C41-63D0B5B51E35}) (Version: 2.2.00.18250 - Sony Corporation)
VAIO - Remote-Tastatur (HKLM-x32\...\{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}) (Version: 1.2.0.09270 - Sony Corporation)
VAIO - TrackID™ mit BRAVIA (HKLM-x32\...\{2F41EF61-A066-4EBF-84F8-21C1B317A780}) (Version: 1.2.0.09270 - Sony Corporation)
VAIO 3D Portal (HKLM-x32\...\{C14EAE86-C526-4E00-B245-CFF86233C3D2}) (Version: 1.2.0.10131 - Sony Corporation)
VAIO Care (HKLM\...\{934ACD4F-3E96-4B2A-96A8-158A5E057288}) (Version: 8.4.3.07161 - Sony Corporation)
VAIO Care Recovery (HKLM\...\{6ED1750E-F44F-4635-8F0D-B76B9262B7FB}) (Version: 1.1.1.13230 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 5.2.1.15070 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.9.0.13190 - Sony Corporation)
VAIO Data Restore Tool (x32 Version: 1.9.0.13190 - Sony Corporation) Hidden
VAIO Easy Connect (HKLM-x32\...\InstallShield_{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}) (Version: 1.1.2.01120 - Sony Corporation)
VAIO Easy Connect (x32 Version: 1.1.2.01120 - Sony Corporation) Hidden
VAIO Gate (HKLM-x32\...\{A7C30414-2382-4086-B0D6-01A88ABA21C3}) (Version: 2.4.1.09230 - Sony Corporation)
VAIO Gate (x32 Version: 2.4.1.09230 - Sony Corporation) Hidden
VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 2.5.2.02090 - Sony Corporation)
VAIO Gesture Control (HKLM-x32\...\{692955F2-DE9F-4078-8FAA-858D6F3A1776}) (Version: 1.0.0.12300 - Sony Corporation)
VAIO Gesture Control (x32 Version: 1.0.0.12300 - Sony Corporation) Hidden
VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 1.3.0.12280 - Sony Corporation)
VAIO Improvement Validation (HKLM\...\{75C95C84-264F-4CC7-8A7E-346444E6C7C1}) (Version: 1.0.4.01190 - Sony Corporation)
VAIO Sample Contents (HKLM-x32\...\{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}) (Version: 1.4.2.09010 - Sony Corporation)
VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.14.1.07010 - Sony Corporation)
VAIO Transfer Support (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.7.1.06040 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.1.0.08060 - Sony Corporation)
VAIO*CPU-Lüfterdiagnose (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.1.0.09200 - Sony Corporation)
VAIO-Handbuch (HKLM-x32\...\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}) (Version: 2.3.0.12300 - Sony Corporation)
VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VHD (x32 Version: 1.0.0 - Microsoft) Hidden
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VMLx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSNx64 (Version: 1.0.0 - Sony Corporation) Hidden
VSNx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VSSTx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Websuche (HKLM-x32\...\Websuche) (Version:  - Websuche)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (HKLM-x32\...\{09B7C7EB-3140-4B5E-842F-9C79A7137139}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основи Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотоколекція Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-1366167738-2161922973-1286636927-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Kerstin\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {015FEF40-8573-45D7-B34D-AFDBE725A5DE} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {063C06A6-0715-4ACD-87F9-5018279F6146} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {0776B81D-71E4-440E-BC64-AC581A0DF0EC} - System32\Tasks\Avira System Speedup Tray => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe [2016-01-04] (Avira Operations GmbH & Co. KG)
Task: {08057D43-183B-4199-905B-45C18EFCE7C3} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {09C2A532-A01C-4905-A148-534842351396} - System32\Tasks\Sony Corporation\VAIO Update\Launch Application => C:\Program Files\SONY\VAIO Update\ShellExeProxy.exe [2015-07-31] (Sony Corporation)
Task: {0A2E6FF8-C85C-42FE-86CA-3C18C4DA050A} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {1442756A-90E3-46D7-818D-010D67149C52} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {14E98FB6-2CE9-4E8B-9FB3-A044080E2CE7} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {150DB219-03FF-4132-8A79-1D767322BBC7} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {15AB8188-B001-44C9-9BEE-1E14030F34C8} - System32\Tasks\Amazon Music Helper => C:\Users\Kerstin\AppData\Local\Amazon Music\Amazon Music Helper.exe [2015-12-15] ()
Task: {1A39910F-AF9F-4B94-B333-126E5B0EA980} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-01-29] (Dropbox, Inc.)
Task: {1A3BFEE7-CE2C-48EA-B1D5-5139A595EAE2} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {1FA2D1E2-4127-4606-B356-3EDCAFD3D239} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {2197BA6D-2ABF-49D8-BBE5-53D74C42A344} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {21A65CE5-AD66-4C1D-A994-3A734B60B82C} - System32\Tasks\{1D3DE915-F334-4D30-AA85-F81DCD21BB2B} => pcalua.exe -a F:\Software\Eduroam.exe -d F:\Software
Task: {303C566D-CB45-4B2B-AD63-76781350CDE4} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {32D63F3A-23D2-46D8-92D8-4CBFB9A4545A} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {337ECA33-FE29-413C-ADAE-FDE94E0FE1EC} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {39194CC1-9904-4902-931F-9C5C2E89E17C} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2015-02-04] (Sony Corporation)
Task: {3E85CE2A-43E7-4787-BB1A-5AC85EC21ED1} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {43ED7F43-B1CE-472A-8DC0-2E536215B8CB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {452A9A84-4986-477B-B90C-7035A37AAD43} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2015-08-06] (Sony Corporation)
Task: {460F51E9-AE60-43BB-9D94-9CA34278D33A} - \StartPoint Updater -> Keine Datei <==== ACHTUNG
Task: {47BD7B19-03B0-40A5-B9A8-B5521B958B27} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {4CD9E8E3-C9F9-4511-A777-765C8F0060BB} - System32\Tasks\{C405C04D-FD68-44BB-AB4B-98BFE4947D97} => pcalua.exe -a G:\Setup.exe -d G:\
Task: {559BE56B-1B8B-4EF4-9E39-232311BA211D} - System32\Tasks\VHDInformationCheck => C:\Program Files (x86)\Sony\VAIO Recovery\plugins\InformationCheck.exe [2012-02-24] (Sony Corporation)
Task: {59355796-2A82-4620-8477-9BC1AB866D29} - System32\Tasks\{D3B63872-5F5A-4BDF-BA19-0D6712AF2FCE} => pcalua.exe -a G:\setup.exe -d G:\
Task: {5A1FBEE0-6B62-49DE-9792-89E5523E752F} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {5BF055E1-C3E3-4B62-9469-4A55E2D04675} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {5DBB02F8-DAF2-4BBD-B3DE-61885701A5B9} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2011-12-27] (Sony Corporation)
Task: {6784BF76-3714-4938-BEF8-CF25F5B90BB4} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {68A809F5-1B6D-4674-8B01-DA5F5B2EE5E4} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"
Task: {6A7C3105-9C0F-429C-9F3C-5A8DDB42623E} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {713AABCD-DFC2-4547-AF30-9191E2A630D6} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {7527BC15-BBB0-4936-B647-F083512B6FAA} - System32\Tasks\Sony Corporation\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2011-09-23] (Sony Corporation)
Task: {7817A4E6-12E1-4226-B192-1B4F8F859F75} - System32\Tasks\avastBCLRestart_firefox.exe => Firefox.exe
Task: {7C2603AA-F632-4EE2-872E-693E476F3752} - System32\Tasks\avast! BCU UpdateS-1-5-21-1366167738-2161922973-1286636927-1001 => C:\Users\Kerstin\AppData\Roaming\AVAST Software\Browser Cleanup\BCUUpdate.exe [2015-03-18] (AVAST Software)
Task: {84AA4058-CC58-419B-BFE8-8B708DB5C4A2} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {8612375F-7846-481F-84D6-BD27F5C1DA4D} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {8CDF3E22-EE5C-4BAC-99DA-B188BF4DCD39} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-03-07] (Sony Corporation)
Task: {9A90EB33-B5A8-4102-A1AA-5945D692D145} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {9C12BF68-355C-4A26-955B-428B02D55DA0} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {9F94A9F6-5A87-4B2C-B1A8-C7A72DED1408} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2011-12-27] (Sony Corporation)
Task: {A04D2D8E-72A6-4E4E-BEFE-713720B5E089} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {A47F0152-06A2-4059-A428-90BC800C6D60} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {A4C0D119-1EC6-4E9C-B998-BC57ABEAB733} - System32\Tasks\{20FFFD0A-7AC7-4286-9234-18E6790EDA31} => G:\Setup.exe
Task: {A650E462-2142-40D6-B3BB-146A014FD7B9} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {A79D3BD7-6716-4055-9D07-1221186E468F} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {AD15C420-EAF0-4671-A9B9-06E7506E710E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {B31E4C6F-2F64-4EA4-94C0-D29DBC667D19} - System32\Tasks\Sony Corporation\VAIO Care\ActiveStatusCollect => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {B4BA0949-7D77-4BD2-A0CE-1276F9C778DA} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {B5465050-0846-4725-BCFD-2562FA6122DD} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {B60BA25C-D5C5-4874-9715-6E45220B676B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {B919144E-C315-467D-9A48-4B9D0B99C971} - System32\Tasks\{5AD6CD0A-6B90-4C26-9F14-01B14F151621} => pcalua.exe -a H:\Software\Microsoft.Office.2007.Enterprise.SP1.DVD.GERMAN-BIE\setup.exe -d H:\Software\Microsoft.Office.2007.Enterprise.SP1.DVD.GERMAN-BIE
Task: {BA407432-8D50-418D-B692-4CB1D1545E75} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {BD805383-06DB-4F64-9128-CE6C299B9BB0} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-01-29] (Dropbox, Inc.)
Task: {BDCB8DC7-9FA8-431B-BBA0-3DB13B23ADBC} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {C272AC0C-B03E-49B1-96BE-118FCD606B2F} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorSystem => C:\Program Files\Sony\VAIO Improvement\vim.exe [2013-03-29] (Sony Corporation)
Task: {C34B2937-A578-47FF-BFBB-7CCCF9F5B6B8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {C38C1DF3-CE0A-4399-AAE9-225C363B6114} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2015-07-31] (Sony Corporation)
Task: {C84CE7B0-93E2-47DC-AD7B-39246BBA599A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {CA13EC31-F387-423C-8497-1B8089341E6E} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorUser => C:\Program Files\Sony\VAIO Improvement\vim.exe [2013-03-29] (Sony Corporation)
Task: {CA15B3AA-CB05-4890-A7F3-419F4B5A2FE6} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-03-07] (Sony Corporation)
Task: {CEF38715-F78A-4AAD-9C02-4387F0DA7FE8} - System32\Tasks\AdobeAAMUpdater-1.0-Kerstin-VAIO-Kerstin => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {CF5779A1-9418-44B8-8C50-91B1D204B939} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2015-07-13] (Sony Corporation)
Task: {D0907EAE-7B5B-4A5E-8FE9-340CEB71FD2B} - System32\Tasks\Sony Corporation\VAIO Improvement Validation\VAIO Improvement Validation => C:\Program Files\Sony\VAIO Improvement Validation\viv.exe [2011-01-20] (Sony Corporation)
Task: {D68B42BF-EF90-4F92-9653-7B7A20100867} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {D76D413C-B52B-42FB-8CC6-2B610D5F4ACE} - System32\Tasks\Sony Corporation\VAIO Smart Network\VSN Logon Start => net
Task: {D90EE70C-D198-4112-A8DE-5DE22AD06395} - System32\Tasks\avastBCLS-1-5-21-1366167738-2161922973-1286636927-1001 => C:\Users\Kerstin\AppData\Roaming\AVAST Software\Browser Cleanup\BCUSched.exe [2015-11-09] (AVAST Software)
Task: {E02091FF-CDFB-46C7-82D9-33F1C092DE41} - \Run_Bobby_Browser -> Keine Datei <==== ACHTUNG
Task: {E18B7764-D373-4A22-8CDB-2AF43CAB9959} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {E7CC161F-93C3-4369-AF25-805F0DF15CEE} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {ECE59462-99F0-495C-A65F-F2FCB532BFC8} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {EEC588A5-9179-41B6-AF09-186B55765252} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {F2320397-C334-49BC-8116-E2E336FE356A} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2011-09-23] (Sony Corporation)
Task: {F24ED9DA-2E87-4BD3-86D0-1DE1C2D6C90D} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {F6F093AA-34B2-4539-99CF-88B82FE94304} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {F82EA822-9563-45BB-BF88-AE6700D01524} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {FE6A1582-EC96-4F68-B8A2-6CA1B1B5AF7E} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {FFDDC436-AE0B-448C-B457-92FD5A19A601} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-19] (Adobe Systems Incorporated)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

ShortcutWithArgument: C:\Users\Kerstin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> www.startseite24.net

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-07-10 04:33 - 2015-07-10 04:33 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-09-10 06:12 - 2015-09-10 06:12 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-01-18 14:56 - 2012-03-13 17:01 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2015-10-23 17:53 - 2015-10-23 17:53 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-23 17:53 - 2015-10-23 17:53 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-10-23 17:53 - 2015-10-23 17:53 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-10 04:13 - 2015-07-10 04:13 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-12-08 19:28 - 2015-11-25 05:20 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-08 19:28 - 2015-11-25 05:17 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-08 19:28 - 2015-11-25 05:17 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-23 17:53 - 2015-10-23 17:53 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 04:13 - 2015-09-10 06:12 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-01-21 11:17 - 2015-12-15 01:43 - 05890368 _____ () C:\Users\Kerstin\AppData\Local\Amazon Music\Amazon Music Helper.exe
2015-02-04 15:37 - 2015-02-04 15:37 - 00062464 _____ () C:\Program Files\Sony\VAIO Care\listener.exe
2016-01-26 19:22 - 2016-01-26 19:23 - 00015872 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.122.14020.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-01-26 19:22 - 2016-01-26 19:23 - 14870016 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.122.14020.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2015-11-22 14:19 - 2015-11-22 14:19 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.122.14020.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-01-21 09:02 - 2016-01-21 09:03 - 03563008 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.19020.0_x64__8wekyb3d8bbwe\Calculator.exe
2015-12-15 09:30 - 2015-12-15 09:31 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.19020.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2015-09-10 06:12 - 2015-09-10 06:12 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-01-18 15:12 - 2012-03-07 18:57 - 00021128 _____ () C:\Program Files (x86)\Sony\VAIO Control Center\VESBasePS.dll
2015-11-10 17:14 - 2015-11-10 17:14 - 00172032 _____ () C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IsdiInterop\a93f0f4ae82ff4f730dd3b3c311656bb\IsdiInterop.ni.dll
2015-01-18 14:57 - 2011-11-29 20:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2015-01-18 14:56 - 2012-03-13 17:02 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2016-01-22 21:43 - 2015-03-19 07:46 - 00867592 _____ () C:\Program Files (x86)\CyberLink\PowerDVD15\common\UNO\UNO.dll
2016-01-22 21:43 - 2013-12-10 12:31 - 00074240 _____ () C:\Program Files (x86)\CyberLink\PowerDVD15\Common\Koan\_ctypes.pyd
2016-01-22 21:43 - 2013-12-10 12:31 - 00285184 _____ () C:\Program Files (x86)\CyberLink\PowerDVD15\Common\Koan\_hashlib.pyd
2016-01-22 21:43 - 2013-12-10 12:31 - 00040960 _____ () C:\Program Files (x86)\CyberLink\PowerDVD15\Common\Koan\_socket.pyd
2016-01-22 21:43 - 2013-12-10 12:31 - 00721920 _____ () C:\Program Files (x86)\CyberLink\PowerDVD15\Common\Koan\_ssl.pyd
2015-02-04 15:37 - 2015-02-04 15:37 - 00347136 _____ () C:\Program Files\Sony\VAIO Care\Iolo\vosges.dll
2016-01-12 17:07 - 2016-01-12 17:07 - 00153032 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2016-01-12 17:07 - 2016-01-12 17:07 - 00022472 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2016-01-29 08:31 - 2016-01-27 18:39 - 01632584 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\libglesv2.dll
2016-01-29 08:31 - 2016-01-27 18:39 - 00087880 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\libegl.dll
2015-09-24 16:40 - 2015-09-24 16:40 - 00057856 _____ () C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\de_de\brdlang32.DEU
2016-01-14 21:38 - 2016-01-14 21:38 - 09499136 _____ () C:\Users\Kerstin\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_rdlang32.deu
2015-11-12 20:54 - 2015-08-13 14:08 - 03544576 _____ () C:\Program Files (x86)\Adobe\Reader 10.0\Reader\plug_ins\Citavi Picker\CitaviPicker.api
2016-01-14 22:44 - 2016-01-14 22:44 - 00045568 _____ () C:\Users\Kerstin\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_weblink.DEU
2016-01-14 22:44 - 2016-01-14 22:44 - 00100352 _____ () C:\Users\Kerstin\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_EScript.DEU
2015-09-24 16:40 - 2015-09-24 16:40 - 00305544 _____ () C:\Program Files (x86)\Adobe\Reader 10.0\Reader\sqlite.dll
2016-01-14 21:39 - 2016-01-14 21:39 - 00014336 _____ () C:\Users\Kerstin\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_Updater.DEU

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-1366167738-2161922973-1286636927-1001\...\aeriagames.com -> hxxps://aeriagames.com
IE trusted site: HKU\S-1-5-21-1366167738-2161922973-1286636927-1001\...\aeriagames.com -> hxxp://aeriagames.com

==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2015-01-30 11:37 - 00001028 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1                  activate.adobe.com
127.0.0.1                  practivate.adobe.com
127.0.0.1                  lmlicenses.wip4.adobe.com
127.0.0.1                  lm.licenses.adobe.com

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1366167738-2161922973-1286636927-1001\Control Panel\Desktop\\Wallpaper -> D:\Bilder\Korfu 2015\Best of\4 (136).JPG
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\...\StartupApproved\Run32: => "ContentTransferWMDetector.exe"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [UDP Query User{FEB18DAC-C172-42C9-BE01-AECCBE351B95}C:\users\kerstin\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\kerstin\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{BDD1B632-72C0-47A2-865B-1EEAB13CEA7D}C:\users\kerstin\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\kerstin\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{FB3AFA9E-6DF7-4160-8A9F-824C185367D0}C:\users\kerstin\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\kerstin\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{FA385E60-426F-4380-AEC7-E2DE04146EFE}C:\users\kerstin\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\kerstin\appdata\local\akamai\netsession_win.exe
FirewallRules: [{7761AF3E-EB48-4193-A1D3-2A919174CAC2}] => (Allow) C:\Program Files\Sony\VAIO Care\VAIOShell.exe
FirewallRules: [{259CF2C6-F411-4907-AF79-8D805A3A6A98}] => (Allow) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
FirewallRules: [{FA859391-BDE0-4617-ADCF-5DDB24FDFFD3}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAdmin.exe
FirewallRules: [{CF6147EB-BF77-472B-8A84-495CC59EF89F}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAgent.exe
FirewallRules: [UDP Query User{D60C932D-C659-4FEB-A8DE-3B4AC40F7E53}C:\users\kerstin\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\kerstin\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{9C63613F-E8E0-40C4-AA3F-BF3FF81A71B3}C:\users\kerstin\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\kerstin\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{DB0AFDC7-5DDC-4C4C-A382-FCC93AA80689}] => (Allow) C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\CinergyDvr.exe
FirewallRules: [{64CEFCD6-74E6-4FDD-906C-4D6710C30444}] => (Allow) C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\CinergyDvr.exe
FirewallRules: [{A69B0AD0-CA37-4003-8038-40477C83243B}] => (Allow) C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe
FirewallRules: [{46CC4BB6-C9E5-4505-B6C3-FFD42DDAC42C}] => (Allow) C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe
FirewallRules: [{B61F7B8C-3D79-4AF1-99EE-94F6BC5C2532}] => (Allow) C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\InstTool.exe
FirewallRules: [{D6B25D2E-D613-4AA0-88C4-E7FA7712F917}] => (Allow) C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\InstTool.exe
FirewallRules: [UDP Query User{F7E15CFB-81F3-462F-B860-8D4B55069A4D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{F71C91E9-951D-4671-BD70-2286B8919DA9}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{E80FF284-063D-4C68-9D2A-E61612429558}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{115A53EA-93D1-482C-B34E-6EACBE368A3C}] => (Block) C:\Program Files (x86)\Sony\VAIO Creations\VAIO Movie Story\VMStory.exe
FirewallRules: [{86A73A03-F7A7-45A7-913B-2FF017DEA602}] => (Block) C:\Program Files (x86)\Sony\VAIO Creations\VAIO Movie Story\VMStory.exe
FirewallRules: [{6405F0BC-506B-4C7B-BAD2-53B41D618F34}] => (Block) C:\Program Files (x86)\Sony\VAIO Creations\VAIO Movie Story\VMStory.exe
FirewallRules: [{48526780-E8D0-478B-952C-5DB519AAA95E}] => (Allow) C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe
FirewallRules: [{8F447791-02F9-4CBF-841A-44C3C0B91421}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{B8F84441-A0A0-457E-8AD4-78EA643F4591}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{87CBF9CF-2B13-42BA-9CA9-EB28F3F98A3E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{742BE255-E3EF-4E59-87D4-8D1B567C05FB}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{8FA70B8C-31F1-413E-A638-ACCAF092057C}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{3DF28D09-AD7E-41FE-A77E-67FD30125758}] => (Allow) LPort=1900
FirewallRules: [{2A5B6337-4343-41B6-A0DE-A4C244E2DFDF}] => (Allow) LPort=2869
FirewallRules: [{F027C7F6-82A6-4378-9CF5-5A5B78AB878E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{5BBB7283-42EE-485A-983F-EDF7400357BF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{D54C0A26-F8F3-455E-B5CC-6B42213FA416}] => (Allow) C:\Program Files\Sony\VAIO Smart Network\WFDA\WiFiDirectApplication.exe
FirewallRules: [{F44742A4-7B5D-460F-B36B-807BBE6E501D}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{C76FBEF9-563F-4255-B83C-645AFA579FEA}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{19FD6C30-4599-4011-AE89-0AE62AB209C8}] => (Allow) C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe
FirewallRules: [{C66CC04D-EDBF-4151-B9CF-7591C615239D}] => (Allow) C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe
FirewallRules: [{479CD170-2B32-45E9-BC2E-16402BC8EDCE}] => (Allow) C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\CinergyDvr.exe
FirewallRules: [{AC50747C-D475-45D1-A9A8-102162088DA9}] => (Allow) C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\CinergyDvr.exe
FirewallRules: [{C0A58A64-6070-465F-A5B2-3166B2041BE2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD.exe
FirewallRules: [{006A772F-A41D-4DEE-82E3-6548A3F46F04}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\Kernel\DMS\CLMSServerPDVD15.exe
FirewallRules: [{E85E7530-705F-4070-89C9-656DB2979578}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD15Agent.exe
FirewallRules: [{30EFC8BD-6D5E-495F-ADD7-68ADF53340A8}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\Movie\PowerDVDMovie.exe
FirewallRules: [{E397CB1C-C2A1-4645-9E89-CE0B0C063A3A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{3BA930FC-18D6-43DB-A2FE-6CEE95A506F7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{2CFBE66F-F641-49FB-B62B-A96327711D33}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe] => Enabled:TriDef 3D Media Player

==================== Wiederherstellungspunkte =========================

17-01-2016 12:14:40 Uniblue DriverScanner installation
22-01-2016 20:27:09 Installiert PowerDVD
25-01-2016 14:30:17 PRIMER 7

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (01/29/2016 11:18:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: VAIO)
Description: Bei der Aktivierung der App „Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (01/29/2016 11:18:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: VAIO)
Description: Bei der Aktivierung der App „Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (01/29/2016 11:18:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: VAIO)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (01/29/2016 05:48:49 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=43, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0

Error: (01/29/2016 05:48:49 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=25, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0

Error: (01/29/2016 05:48:49 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=17, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0

Error: (01/29/2016 05:48:49 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=23, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0

Error: (01/29/2016 05:48:49 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=21, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0

Error: (01/29/2016 05:48:49 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=18, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0

Error: (01/29/2016 05:47:38 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: VAIO)
Description: Bei der Aktivierung der App „Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.


Systemfehler:
=============
Error: (01/30/2016 01:24:06 PM) (Source: iaStor) (EventID: 9) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.

Error: (01/30/2016 12:48:19 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8024200d fehlgeschlagen: Upgrade auf Windows 10 Home, Version 1511, 10586

Error: (01/30/2016 12:22:32 PM) (Source: iaStor) (EventID: 9) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.

Error: (01/29/2016 11:18:47 PM) (Source: DCOM) (EventID: 10010) (User: VAIO)
Description: Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider

Error: (01/29/2016 11:18:47 PM) (Source: DCOM) (EventID: 10010) (User: VAIO)
Description: Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider

Error: (01/29/2016 11:18:47 PM) (Source: DCOM) (EventID: 10010) (User: VAIO)
Description: CortanaUI.AppXd4tad4d57t4wtdbnnmb8v2xtzym8c1n8.mca

Error: (01/29/2016 11:18:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenzugriff_Session1" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/29/2016 11:18:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenspeicher _Session1" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/29/2016 11:18:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Kontaktdaten_Session1" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/29/2016 11:18:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Synchronisierungshost_Session1" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.


CodeIntegrity:
===================================
  Date: 2016-01-14 09:14:09.451
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-14 09:14:09.291
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-14 09:14:08.714
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-14 09:14:08.302
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-12 11:13:32.265
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-12 11:13:32.217
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-12 11:13:31.455
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-12 11:13:31.390
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-12 11:12:08.772
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-12 11:12:08.728
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen ===========================

Prozessor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
Prozentuale Nutzung des RAM: 44%
Installierter physikalischer RAM: 8162.36 MB
Verfügbarer physikalischer RAM: 4507.5 MB
Summe virtueller Speicher: 16354.36 MB
Verfügbarer virtueller Speicher: 11689.68 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:150 GB) (Free:64.02 GB) NTFS
Drive d: () (Fixed) (Total:298.69 GB) (Free:107.86 GB) NTFS
Drive f: (AMY) (Removable) (Total:57.82 GB) (Free:41.14 GB) FAT32

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 946CD195)
Partition 1: (Not Active) - (Size=16.7 GB) - (Type=27)
Partition 2: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=150 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=298.7 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 57.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== Ende von Addition.txt ============================
Ich hoffe es kann mir jemand weiter helfen! :)

Vielen Dank schonmal und viele Grüße,
Kerstin

cosinus 31.01.2016 20:59
Hi und :hallo:

Logs bitte nicht anhängen, notfalls splitten und über mehrere Postings verteilt posten

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

_kerstin_ 31.01.2016 21:17
Hallo und danke :)

Das tut mir leid, habe nicht alle Logs in einen Beitrag bekommen und auf dieser Einführungsseite stand, dass man in seinem eigenen Post nicht direkt antworten soll.

Dann packe ich die beiden Textfiles hier nochmal rein.

Einmal der Malewarebytes:
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlaufdatum: 30.01.2016
Suchlaufzeit: 18:07
Protokolldatei: Malewarebytes.txt
Administrator: Ja

Version: 2.2.0.1024
Malware-Datenbank: v2016.01.30.03
Rootkit-Datenbank: v2016.01.20.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 10
CPU: x64
Dateisystem: NTFS
Benutzer: Kerstin

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 458533
Abgelaufene Zeit: 33 Min., 23 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 0
(keine bösartigen Elemente erkannt)

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
und Avast Browser Cleanup:
Code:
30.01.2016 18:14:14 (TID: 12200)
Product version: 10.4.2233.107
30.01.2016 18:14:14
BCUEngine version : 10.1.0.884
ProductLanguage  : de
OSLanguage        : de-de
Location          : de-de
OSType            : 6.2
IsStandalone      : 1
PartnerId        : 752
Priority          : 10
Microsoft IE
        Install Path:
        Version: 11.0.10240.16644
Mozilla Firefox Browser
        Install Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
        Version: 38.0.5.5623
        Profile Path: C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\
Mozilla Firefox Profiles
        Name: default Path: C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\NsWAs5vb.default
Google Chrome Browser
        Version: 48.0.2564.97
        Install Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        Profile Path: C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\
Google Chrome Profiles
        Name: Default Path: C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default
Google Chrome
        Homepages
                Profile: Default
                Url    : https://www.google.de/
        Search Engines
                Profile: Default
                Name  : Google
                Url    : https://www.google.de/search?q={searchTerms}?trackid=sp-004752
Google Chrome
        Extensions
                Profile: Default
                        ID: aapocclcgogkmnckokdopfmhonfmgoek Name: Google Präsentationen
                        ID: cfhdojbkjhnklbpkdaibdccddilifddb Name: Adblock Plus
                        ID: felcaaldnbdncclmgdcncolpebgiejap Name: Google Tabellen
                        ID: flliilndjeohchalpbbcdekjklbdgfkk Name: Avira Browserschutz
                        ID: ohgndokldibnndfnjnagojmheejlengn Name: Citavi Picker
FireFox
        Homepages
                Profile: default
                URL    : https://www.google.de/?gws_rd=ssl
        Search Engines
                Profile: default
                Name  : Google
                Url    : https://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8
Mozilla Firefox
        Extensions
                Profile: default
                        ID: {20a82645-c095-46ed-80e3-08825760534b} Name: Microsoft .NET Framework Assistant
                        ID: choiceguard@microsoft Name: Microsoft Choice Guard
                        ID: {8aa36f4f-6dc7-4c06-77af-5035170634fe} Name: Citavi Picker
                        ID: {8aa36f4f-6dc7-4c06-77af-5035170634fe} Name: Citavi Picker
                        ID: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} Name: Adblock Plus
                        ID: abs@avira.com Name: Avira Browser Safety
BCURequest:
        GlobalStat
                ProductLanguage : de
                EngineVersion  : 10.1.0.884
                OSLanguage      : de-de
                Location        : de-de
                OSType          : 6.2
                IsStandalone    : 1
                Version        : 10.4.2233.107
                PartnerId      : 752
                Priority        : 10
                AvastProductType: 56
                DefaultBrowser  : FIREFOXURL
        Google Chrome:
                IsDefault: 0
                Rank: 1093
                Homepages
                        Url: https://www.google.de/
                Search Engines
                        Name : Google
                        Url  : https://www.google.de/search?q={searchTerms}?trackid=sp-004752
                Extensions
                        ID: aapocclcgogkmnckokdopfmhonfmgoek Name: Google Präsentationen
                        ID: cfhdojbkjhnklbpkdaibdccddilifddb Name: Adblock Plus
                        ID: felcaaldnbdncclmgdcncolpebgiejap Name: Google Tabellen
                        ID: flliilndjeohchalpbbcdekjklbdgfkk Name: Avira Browserschutz
                        ID: ohgndokldibnndfnjnagojmheejlengn Name: Citavi Picker
        FireFox:
                IsDefault: 1
                Rank: 1131
                Homepages
                        Url: https://www.google.de/?gws_rd=ssl
                Search Engines
                        Name : Google
                        Url  : https://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8
                Extensions
                        ID: abs@avira.com Name: Avira Browser Safety
                        ID: choiceguard@microsoft Name: Microsoft Choice Guard
                        ID: {20a82645-c095-46ed-80e3-08825760534b} Name: Microsoft .NET Framework Assistant
                        ID: {8aa36f4f-6dc7-4c06-77af-5035170634fe} Name: Citavi Picker
                        ID: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} Name: Adblock Plus
BCUResponse:
        BCUConfig
                CacheIntervalNeg : 604800
                CacheIntervalPos : 604800
                CmsTimeout      : 15000
        TemplateId: TPL_RADIO
        OfferId  : ID_DE_DE_YB_RB_V10_PAID
                UseCorporate    : FALSE
        BCUProviders
                ID: TPL_YAHOO9_DE        Name: Yahoo! (Avast)
                ID: PID_BING04_PAID_ALL        Name: Bing (by Microsoft)
                ID: PID_GOOGLE_ALL_PAID        Name: Google
                ID: PID_WOLFRAM_ALL_PAID        Name: Wolfram Alpha
                ID: PID_KEEPEXISTING        Name: Keep Existing (not recommended)
        Google Chrome:
                IsProviderModified: 0
                Extensions
                        ID: aapocclcgogkmnckokdopfmhonfmgoek Rating: 0 InternalId: 1000
                        ID: cfhdojbkjhnklbpkdaibdccddilifddb Rating: 0 InternalId: 1000
                        ID: felcaaldnbdncclmgdcncolpebgiejap Rating: 0 InternalId: 1000
                        ID: flliilndjeohchalpbbcdekjklbdgfkk Rating: 0 InternalId: 1000
                        ID: ohgndokldibnndfnjnagojmheejlengn Rating: 0 InternalId: 1000
                Search Engine:
                        Name: Google
                        Url : https://www.google.de/search?q={searchTerms}?trackid=sp-004752
        FireFox:
                IsProviderModified: 0
                Extensions
                        ID: abs@avira.com Rating: 3 InternalId: 1000
                        ID: choiceguard@microsoft Rating: 5 InternalId: 8000
                        ID: {20a82645-c095-46ed-80e3-08825760534b} Rating: 5 InternalId: 5200
                        ID: {8aa36f4f-6dc7-4c06-77af-5035170634fe} Rating: 4 InternalId: 8000
                        ID: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} Rating: 5 InternalId: 1000
                Search Engine:
                        Name: Google
                        Url : https://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8
Detected a potential browser protector:C614A96B241A9BF6857ECC990C4F748DAA39188FC52D3B841F075AA69A025A9D {
  "Services" : {
      "antivirmailservice" : {
        "Description" : "bietet email-programmen permanenten schutz vor viren und malware mit der avira suchengine.",
        "DisplayName" : "avira email-schutz",
        "FileInfo" : {
            "CompanyName" : "Avira Operations GmbH & Co. KG",
            "FileDescription" : "Antivirus MailScanner WFP Service",
            "FileVersion" : "15.0.15.106",
            "Path" : "c:\\program files (x86)\\avira\\antivirus\\avmailc7.exe",
            "ProductVersion" : "15.0.15.106",
            "sha256" : "B389458C13A0E0717365B7CE371A6B768EB2F98C4CDBAA6DCBBBDE3A2B1D8B14"
        }
      },
      "antivirschedulerservice" : {
        "Description" : "dienst zur steuerung von avira antivirus prüfaufträgen und updates.",
        "DisplayName" : "avira planer",
        "FileInfo" : {
            "CompanyName" : "Avira Operations GmbH & Co. KG",
            "FileDescription" : "Antivirus Host Framework Service",
            "FileVersion" : "15.0.15.106",
            "Path" : "c:\\program files (x86)\\avira\\antivirus\\sched.exe",
            "ProductVersion" : "15.0.15.106",
            "sha256" : "7A6C59E9B98C1A50CB5FB895050127C5A433BA825D3832FC6DDA2A41AE986543"
        }
      },
      "antivirservice" : {
        "Description" : "bietet permanenten schutz vor viren und malware mit der avira suchengine.",
        "DisplayName" : "avira echtzeit-scanner",
        "FileInfo" : {
            "CompanyName" : "Avira Operations GmbH & Co. KG",
            "FileDescription" : "Antivirus Host Framework Service",
            "FileVersion" : "15.0.15.106",
            "Path" : "c:\\program files (x86)\\avira\\antivirus\\avguard.exe",
            "ProductVersion" : "15.0.15.106",
            "sha256" : "7A6C59E9B98C1A50CB5FB895050127C5A433BA825D3832FC6DDA2A41AE986543"
        }
      },
      "antivirwebservice" : {
        "Description" : "bietet webbrowsern permanenten schutz vor viren und malware mit der avira suchengine.",
        "DisplayName" : "avira browser-schutz",
        "FileInfo" : {
            "CompanyName" : "Avira Operations GmbH & Co. KG",
            "FileDescription" : "AntiVir WebGuard WFP Service",
            "FileVersion" : "15.0.15.125",
            "Path" : "c:\\program files (x86)\\avira\\antivirus\\avwebg7.exe",
            "ProductVersion" : "15.0.15.125",
            "sha256" : "827400CFB53026757B3D75B6C5AC7BBECE7E62B335160C18CBF6A41047F4A400"
        }
      }
  },
  "runKeys" : {
      "avgnt" : {
        "FileInfo" : {
            "CompanyName" : "Avira Operations GmbH & Co. KG",
            "FileDescription" : "Avira system tray application",
            "FileVersion" : "15.0.15.106",
            "Path" : "c:\\program files (x86)\\avira\\antivirus\\avgnt.exe",
            "ProductVersion" : "15.0.15.106",
            "sha256" : "269146783422D06BE2BA5D358D22B03339C102D0D5970894625C9C03BFCCB773"
        },
        "RegKey" : "hklm\\software\\microsoft\\windows\\currentversion\\run\\avgnt=c:\\program files (x86)\\avira\\antivirus\\avgnt.exe"
      }
  },
  "runningProcess" : {
      "avcenter.exe" : {
        "CompanyName" : "Avira Operations GmbH & Co. KG",
        "FileDescription" : "Control Center",
        "FileVersion" : "15.0.15.106",
        "Path" : "c:\\program files (x86)\\avira\\antivirus\\avcenter.exe",
        "ProductVersion" : "15.0.15.106",
        "sha256" : "16EBE33001EB1EB2A9C54E6B014650CBC653FF3B29855468C4F55198E6770C02"
      },
      "avgnt.exe" : {
        "CompanyName" : "Avira Operations GmbH & Co. KG",
        "FileDescription" : "Avira system tray application",
        "FileVersion" : "15.0.15.106",
        "Path" : "c:\\program files (x86)\\avira\\antivirus\\avgnt.exe",
        "ProductVersion" : "15.0.15.106",
        "sha256" : "269146783422D06BE2BA5D358D22B03339C102D0D5970894625C9C03BFCCB773"
      }
  },
  "uninstallInfo" : {
      "avira antivirus" : {
        "DisplayName" : "avira antivirus",
        "FileInfo" : {
            "CompanyName" : "Avira Operations GmbH & Co. KG",
            "FileDescription" : "Workstation Setup",
            "FileVersion" : "15.0.15.106",
            "Path" : "c:\\program files (x86)\\avira\\antivirus\\setup.exe",
            "ProductVersion" : "15.0.15.106",
            "sha256" : "C45B27F741E3BE539AB53A62C0344C3FC2FE3E0D847FBB29902EB0C0918237D0"
        },
        "Publisher" : "avira operations gmbh & co. kg"
      }
  }
}

                Profile: Default
Mozilla Firefox
        Extensions
                Profile: default
updateCache  error: boost::filesystem::create_directory: Das System kann den angegebenen Pfad nicht finden: "C:\Users\Kerstin\AppData\Local\Temp\avastBCLTMP\firefox\{8aa36f4f-6dc7-4c06-77af-5035170634fe}"
Habe auch noch mein Antivir drüber laufen lassen, der hat das gefunden:
Code:
Exportierte Ereignisse:

30.01.2016 17:45 [System-Scanner] Malware gefunden
      Die Datei 'C:\Program Files\Sony\MFU\MUI_MFI.exe'
      enthielt einen Virus oder unerwünschtes Programm 'HEUR/APC (Cloud)' [heuristic].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '0a1f4dec.qua'
      verschoben!

30.01.2016 17:45 [System-Scanner] Malware gefunden
      Die Datei 'C:\Windows\System32\oobe\info\VAIO MFU Links\MFU\MUI_MFI.exe'
      enthielt einen Virus oder unerwünschtes Programm 'HEUR/APC (Cloud)' [heuristic].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '46a761a6.qua'
      verschoben!

30.01.2016 17:45 [System-Scanner] Malware gefunden
      Die Datei 'C:\Windows\SysWOW64\oobe\info\VAIO MFU Links\MFU\MUI_MFI.exe'
      enthielt einen Virus oder unerwünschtes Programm 'HEUR/APC (Cloud)' [heuristic].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '39bc53c7.qua'
      verschoben!

30.01.2016 17:45 [System-Scanner] Malware gefunden
      Die Datei 'D:\Downloads\FreeFileSync_6.15_Windows_Setup.exe'
      enthielt einen Virus oder unerwünschtes Programm 'PUA/OpenCandy.Gen' [riskware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '7ddc7f1d.qua'
      verschoben!

30.01.2016 17:45 [System-Scanner] Malware gefunden
      Die Datei 'D:\Downloads\FreeYouTubeToMP3Converter_3.12.59.616.exe'
      enthielt einen Virus oder unerwünschtes Programm 'PUA/OpenCandy.Gen' [riskware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1beb313a.qua'
      verschoben!
Viele Grüße :)

cosinus 31.01.2016 23:22
Hat Malwarebytes nichts gefunden? Wenn doch, ist es nicht sehr sinnig nur das letzte Log ohne Funde zu posten da so hier niemand sehen kann was alles schon entfernt wurde.

_kerstin_ 01.02.2016 00:04
Habe Malewarebytes eben nochmal durchlaufen lassen, da findet er aber nichts, nein.

cosinus 01.02.2016 09:18
Bitte lies doch mein Posting mal richtig. Es geht NICHT darum, dass es jetzt nix mehr findet, sondern darum, ob es in der Vergangenheit etwas gefunden hat!

_kerstin_ 01.02.2016 09:34
Kann ich denn irgendwo alte Protokolle nochmal abrufen, wenn ich die nicht manuell abgespeichert habe?

cosinus 01.02.2016 09:36
Schau bitte nach unter Verlauf => Anwendungsprotokolle => Suchlaufprotokolle

Falls dort keine sind einfach mal checken, ob sich isolierte Elemente in der Quarantäne befinden. Wenn die leer ist, sollte es keine Funde gegeben haben.

_kerstin_ 01.02.2016 09:44
Okay, danke.
Da hab ich jetzt das gefunden:
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 17.01.2016 12:57, SYSTEM, VAIO, Manual, Remediation Database, 2015.9.16.1, 2016.1.14.1,
Update, 17.01.2016 12:57, SYSTEM, VAIO, Manual, Rootkit Database, 2015.9.18.1, 2016.1.9.1,
Update, 17.01.2016 12:57, SYSTEM, VAIO, Manual, IP Database, 2015.9.21.2, 2016.1.15.1,
Update, 17.01.2016 12:57, SYSTEM, VAIO, Manual, Domain Database, 2015.9.22.3, 2016.1.16.1,
Update, 17.01.2016 12:57, SYSTEM, VAIO, Manual, Malware Database, 2015.9.22.5, 2016.1.17.2,
Scan, 17.01.2016 13:40, SYSTEM, VAIO, Manual, Start: 17.01.2016 12:57, Dauer: 43 Min. 2 Sek., Bedrohungssuchlauf, Abgeschlossen, 0 Malware-Erkennung, 37 Nicht-Malware-Erkennungen,
Error, 17.01.2016 13:43, SYSTEM, VAIO, Protection, IsLicensed, 13,
Protection, 17.01.2016 13:43, SYSTEM, VAIO, Protection, Malware Protection, Stopping,
Protection, 17.01.2016 13:43, SYSTEM, VAIO, Protection, Malware Protection, Stopped,
Error, 17.01.2016 13:54, SYSTEM, VAIO, Protection, IsLicensed, 13,
Protection, 17.01.2016 13:54, SYSTEM, VAIO, Protection, Malware Protection, Stopping,
Protection, 17.01.2016 13:54, SYSTEM, VAIO, Protection, Malware Protection, Stopped,

(end)
und das sind wohl die Dateien, die es enternt hat:
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlaufdatum: 17.01.2016
Suchlaufzeit: 12:57
Protokolldatei: Dateien.txt
Administrator: Ja

Version: 2.2.0.1024
Malware-Datenbank: v2016.01.17.02
Rootkit-Datenbank: v2016.01.09.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 10
CPU: x64
Dateisystem: NTFS
Benutzer: Kerstin

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 451764
Abgelaufene Zeit: 43 Min., 2 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 8
PUP.Optional.BoBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Run_Bobby_Browser, Löschen bei Neustart, [605624163e5b2b0b3b847e2db44fdf21],
PUP.Optional.StartPoint, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\StartPoint Updater, Löschen bei Neustart, [d8de2b0f6633f83ee12c0bd344bfdc24],
PUP.Optional.WebSearch, HKLM\SOFTWARE\WOW6432NODE\webssearchesSoftware, In Quarantäne, [2690d8624356ae88c7dd7274966dbd43],
PUP.Optional.StartPoint, HKU\S-1-5-21-1366167738-2161922973-1286636927-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0228F258-A352-4A63-816D-B48F601DE203}, In Quarantäne, [6b4b4befeeab74c262a8f1ed3dc640c0],
PUP.Optional.WebSearch, HKU\S-1-5-21-1366167738-2161922973-1286636927-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0B2279D9-5A71-4E8C-A624-B6853F7CB726}, In Quarantäne, [684e50ea4f4a280e0a97af37e1225da3],
PUP.Optional.WebSearch, HKU\S-1-5-21-1366167738-2161922973-1286636927-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}, In Quarantäne, [15a14feb8d0c7eb8633e1accd52ec040],
PUP.Optional.WebSearch, HKU\S-1-5-21-1366167738-2161922973-1286636927-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E733165D-CBCF-4FDA-883E-ADEF965B476C}, In Quarantäne, [45714bef287181b53a670adcae557e82],
PUP.Optional.FastStart, HKU\S-1-5-21-1366167738-2161922973-1286636927-1001\SOFTWARE\MOZILLA\EXTENDS, In Quarantäne, [af07d466c0d9e155cfdc03b8b64d33cd],

Registrierungswerte: 9
PUP.Optional.FastStart, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|faststartff@gmail.com, C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\NsWAs5vb.default\extensions\faststartff@gmail.com, In Quarantäne, [5d59ec4e40591026e1cb6556a95a0af6]
PUP.Optional.StartPoint, HKU\S-1-5-21-1366167738-2161922973-1286636927-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0228F258-A352-4A63-816D-B48F601DE203}|FaviconURL, hxxp://search.strtpoint.com/favicon.ico, In Quarantäne, [6b4b4befeeab74c262a8f1ed3dc640c0]
PUP.Optional.WebSearch, HKU\S-1-5-21-1366167738-2161922973-1286636927-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0228F258-A352-4A63-816D-B48F601DE203}|URL, hxxp://istart.webssearches.com/web/?utm_source=b&utm_medium=cvs&utm_campaign=install_ie&utm_content=ds&from=cvs&uid=TOSHIBAXMQ01ABD050_52C7S1KGSXX52C7S1KGS&ts=1421845080&type=default&q={searchTerms}, In Quarantäne, [f2c453e75f3a5bdbc8d9f9ed71927a86]
PUP.Optional.StartPoint, HKU\S-1-5-21-1366167738-2161922973-1286636927-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0228F258-A352-4A63-816D-B48F601DE203}|TopResultURL, hxxp://search.strtpoint.com/results.html?v=insMac&t=1411&ap=578080078&q={searchTerms}&r=980, In Quarantäne, [bbfb2c0ed9c0181e5dad914dec17b24e]
PUP.Optional.WebSearch, HKU\S-1-5-21-1366167738-2161922973-1286636927-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0B2279D9-5A71-4E8C-A624-B6853F7CB726}|URL, hxxp://istart.webssearches.com/web/?utm_source=b&utm_medium=cvs&utm_campaign=install_ie&utm_content=ds&from=cvs&uid=TOSHIBAXMQ01ABD050_52C7S1KGSXX52C7S1KGS&ts=1421845080&type=default&q={searchTerms}, In Quarantäne, [684e50ea4f4a280e0a97af37e1225da3]
PUP.Optional.WebSearch, HKU\S-1-5-21-1366167738-2161922973-1286636927-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|URL, hxxp://istart.webssearches.com/web/?utm_source=b&utm_medium=cvs&utm_campaign=install_ie&utm_content=ds&from=cvs&uid=TOSHIBAXMQ01ABD050_52C7S1KGSXX52C7S1KGS&ts=1421845080&type=default&q={searchTerms}, In Quarantäne, [15a14feb8d0c7eb8633e1accd52ec040]
PUP.Optional.WebSearch, HKU\S-1-5-21-1366167738-2161922973-1286636927-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|FaviconURL, hxxp://istart.webssearches.com//favicon.ico, In Quarantäne, [f3c356e4b2e74aec039e3ea8f21107f9]
PUP.Optional.WebSearch, HKU\S-1-5-21-1366167738-2161922973-1286636927-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E733165D-CBCF-4FDA-883E-ADEF965B476C}|URL, hxxp://istart.webssearches.com/web/?utm_source=b&utm_medium=cvs&utm_campaign=install_ie&utm_content=ds&from=cvs&uid=TOSHIBAXMQ01ABD050_52C7S1KGSXX52C7S1KGS&ts=1421845080&type=default&q={searchTerms}, In Quarantäne, [45714bef287181b53a670adcae557e82]
PUP.Optional.FastStart, HKU\S-1-5-21-1366167738-2161922973-1286636927-1001\SOFTWARE\MOZILLA\EXTENDS|appid, faststartff@gmail.com, In Quarantäne, [af07d466c0d9e155cfdc03b8b64d33cd]

Registrierungsdaten: 2
PUP.Optional.WebSearch, HKU\S-1-5-21-1366167738-2161922973-1286636927-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://istart.webssearches.com/web/?type=dspp&ts=1421845060&from=cvs&uid=TOSHIBAXMQ01ABD050_52C7S1KGSXX52C7S1KGS&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/web/?type=dspp&ts=1421845060&from=cvs&uid=TOSHIBAXMQ01ABD050_52C7S1KGSXX52C7S1KGS&q={searchTerms}),Ersetzt,[dadc8caedfba47efdc946a49a95b06fa]
PUP.Optional.WebSearch, HKU\S-1-5-21-1366167738-2161922973-1286636927-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://istart.webssearches.com/web/?type=dspp&ts=1421845060&from=cvs&uid=TOSHIBAXMQ01ABD050_52C7S1KGSXX52C7S1KGS&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/web/?type=dspp&ts=1421845060&from=cvs&uid=TOSHIBAXMQ01ABD050_52C7S1KGSXX52C7S1KGS&q={searchTerms}),Ersetzt,[11a5a793aaefdf57c6aa6b48bd47e21e]

Ordner: 6
PUP.Optional.OpenCandy, C:\Users\Kerstin\AppData\Roaming\OpenCandy, In Quarantäne, [ded886b450494de96f8c088b639f44bc],
PUP.Optional.OpenCandy, C:\Users\Kerstin\AppData\Roaming\OpenCandy\OpenCandy_F12372E326EF43C7BFD1802C208EA7EE, In Quarantäne, [ded886b450494de96f8c088b639f44bc],
PUP.Optional.StartPoint, C:\Users\Kerstin\AppData\Local\StartPoint\startpoint, In Quarantäne, [7046f941bfdab1857f6eead5be4408f8],
PUP.Optional.StartPoint, C:\Users\Kerstin\AppData\Local\StartPoint\startpoint\1.3.18.7, In Quarantäne, [7046f941bfdab1857f6eead5be4408f8],
PUP.Optional.WebSearch, C:\Users\Kerstin\AppData\Roaming\webssearches, In Quarantäne, [d2e4182219806fc79511893a8b77d42c],
PUP.Optional.WebSearch, C:\Users\Kerstin\AppData\Roaming\webssearches\log, In Quarantäne, [d2e4182219806fc79511893a8b77d42c],

Dateien: 12
PUP.Optional.StartPoint, C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\NsWAs5vb.default\searchplugins\startpointkms.xml, In Quarantäne, [13a359e1c5d4e74fc143439ba55edd23],
PUP.Optional.StartPoint, C:\Windows\System32\Tasks\StartPoint Updater, In Quarantäne, [8b2b1e1c6633003604037e601ce79b65],
PUP.Optional.OpenCandy, C:\Users\Kerstin\AppData\Roaming\OpenCandy\OpenCandy_F12372E326EF43C7BFD1802C208EA7EE\TuneUp2014GER1day-de-DE-p4v1.exe, In Quarantäne, [ded886b450494de96f8c088b639f44bc],
PUP.Optional.StartPoint, C:\Users\Kerstin\AppData\Local\StartPoint\startpoint\1.3.18.7\app.ini, In Quarantäne, [7046f941bfdab1857f6eead5be4408f8],
PUP.Optional.StartPoint, C:\Users\Kerstin\AppData\Local\StartPoint\startpoint\1.3.18.7\Bnaaemhj.dll, In Quarantäne, [7046f941bfdab1857f6eead5be4408f8],
PUP.Optional.StartPoint, C:\Users\Kerstin\AppData\Local\StartPoint\startpoint\1.3.18.7\ieds.xml, In Quarantäne, [7046f941bfdab1857f6eead5be4408f8],
PUP.Optional.StartPoint, C:\Users\Kerstin\AppData\Local\StartPoint\startpoint\1.3.18.7\oChgkaac.dll, In Quarantäne, [7046f941bfdab1857f6eead5be4408f8],
PUP.Optional.StartPoint, C:\Users\Kerstin\AppData\Local\StartPoint\startpoint\1.3.18.7\res.dll, In Quarantäne, [7046f941bfdab1857f6eead5be4408f8],
PUP.Optional.StartPoint, C:\Users\Kerstin\AppData\Local\StartPoint\startpoint\1.3.18.7\serp.js, In Quarantäne, [7046f941bfdab1857f6eead5be4408f8],
PUP.Optional.StartPoint, C:\Users\Kerstin\AppData\Local\StartPoint\startpoint\1.3.18.7\sqlite.dll, In Quarantäne, [7046f941bfdab1857f6eead5be4408f8],
PUP.Optional.WebSearch, C:\Users\Kerstin\AppData\Roaming\webssearches\UninstallManager.exe, In Quarantäne, [d2e4182219806fc79511893a8b77d42c],
PUP.Optional.FastStart, C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\NsWAs5vb.default\prefs.js, Gut: (), Schlecht: (faststartff@gmail.com), Ersetzt,[53630634b4e576c06b30f2f074900ff1]

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
Bei allem danach hat er dann nichts mehr gefunden. Habe die Dateien auch alle noch in der Quarantäne drin.

cosinus 01.02.2016 10:07
ja so soll es auch sein

Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!

1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


_kerstin_ 01.02.2016 18:12
Hallo,

der AdwCleaner hat eben nichts gefunden. Aber habe eine Datei vom 17.1. im Archiv gefunden, wo etwas gelöscht wurde:
AdwCleaner Logfile:
Code:
# AdwCleaner v5.029 - Bericht erstellt am 17/01/2016 um 13:49:50
# Aktualisiert am 11/01/2016 von Xplode
# Datenbank : 2016-01-15.2 [Server]
# Betriebssystem : Windows 10 Home  (x64)
# Benutzername : Kerstin - VAIO
# Gestartet von : C:\Users\Kerstin\Desktop\AdwCleaner_5.029.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum

***** [ Dienste ] *****


***** [ Ordner ] *****

[-] Ordner Gelöscht : C:\Users\Kerstin\AppData\Local\StartPoint
[-] Ordner Gelöscht : C:\Users\Kerstin\AppData\Roaming\RHEng
[-] Ordner Gelöscht : C:\Users\Kerstin\AppData\Roaming\RPEng
[-] Ordner Gelöscht : C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\NsWAs5vb.default\ICQToolbarData

***** [ Dateien ] *****

[-] Datei Gelöscht : C:\Users\Kerstin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\driverscanner.lnk
[-] Datei Gelöscht : C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\NsWAs5vb.default\user.js

***** [ DLLs ] *****


***** [ Verknüpfungen ] *****


***** [ Aufgabenplanung ] *****


***** [ Registrierungsdatenbank ] *****

[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
[-] Schlüssel Gelöscht : HKCU\Software\OCS
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Clara
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\startpoint
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1

***** [ Internetbrowser ] *****

[-] [C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\NsWAs5vb.default\prefs.js] [Preference] Gelöscht : user_pref("browser.search.hiddenOneOffs", "Yahoo,Amazon.de,Bing,DuckDuckGo,eBay,Websuche,Google Images,Search The Web (Start Point)");
[-] [C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\NsWAs5vb.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[-] [C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\NsWAs5vb.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[-] [C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\NsWAs5vb.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.snipit.askTbInstalled", true);
[-] [C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\NsWAs5vb.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.snipit.chromeURL", "hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q={searchTerms}&crm=1");
[-] [C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\NsWAs5vb.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.snipit.searchAssistEnabled", true);
[-] [C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\NsWAs5vb.default\prefs.js] [Preference] Gelöscht : user_pref("icqtoolbar.allowSendURL", false);
[-] [C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\NsWAs5vb.default\prefs.js] [Preference] Gelöscht : user_pref("icqtoolbar.defSearchChange", true);
[-] [C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\NsWAs5vb.default\prefs.js] [Preference] Gelöscht : user_pref("icqtoolbar.engineVerified", false);
[-] [C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\NsWAs5vb.default\prefs.js] [Preference] Gelöscht : user_pref("icqtoolbar.geolastmodified", 1313609005);
[-] [C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\NsWAs5vb.default\prefs.js] [Preference] Gelöscht : user_pref("icqtoolbar.hiddenElements", "itb_options");
[-] [C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\NsWAs5vb.default\prefs.js] [Preference] Gelöscht : user_pref("icqtoolbar.history", "aristocats%20katzen%20brauchen%20larca%20schorndorfdecatlonwanderhose%20damenpflugfelderbenjamin%20waldmann%20naturfotografrewe.derewe%20beinsteineinka[...]
[-] [C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\NsWAs5vb.default\prefs.js] [Preference] Gelöscht : user_pref("icqtoolbar.hpChange", true);
[-] [C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\NsWAs5vb.default\prefs.js] [Preference] Gelöscht : user_pref("icqtoolbar.icqgeo", 49);
[-] [C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\NsWAs5vb.default\prefs.js] [Preference] Gelöscht : user_pref("icqtoolbar.installTime", "1313769870");
[-] [C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\NsWAs5vb.default\prefs.js] [Preference] Gelöscht : user_pref("icqtoolbar.installsource", "1");
[-] [C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\NsWAs5vb.default\prefs.js] [Preference] Gelöscht : user_pref("icqtoolbar.newtab_state", "1");
[-] [C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\NsWAs5vb.default\prefs.js] [Preference] Gelöscht : user_pref("icqtoolbar.numberOfSearches", 0);
[-] [C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\NsWAs5vb.default\prefs.js] [Preference] Gelöscht : user_pref("icqtoolbar.previousFFVersion", "5.0");
[-] [C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\NsWAs5vb.default\prefs.js] [Preference] Gelöscht : user_pref("icqtoolbar.skip_default_search", "no");
[-] [C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\NsWAs5vb.default\prefs.js] [Preference] Gelöscht : user_pref("icqtoolbar.suggestions", false);
[-] [C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\NsWAs5vb.default\prefs.js] [Preference] Gelöscht : user_pref("icqtoolbar.uninstStatSent", true);
[-] [C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\NsWAs5vb.default\prefs.js] [Preference] Gelöscht : user_pref("icqtoolbar.uniqueID", "127868657012786867761278688738907");
[-] [C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\NsWAs5vb.default\prefs.js] [Preference] Gelöscht : user_pref("icqtoolbar.usageStatstTimestamp", 1313730036);
[-] [C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\NsWAs5vb.default\prefs.js] [Preference] Gelöscht : user_pref("icqtoolbar.userEngineApproved", true);
[-] [C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\NsWAs5vb.default\prefs.js] [Preference] Gelöscht : user_pref("icqtoolbar.userHpApproved", true);
[-] [C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\NsWAs5vb.default\prefs.js] [Preference] Gelöscht : user_pref("icqtoolbar.version", "1.3.1");
[-] [C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\NsWAs5vb.default\prefs.js] [Preference] Gelöscht : user_pref("icqtoolbar.voucherHideClicks", 0);
[-] [C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\NsWAs5vb.default\prefs.js] [Preference] Gelöscht : user_pref("icqtoolbar.voucherMoreLinkClicks", 0);
[-] [C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\NsWAs5vb.default\prefs.js] [Preference] Gelöscht : user_pref("icqtoolbar.voucherRedeemClicks", 0);
[-] [C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\NsWAs5vb.default\prefs.js] [Preference] Gelöscht : user_pref("icqtoolbar.voucherWasShown", 2);
[-] [C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\NsWAs5vb.default\prefs.js] [Preference] Gelöscht : user_pref("icqtoolbar.xmlEnableHomePageDsGuard", true);
[-] [C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\NsWAs5vb.default\prefs.js] [Preference] Gelöscht : user_pref("icqtoolbar.xmlEnableSuggestions", false);
[-] [C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\NsWAs5vb.default\prefs.js] [Preference] Gelöscht : user_pref("icqtoolbar.xmlLanguage", "de");
[-] [C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Gelöscht : trovi.search
[-] [C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Gelöscht : webssearches
[-] [C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider] Gelöscht : hxxp://istart.webssearches.com/webfavicon.ico

*************************

:: "Tracing" Schlüssel gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Chrome Richtlinien gelöscht

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [8112 Bytes] ##########
--- --- ---


JRT hat das ausgespuckt:
JRT Logfile:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 10 Home x64
Ran by Kerstin (Administrator) on 01.02.2016 at 17:52:21,04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 47

Successfully deleted: C:\Users\Kerstin\AppData\Local\{04182640-779F-4E83-9BEC-07CE43FD91DA} (Empty Folder)
Successfully deleted: C:\Users\Kerstin\AppData\Local\{1BE1732E-FE5B-4848-B571-748D883146CC} (Empty Folder)
Successfully deleted: C:\Users\Kerstin\AppData\Local\{1C0498B2-1620-46DA-989B-32B45F331C7E} (Empty Folder)
Successfully deleted: C:\Users\Kerstin\AppData\Local\{226BC12D-A67C-4DA8-8B6E-E813D3CAF8C0} (Empty Folder)
Successfully deleted: C:\Users\Kerstin\AppData\Local\{23DB9C54-9D53-44ED-8CA0-F527842AA571} (Empty Folder)
Successfully deleted: C:\Users\Kerstin\AppData\Local\{25CC5244-1593-426C-857C-521A73310F2D} (Empty Folder)
Successfully deleted: C:\Users\Kerstin\AppData\Local\{2981A615-BB41-4C07-8662-5DB2E1860E81} (Empty Folder)
Successfully deleted: C:\Users\Kerstin\AppData\Local\{3549CC0E-659F-4673-A79D-663FB4CC33C3} (Empty Folder)
Successfully deleted: C:\Users\Kerstin\AppData\Local\{3C22809E-0B37-447A-AB4F-E39D323E3376} (Empty Folder)
Successfully deleted: C:\Users\Kerstin\AppData\Local\{3E1AFD33-2105-452F-8F2C-DA1F880B4EE9} (Empty Folder)
Successfully deleted: C:\Users\Kerstin\AppData\Local\{3F02AF43-C197-4042-AEBB-82A4EBDEE4B3} (Empty Folder)
Successfully deleted: C:\Users\Kerstin\AppData\Local\{4158FA12-45A5-4A31-9AC3-D17D210C024F} (Empty Folder)
Successfully deleted: C:\Users\Kerstin\AppData\Local\{4AA3958D-BA1F-4D03-B96B-0360B4846F9D} (Empty Folder)
Successfully deleted: C:\Users\Kerstin\AppData\Local\{4B27266B-5ACE-4AC8-9533-ABDB8527D8FC} (Empty Folder)
Successfully deleted: C:\Users\Kerstin\AppData\Local\{4BD8BEEB-92AB-4F11-ABB5-BD2651407A9B} (Empty Folder)
Successfully deleted: C:\Users\Kerstin\AppData\Local\{523B3807-C8A4-4B91-85CF-3E1B9F50AE7D} (Empty Folder)
Successfully deleted: C:\Users\Kerstin\AppData\Local\{580FAFF9-FDE7-47BC-A8DD-CFD076D1C689} (Empty Folder)
Successfully deleted: C:\Users\Kerstin\AppData\Local\{5A22FE2F-BB5C-4747-AE67-9EA987C41742} (Empty Folder)
Successfully deleted: C:\Users\Kerstin\AppData\Local\{5D17958F-91AA-4430-ACB3-9C1DD2F530F7} (Empty Folder)
Successfully deleted: C:\Users\Kerstin\AppData\Local\{63C54B94-397E-4617-B106-9849CC27D5EF} (Empty Folder)
Successfully deleted: C:\Users\Kerstin\AppData\Local\{7A296392-9CEB-43F9-AC9D-5729994E3FC8} (Empty Folder)
Successfully deleted: C:\Users\Kerstin\AppData\Local\{7E13FE45-797F-4374-9117-5D04E3D7B205} (Empty Folder)
Successfully deleted: C:\Users\Kerstin\AppData\Local\{8504ABD3-A53E-452B-96AB-0FB1D751B463} (Empty Folder)
Successfully deleted: C:\Users\Kerstin\AppData\Local\{8729EEAC-D3BE-438A-B3D3-644D6F2AD7C5} (Empty Folder)
Successfully deleted: C:\Users\Kerstin\AppData\Local\{88ABAC96-E942-4C2C-A823-8D32801C8289} (Empty Folder)
Successfully deleted: C:\Users\Kerstin\AppData\Local\{8C672943-75DF-4813-8254-9141C2FE3210} (Empty Folder)
Successfully deleted: C:\Users\Kerstin\AppData\Local\{8E17753A-FADC-41B6-84AA-9D1A6F2EBCF8} (Empty Folder)
Successfully deleted: C:\Users\Kerstin\AppData\Local\{8FDA0C97-3B30-4BF7-968E-557FE9E4E4D2} (Empty Folder)
Successfully deleted: C:\Users\Kerstin\AppData\Local\{920DD908-96C2-444A-BA34-1DF982401AE0} (Empty Folder)
Successfully deleted: C:\Users\Kerstin\AppData\Local\{974DA709-79B0-4958-A71D-078CC5F4AE72} (Empty Folder)
Successfully deleted: C:\Users\Kerstin\AppData\Local\{9ABCD638-79F1-4921-B571-7B1E1CDA7727} (Empty Folder)
Successfully deleted: C:\Users\Kerstin\AppData\Local\{A047D715-5A72-4D1A-AA91-4EDAB08E5940} (Empty Folder)
Successfully deleted: C:\Users\Kerstin\AppData\Local\{A9142248-2BAC-4D94-ABC1-D41EC2AC44E5} (Empty Folder)
Successfully deleted: C:\Users\Kerstin\AppData\Local\{BD19B1BC-998B-4C87-A620-D5A104170360} (Empty Folder)
Successfully deleted: C:\Users\Kerstin\AppData\Local\{C8031ED0-BB05-4A95-9C5B-60F2995A026B} (Empty Folder)
Successfully deleted: C:\Users\Kerstin\AppData\Local\{CC9A96CF-5283-4DEF-8DC7-E7CDA0E8C332} (Empty Folder)
Successfully deleted: C:\Users\Kerstin\AppData\Local\{CE2A09D0-C10D-49FA-A630-3A3DC4F85E1D} (Empty Folder)
Successfully deleted: C:\Users\Kerstin\AppData\Local\{D15C1BCB-0B4D-43F6-91FD-9A6E4C915DC1} (Empty Folder)
Successfully deleted: C:\Users\Kerstin\AppData\Local\{D9D50A5D-996B-4C5E-B56E-7D85DDE98991} (Empty Folder)
Successfully deleted: C:\Users\Kerstin\AppData\Local\{E1432481-C7E9-48F6-BD3B-6DC38EA7A2D9} (Empty Folder)
Successfully deleted: C:\Users\Kerstin\AppData\Local\{EC0B5D9D-4338-46A8-9528-69FFD44CAA8F} (Empty Folder)
Successfully deleted: C:\Users\Kerstin\AppData\Local\{FC60624C-C03D-46B6-98DC-D84DAEE681F5} (Empty Folder)
Successfully deleted: C:\Users\Kerstin\AppData\Local\{FD054312-05E8-4BA9-94D2-9A9472055BB0} (Empty Folder)
Successfully deleted: C:\WINDOWS\system32\Tasks\Avira System Speedup Tray (Task)
Successfully deleted: C:\WINDOWS\wininit.ini (File)
Successfully deleted: C:\WINDOWS\prefetch\DRIVERSCANNER.EXE-27E91572.pf (File)
Successfully deleted: C:\WINDOWS\prefetch\DRIVERSCANNER.TMP-774B7081.pf (File)

Deleted the following from C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\NsWAs5vb.default\prefs.js
user_pref(browser.search.searchengine.alias, webssearches);
user_pref(browser.search.searchengine.desc, this is my first firefox searchEngine);
user_pref(browser.search.searchengine.iconURL, hxxp://istart.webssearches.com/web/favicon.ico);
user_pref(browser.search.searchengine.name, webssearches);
user_pref(browser.search.searchengine.ptid, cvs);
user_pref(browser.search.searchengine.uid, TOSHIBAXMQ01ABD050_52C7S1KGSXX52C7S1KGS);
user_pref(browser.search.searchengine.url, hxxp://istart.webssearches.com/web/?type=dspp&ts=1421845060&from=cvs&uid=TOSHIBAXMQ01ABD050_52C7S1KGSXX52C7S1KGS&q={searchTerms}
user_pref(browser.search.selectedEngine, webssearches);



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.02.2016 at 17:54:48,56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--- --- ---


und zuletzt die neue FRST:

FRST Logfile:
Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
durchgeführt von Kerstin (Administrator) auf VAIO (01-02-2016 17:56:34)
Gestartet von C:\Users\Kerstin\Desktop\Kram\Chrome Problem
Geladene Profile: Kerstin (Verfügbare Profile: Kerstin & DefaultAppPool)
Platform: Windows 10 Home (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Microsoft Corporation) C:\Windows\System32\wimserv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
() C:\Program Files\Sony\VAIO Care\listener.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2012-03-13] (Realtek Semiconductor)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [177936 2012-02-17] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\athbttray.exe [801920 2012-04-28] (Atheros Commnucations)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954368 2015-10-23] (Synaptics Incorporated)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [60552 2011-09-20] (Sony Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-04-09] (Intel Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => c:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [693608 2012-02-21] (Sony Corporation)
HKLM-x32\...\Run: [ContentTransferWMDetector.exe] => C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe [583016 2009-11-19] (Sony Corporation)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-12-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [803200 2015-12-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [14960 2016-01-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PowerDVD15Agent] => C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD15Agent.exe [950296 2015-03-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24952376 2015-12-22] (Dropbox, Inc.)
HKU\S-1-5-21-1366167738-2161922973-1286636927-1001\...\Run: [Amazon Music] => C:\Users\Kerstin\AppData\Local\Amazon Music\Amazon Music Helper.exe [5890368 2015-12-15] ()
HKU\S-1-5-21-1366167738-2161922973-1286636927-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1366167738-2161922973-1286636927-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Kerstin\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1366167738-2161922973-1286636927-1001\...\RunOnce: [Uninstall C:\Users\Kerstin\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Kerstin\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-1366167738-2161922973-1286636927-1001\...\RunOnce: [Uninstall C:\Users\Kerstin\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Kerstin\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
HKU\S-1-5-21-1366167738-2161922973-1286636927-1001\...\MountPoints2: {b279a196-aace-11e5-8d77-30f9edb3b1dd} - "I:\LaunchU3.exe" -a
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [MOBK649] -> {7d7a9cff-a4c1-f2b8-7421-c722f7eac08a} => C:\Program Files (x86)\McAfee Online Backup\MOBK649shell.dll [2011-04-18] (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK6492] -> {658e5c17-2ba4-ed79-d884-37ebe15e7b9b} => C:\Program Files (x86)\McAfee Online Backup\MOBK649shell.dll [2011-04-18] (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK6493] -> {22f1b264-d4dd-ef46-08eb-3eb0c80441ba} => C:\Program Files (x86)\McAfee Online Backup\MOBK649shell.dll [2011-04-18] (McAfee, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{4028513f-9b13-4011-859e-9228c8393dcc}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{f563fc56-43a8-402e-b162-a5931a41b302}: [DhcpNameServer] 10.156.33.53 141.40.103.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1366167738-2161922973-1286636927-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startseite24.net
HKU\S-1-5-21-1366167738-2161922973-1286636927-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://sony.msn.com
HKU\S-1-5-21-1366167738-2161922973-1286636927-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://sony.msn.com
SearchScopes: HKLM -> DefaultScope {13CA5C5E-58A7-4C37-9638-5CC6844E2199} URL = hxxp://www.startseite24.net/?q={searchTerms}
SearchScopes: HKLM -> {13CA5C5E-58A7-4C37-9638-5CC6844E2199} URL = hxxp://www.startseite24.net/?q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1366167738-2161922973-1286636927-1001 -> DefaultScope {13CA5C5E-58A7-4C37-9638-5CC6844E2199} URL = hxxp://www.startseite24.net/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1366167738-2161922973-1286636927-1001 -> {13CA5C5E-58A7-4C37-9638-5CC6844E2199} URL = hxxp://www.startseite24.net/?q={searchTerms}
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-01-18] (Oracle Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\Sony\MSS\3.8.141\McAfeeMSS_IE.dll [2014-01-16] (McAfee, Inc.)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-04-28] (Atheros Commnucations)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-01-18] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll [2009-09-22] (TerraTec Electronic GmbH)

FireFox:
========
FF ProfilePath: C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\NsWAs5vb.default
FF SearchEngineOrder.1: Ask
FF Homepage: hxxps://www.google.de/?gws_rd=ssl
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-19] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll [2015-01-18] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-19] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-03-13] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-03-13] (Intel Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll [2015-01-18] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\Sony\MSS\3.8.141\npMcAfeeMss.dll [2014-01-16] (McAfee, Inc.)
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll [2011-08-02] (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\NsWAs5vb.default\searchplugins\google-images.xml [2014-11-20]
FF SearchPlugin: C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\NsWAs5vb.default\searchplugins\google-maps.xml [2014-11-20]
FF SearchPlugin: C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\NsWAs5vb.default\searchplugins\websuche.xml [2015-07-08]
FF Extension: Citavi Picker - C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\NsWAs5vb.default\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE} [2016-01-11]
FF Extension: Avira Browser Safety - C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\NsWAs5vb.default\Extensions\abs@avira.com [2016-01-26]
FF Extension: Microsoft Choice Guard - C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\NsWAs5vb.default\Extensions\ChoiceGuard@Microsoft [2015-01-18] [ist nicht signiert]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\NsWAs5vb.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-06-07] [ist nicht signiert]
FF Extension: Adblock Plus - C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\NsWAs5vb.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-19]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2015-11-12]

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com/?trackid=sp-004752
CHR StartupUrls: Default -> "hxxps://www.google.com/?trackid=sp-004752"
CHR DefaultSearchURL: Default -> hxxps://www.google.de/search?q={searchTerms}?trackid=sp-004752
CHR DefaultSuggestURL: Default -> hxxps://www.google.com/complete/search?client=chrome&q={searchTerms}
CHR Profile: C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-12]
CHR Extension: (Google Docs) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-12]
CHR Extension: (Google Drive) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-12]
CHR Extension: (YouTube) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-12]
CHR Extension: (Adblock Plus) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-01-17]
CHR Extension: (Google-Suche) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-12]
CHR Extension: (Google Tabellen) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-12]
CHR Extension: (Avira Browserschutz) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-01-29]
CHR Extension: (Google Docs Offline) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-12]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-12]
CHR Extension: (Citavi Picker) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgndokldibnndfnjnagojmheejlengn [2016-01-12]
CHR Extension: (Google Mail) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-12]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <nicht gefunden>
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [948392 2015-12-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [466408 2015-12-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [466408 2015-12-03] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1418560 2015-12-03] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [251160 2015-12-08] (Avira Operations GmbH & Co. KG)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-29] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-29] (Dropbox, Inc.)
S3 DCDhcpService; C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [112256 2012-03-21] (Atheros Communication Inc.) [Datei ist nicht signiert]
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2015-02-04] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-13] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-03-13] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 McComponentHostServiceSony; C:\Program Files\Sony\MSS\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
R2 PMBDeviceInfoProvider; c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [473960 2012-02-21] (Sony Corporation)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2015-02-04] (Intel Corporation)
R2 SpeedupService; C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe [24224 2016-01-04] (Avira Operations GmbH & Co. KG)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Datei ist nicht signiert]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255168 2015-10-23] (Synaptics Incorporated)
S2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2015-02-04] (Intel Corporation)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [960160 2011-12-29] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1653272 2015-07-31] (Sony Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [163456 2012-04-28] (Atheros) [Datei ist nicht signiert]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 AF9035BDA; C:\Windows\system32\DRIVERS\AF15BDA.sys [514144 2009-10-02] (ITETech                  )
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [135880 2015-12-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [146696 2015-12-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2015-12-03] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [73032 2015-12-03] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2015-01-21] (Disc Soft Ltd)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-06-18] (Realtek                                            )
R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2015-08-05] ()
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [51392 2015-10-23] (Synaptics Incorporated)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-11-19] (Cisco Systems, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
R2 {687703DE-DC6D-4649-892B-B8497854A6AB}; C:\Program Files (x86)\CyberLink\PowerDVD15\Common\NavFilter\000.fcl [29896 2015-03-19] (CyberLink Corp.)
U3 idsvc; kein ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-02-01 17:54 - 2016-02-01 17:54 - 00006276 _____ C:\Users\Kerstin\Desktop\JRT.txt
2016-02-01 17:27 - 2016-02-01 17:27 - 00016148 _____ C:\WINDOWS\system32\VAIO_Kerstin_HistoryPrediction.bin
2016-02-01 09:41 - 2016-02-01 09:41 - 00001197 _____ C:\bericht.txt
2016-01-30 14:10 - 2016-01-30 14:13 - 00000000 ____D C:\FRST
2016-01-29 17:40 - 2016-01-29 17:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-01-29 17:38 - 2016-02-01 17:43 - 00001226 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-01-29 17:38 - 2016-02-01 17:43 - 00001222 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-01-29 17:38 - 2016-01-29 17:40 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-01-29 17:38 - 2016-01-29 17:38 - 00004286 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2016-01-29 17:38 - 2016-01-29 17:38 - 00004054 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2016-01-25 14:30 - 2016-01-25 14:30 - 00002501 _____ C:\Users\Public\Desktop\PRIMER 7.lnk
2016-01-25 14:30 - 2016-01-25 14:30 - 00000000 ____D C:\ProgramData\PRIMER-E
2016-01-25 14:30 - 2016-01-25 14:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PRIMER 7
2016-01-25 14:30 - 2016-01-25 14:30 - 00000000 ____D C:\Program Files (x86)\PRIMER-E
2016-01-22 21:45 - 2016-01-22 21:46 - 00000000 ____D C:\Users\Public\Documents\CyberLink
2016-01-22 21:44 - 2016-01-22 21:44 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 15
2016-01-22 21:44 - 2016-01-22 21:44 - 00000000 ____D C:\ProgramData\PDVD
2016-01-22 21:44 - 2016-01-22 21:44 - 00000000 ____D C:\Program Files (x86)\NSIS Uninstall Information
2016-01-22 21:41 - 2016-01-22 21:41 - 00000000 ____D C:\ProgramData\SUPPORTDIR
2016-01-22 21:41 - 2016-01-22 21:41 - 00000000 ____D C:\ProgramData\install_clap
2016-01-22 21:38 - 2016-01-22 21:41 - 164277560 _____ C:\Users\Kerstin\Downloads\PowerDVD_15.0.1510.58_DVD150306-02.exe
2016-01-22 21:35 - 2016-01-22 21:37 - 00000000 ____D C:\Users\Kerstin\AppData\Roaming\vlc
2016-01-22 21:35 - 2016-01-22 21:35 - 00000000 ____D C:\Users\Kerstin\AppData\Roaming\dvdcss
2016-01-22 21:35 - 2016-01-22 21:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-01-22 21:34 - 2016-01-22 21:34 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2016-01-19 20:55 - 2016-01-19 20:55 - 822679159 _____ C:\WINDOWS\MEMORY.DMP
2016-01-19 20:55 - 2016-01-19 20:55 - 00275192 _____ C:\WINDOWS\Minidump\011916-45859-01.dmp
2016-01-17 14:07 - 2016-01-05 04:07 - 02463704 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-01-17 14:07 - 2016-01-05 04:07 - 00377592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP4SDECD.DLL
2016-01-17 14:07 - 2016-01-05 04:06 - 08022368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-01-17 14:07 - 2016-01-05 04:06 - 01991120 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVENCOD.DLL
2016-01-17 14:07 - 2016-01-05 04:06 - 01270104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-01-17 14:07 - 2016-01-05 04:06 - 01063504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2016-01-17 14:07 - 2016-01-05 04:06 - 00119800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-01-17 14:07 - 2016-01-05 04:04 - 02824248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2016-01-17 14:07 - 2016-01-05 04:04 - 02641928 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2016-01-17 14:07 - 2016-01-05 04:04 - 01591848 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-17 14:07 - 2016-01-05 04:04 - 01150816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-17 14:07 - 2016-01-05 04:04 - 00862056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-01-17 14:07 - 2016-01-05 04:04 - 00787720 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-01-17 14:07 - 2016-01-05 04:04 - 00784136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-17 14:07 - 2016-01-05 04:04 - 00779928 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-17 14:07 - 2016-01-05 04:04 - 00772448 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-17 14:07 - 2016-01-05 04:04 - 00751992 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOE.DLL
2016-01-17 14:07 - 2016-01-05 04:04 - 00667856 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-17 14:07 - 2016-01-05 04:04 - 00250520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPG4DECD.DLL
2016-01-17 14:07 - 2016-01-05 04:04 - 00249464 _____ (Microsoft Corporation) C:\WINDOWS\system32\RESAMPLEDMO.DLL
2016-01-17 14:07 - 2016-01-05 04:04 - 00243248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-01-17 14:07 - 2016-01-05 04:04 - 00233992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2016-01-17 14:07 - 2016-01-05 04:04 - 00115704 _____ (Microsoft Corporation) C:\WINDOWS\system32\VIDRESZR.DLL
2016-01-17 14:07 - 2016-01-05 04:04 - 00090912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devenum.dll
2016-01-17 14:07 - 2016-01-05 04:04 - 00083704 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfvdsp.dll
2016-01-17 14:07 - 2016-01-05 03:59 - 00781976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-01-17 14:07 - 2016-01-05 03:52 - 00441696 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-17 14:07 - 2016-01-05 03:50 - 01817064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-01-17 14:07 - 2016-01-05 03:50 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-01-17 14:07 - 2016-01-05 03:50 - 00723648 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-01-17 14:07 - 2016-01-05 03:50 - 00345080 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSDECD.DLL
2016-01-17 14:07 - 2016-01-05 03:50 - 00251544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP43DECD.DLL
2016-01-17 14:07 - 2016-01-05 03:50 - 00205072 _____ (Microsoft Corporation) C:\WINDOWS\system32\COLORCNV.DLL
2016-01-17 14:07 - 2016-01-05 03:31 - 01365576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-17 14:07 - 2016-01-05 03:30 - 02459096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2016-01-17 14:07 - 2016-01-05 03:30 - 02162064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVENCOD.DLL
2016-01-17 14:07 - 2016-01-05 03:30 - 02152744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-17 14:07 - 2016-01-05 03:30 - 01106872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-17 14:07 - 2016-01-05 03:30 - 00882208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2016-01-17 14:07 - 2016-01-05 03:30 - 00368776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP4SDECD.DLL
2016-01-17 14:07 - 2016-01-05 03:30 - 00232896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL
2016-01-17 14:07 - 2016-01-05 03:30 - 00100712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-17 14:07 - 2016-01-05 03:29 - 00208688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2016-01-17 14:07 - 2016-01-05 03:28 - 02445128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2016-01-17 14:07 - 2016-01-05 03:28 - 00714808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-17 14:07 - 2016-01-05 03:28 - 00696192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOE.DLL
2016-01-17 14:07 - 2016-01-05 03:28 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-17 14:07 - 2016-01-05 03:28 - 00645144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-17 14:07 - 2016-01-05 03:28 - 00635312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-17 14:07 - 2016-01-05 03:28 - 00497896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-17 14:07 - 2016-01-05 03:28 - 00277400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MPG4DECD.DLL
2016-01-17 14:07 - 2016-01-05 03:28 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-01-17 14:07 - 2016-01-05 03:28 - 00107952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VIDRESZR.DLL
2016-01-17 14:07 - 2016-01-05 03:28 - 00082096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devenum.dll
2016-01-17 14:07 - 2016-01-05 03:28 - 00072808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfvdsp.dll
2016-01-17 14:07 - 2016-01-05 03:21 - 00658528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-01-17 14:07 - 2016-01-05 03:18 - 21873152 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-01-17 14:07 - 2016-01-05 03:15 - 24592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-01-17 14:07 - 2016-01-05 03:15 - 00931328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2016-01-17 14:07 - 2016-01-05 03:15 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-01-17 14:07 - 2016-01-05 03:15 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
2016-01-17 14:07 - 2016-01-05 03:10 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfh264enc.dll
2016-01-17 14:07 - 2016-01-05 03:10 - 00305776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSDECD.DLL
2016-01-17 14:07 - 2016-01-05 03:10 - 00278424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP43DECD.DLL
2016-01-17 14:07 - 2016-01-05 03:10 - 00188032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\COLORCNV.DLL
2016-01-17 14:07 - 2016-01-05 03:09 - 01234944 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-01-17 14:07 - 2016-01-05 03:09 - 00205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-01-17 14:07 - 2016-01-05 03:02 - 01672192 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-17 14:07 - 2016-01-05 03:02 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-01-17 14:07 - 2016-01-05 03:02 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-01-17 14:07 - 2016-01-05 03:01 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-01-17 14:07 - 2016-01-05 03:00 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-01-17 14:07 - 2016-01-05 03:00 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-01-17 14:07 - 2016-01-05 02:59 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-01-17 14:07 - 2016-01-05 02:57 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-01-17 14:07 - 2016-01-05 02:57 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-01-17 14:07 - 2016-01-05 02:57 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-01-17 14:07 - 2016-01-05 02:56 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-01-17 14:07 - 2016-01-05 02:51 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-01-17 14:07 - 2016-01-05 02:51 - 01009664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-01-17 14:07 - 2016-01-05 02:51 - 00634368 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVXENCD.DLL
2016-01-17 14:07 - 2016-01-05 02:51 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFWMAAEC.DLL
2016-01-17 14:07 - 2016-01-05 02:51 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSENCD.DLL
2016-01-17 14:07 - 2016-01-05 02:44 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-01-17 14:07 - 2016-01-05 02:44 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll
2016-01-17 14:07 - 2016-01-05 02:43 - 19324928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-01-17 14:07 - 2016-01-05 02:42 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2016-01-17 14:07 - 2016-01-05 02:38 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfh264enc.dll
2016-01-17 14:07 - 2016-01-05 02:32 - 01541632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-17 14:07 - 2016-01-05 02:32 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-01-17 14:07 - 2016-01-05 02:31 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-17 14:07 - 2016-01-05 02:31 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-17 14:07 - 2016-01-05 02:30 - 18802176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-01-17 14:07 - 2016-01-05 02:29 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-01-17 14:07 - 2016-01-05 02:29 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-01-17 14:07 - 2016-01-05 02:26 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-17 14:07 - 2016-01-05 02:24 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-01-17 14:07 - 2016-01-05 02:20 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-17 14:07 - 2016-01-05 02:19 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-17 14:07 - 2016-01-05 02:19 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVXENCD.DLL
2016-01-17 14:07 - 2016-01-05 02:19 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSENCD.DLL
2016-01-17 14:07 - 2016-01-05 02:19 - 00404992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFWMAAEC.DLL
2016-01-17 13:19 - 2016-02-01 17:46 - 00000000 ____D C:\AdwCleaner
2016-01-17 12:56 - 2016-02-01 09:37 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-01-17 12:56 - 2016-01-17 12:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-17 12:56 - 2016-01-17 12:56 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-17 12:56 - 2016-01-17 12:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-17 12:56 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-01-17 12:56 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-01-17 12:56 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-01-17 11:39 - 2016-01-17 11:39 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2016-01-17 11:39 - 2016-01-17 11:39 - 00000000 _SHDL C:\Users\DefaultAppPool\Vorlagen
2016-01-17 11:39 - 2016-01-17 11:39 - 00000000 _SHDL C:\Users\DefaultAppPool\Startmenü
2016-01-17 11:39 - 2016-01-17 11:39 - 00000000 _SHDL C:\Users\DefaultAppPool\Netzwerkumgebung
2016-01-17 11:39 - 2016-01-17 11:39 - 00000000 _SHDL C:\Users\DefaultAppPool\Lokale Einstellungen
2016-01-17 11:39 - 2016-01-17 11:39 - 00000000 _SHDL C:\Users\DefaultAppPool\Eigene Dateien
2016-01-17 11:39 - 2016-01-17 11:39 - 00000000 _SHDL C:\Users\DefaultAppPool\Druckumgebung
2016-01-17 11:39 - 2016-01-17 11:39 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\Eigene Videos
2016-01-17 11:39 - 2016-01-17 11:39 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\Eigene Musik
2016-01-17 11:39 - 2016-01-17 11:39 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\Eigene Bilder
2016-01-17 11:39 - 2016-01-17 11:39 - 00000000 _SHDL C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2016-01-17 11:39 - 2016-01-17 11:39 - 00000000 _SHDL C:\Users\DefaultAppPool\AppData\Local\Verlauf
2016-01-17 11:39 - 2016-01-17 11:39 - 00000000 _SHDL C:\Users\DefaultAppPool\AppData\Local\Anwendungsdaten
2016-01-17 11:39 - 2016-01-17 11:39 - 00000000 _SHDL C:\Users\DefaultAppPool\Anwendungsdaten
2016-01-17 11:39 - 2016-01-17 11:39 - 00000000 ____D C:\Users\DefaultAppPool
2016-01-17 11:39 - 2015-12-18 21:42 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\ATI
2016-01-17 11:39 - 2015-12-18 21:42 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Local\ATI
2016-01-17 11:39 - 2015-10-23 17:19 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Media Center Programs
2016-01-17 11:39 - 2015-10-23 17:19 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Local\Microsoft Help
2016-01-15 14:29 - 2016-01-15 14:29 - 00001000 _____ C:\Users\Kerstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Masterarbeit.lnk
2016-01-15 09:46 - 2016-01-15 14:29 - 00000886 _____ C:\Users\Kerstin\Desktop\Masterarbeit.lnk
2016-01-14 20:05 - 2016-01-14 20:05 - 00000000 ____D C:\Users\Kerstin\AppData\Local\Avira
2016-01-14 19:40 - 2016-01-14 19:40 - 00000000 ____D C:\Users\Kerstin\AppData\Local\AviraSpeedup
2016-01-14 17:34 - 2016-01-27 08:03 - 00000000 ____D C:\Users\Public\Speedup Sessions
2016-01-14 17:34 - 2016-01-14 17:34 - 00000000 ____D C:\Users\Kerstin\AppData\Roaming\Avira
2016-01-14 17:30 - 2015-12-03 15:24 - 00146696 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2016-01-14 17:30 - 2015-12-03 15:24 - 00135880 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2016-01-14 17:30 - 2015-12-03 15:24 - 00073032 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2016-01-14 17:30 - 2015-12-03 15:24 - 00035488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2016-01-14 17:23 - 2016-01-14 17:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-01-12 17:07 - 2016-01-14 20:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-01-10 22:29 - 2016-01-19 20:55 - 00000000 ____D C:\WINDOWS\Minidump

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-02-01 17:27 - 2015-01-18 19:55 - 00001124 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-01 09:15 - 2015-01-18 15:17 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-31 13:56 - 2015-11-12 21:22 - 00000000 ____D C:\Users\Kerstin\Documents\Citavi 5
2016-01-31 10:29 - 2015-10-23 17:59 - 00000000 ___DC C:\WINDOWS\Panther
2016-01-31 10:26 - 2015-10-30 20:27 - 00000000 ___HD C:\$WINDOWS.~BT
2016-01-31 10:08 - 2015-12-17 09:21 - 00000000 ____D C:\Users\Kerstin\Desktop\Kram
2016-01-31 09:55 - 2015-01-18 14:59 - 00000000 ____D C:\Program Files (x86)\Sony
2016-01-31 09:55 - 2015-01-18 14:38 - 00000000 ____D C:\Program Files\Sony
2016-01-31 09:54 - 2015-04-21 18:55 - 00000000 ____D C:\ProgramData\Sony
2016-01-30 19:38 - 2015-07-30 23:42 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-30 18:10 - 2015-11-02 19:06 - 00002618 _____ C:\WINDOWS\System32\Tasks\avastBCLS-1-5-21-1366167738-2161922973-1286636927-1001
2016-01-30 16:58 - 2015-01-21 12:01 - 00000000 ____D C:\Users\Kerstin\AppData\Roaming\Skype
2016-01-29 21:45 - 2015-01-21 11:06 - 00000000 ____D C:\Users\Kerstin\AppData\Roaming\Dropbox
2016-01-29 18:35 - 2015-09-21 21:44 - 00000000 ____D C:\Users\Kerstin\AppData\Local\Dropbox
2016-01-29 17:55 - 2015-07-30 23:42 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-29 17:48 - 2015-07-30 22:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-29 17:48 - 2015-07-10 10:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-01-29 12:38 - 2015-10-23 17:07 - 02077126 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-29 12:38 - 2015-09-10 06:10 - 00884826 _____ C:\WINDOWS\system32\perfh007.dat
2016-01-29 12:38 - 2015-09-10 06:10 - 00195924 _____ C:\WINDOWS\system32\perfc007.dat
2016-01-29 12:38 - 2015-07-30 23:40 - 00000000 ____D C:\WINDOWS\INF
2016-01-29 08:32 - 2015-01-18 19:56 - 00002264 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-01-27 20:33 - 2015-04-21 14:52 - 00000000 ____D C:\Users\Kerstin\AppData\Local\RStudio-Desktop
2016-01-27 10:10 - 2015-10-23 17:08 - 00000000 ____D C:\Users\Kerstin
2016-01-26 21:42 - 2015-07-30 23:42 - 00000000 ____D C:\WINDOWS\rescache
2016-01-25 14:30 - 2015-10-23 17:04 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-22 21:55 - 2015-03-07 13:20 - 00000000 ____D C:\Users\Kerstin\AppData\Roaming\CyberLink
2016-01-22 21:55 - 2015-01-18 15:22 - 00000000 ____D C:\ProgramData\CyberLink
2016-01-22 21:45 - 2015-03-07 13:20 - 00000000 ____D C:\Users\Kerstin\Documents\CyberLink
2016-01-22 21:44 - 2015-03-07 13:20 - 00000000 ____D C:\Users\Kerstin\AppData\Local\Cyberlink
2016-01-22 21:44 - 2015-01-18 14:52 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-01-22 21:42 - 2015-01-18 15:21 - 00000000 ____D C:\Program Files (x86)\CyberLink
2016-01-22 20:28 - 2015-01-18 15:21 - 00000000 ____D C:\ProgramData\Temp
2016-01-21 09:06 - 2015-10-23 17:41 - 00000000 ____D C:\Users\Kerstin\AppData\Local\Packages
2016-01-19 20:55 - 2015-10-23 17:27 - 00153072 ____N (CyberLink Corp.) C:\WINDOWS\system32\Drivers\rikvm_9EC60124.sys
2016-01-18 08:14 - 2015-07-30 23:25 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-17 11:48 - 2015-07-30 22:49 - 04936160 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-01-14 21:52 - 2015-01-18 16:03 - 00112272 _____ C:\Users\Kerstin\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-14 20:59 - 2015-10-23 13:33 - 00000000 ____D C:\Program Files (x86)\MozBackup
2016-01-14 20:59 - 2015-06-02 18:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-14 20:59 - 2015-01-20 17:23 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-01-14 20:59 - 2015-01-18 21:15 - 00000000 ____D C:\Users\Kerstin\AppData\Local\CrashDumps
2016-01-14 20:58 - 2015-07-30 23:42 - 00000000 ____D C:\WINDOWS\system32\MsDtc
2016-01-14 17:34 - 2015-01-18 20:09 - 00000000 ____D C:\ProgramData\Avira
2016-01-14 17:34 - 2015-01-18 20:09 - 00000000 ____D C:\Program Files (x86)\Avira
2016-01-14 17:18 - 2015-01-18 21:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-14 14:00 - 2015-01-21 11:17 - 00000000 ____D C:\Users\Kerstin\AppData\Local\Amazon Music
2016-01-11 22:45 - 2015-11-12 21:22 - 00000000 ____D C:\Users\Kerstin\AppData\Roaming\Swiss Academic Software
2016-01-05 09:51 - 2015-01-23 08:59 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP
2016-01-03 02:40 - 2015-07-30 23:43 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-01-03 02:40 - 2015-07-30 23:43 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-02-13 12:34 - 2015-08-31 12:11 - 0000132 _____ () C:\Users\Kerstin\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-01-20 14:59 - 2015-01-20 14:59 - 0002880 _____ () C:\Users\Kerstin\AppData\Local\WiDiSetupLog.20150120.145917.txt

Einige Dateien in TEMP:
====================
C:\Users\Kerstin\AppData\Local\Temp\avgnt.exe
C:\Users\Kerstin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppmqosv.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-01-29 09:15

==================== Ende von FRST.txt ============================
--- --- ---

cosinus 02.02.2016 00:08
die tools bitte immer neu runterladen! adwcleaner war veraltet, bitte nochmal den 1. Schritt wiederholen

_kerstin_ 02.02.2016 08:00
AdwCleaner hat nichts gefunden:
AdwCleaner Logfile:
Code:
# AdwCleaner v5.032 - Bericht erstellt am 02/02/2016 um 07:52:36
# Aktualisiert am 31/01/2016 von Xplode
# Datenbank : 2016-01-31.1 [Server]
# Betriebssystem : Windows 10 Home  (x64)
# Benutzername : Kerstin - VAIO
# Gestartet von : D:\Downloads\AdwCleaner_5.032(1).exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum

***** [ Dienste ] *****


***** [ Ordner ] *****


***** [ Dateien ] *****


***** [ DLLs ] *****


***** [ Verknüpfungen ] *****


***** [ Aufgabenplanung ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****


*************************

:: "Tracing" Schlüssel gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Chrome Richtlinien gelöscht

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [789 Bytes] ##########
--- --- ---

cosinus 02.02.2016 09:57
ok :)

Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Untersuchen klicken.

http://www.trojaner-board.de/picture...&pictureid=611

_kerstin_ 02.02.2016 10:07
Ok, hier noch die Addition:
Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:27-01-2016
durchgeführt von Kerstin (2016-02-02 10:04:30)
Gestartet von C:\Users\Kerstin\Desktop\Kram\Chrome Problem
Windows 10 Home (X64) (2015-10-23 16:40:50)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-1366167738-2161922973-1286636927-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1366167738-2161922973-1286636927-503 - Limited - Disabled)
Gast (S-1-5-21-1366167738-2161922973-1286636927-501 - Limited - Disabled)
Kerstin (S-1-5-21-1366167738-2161922973-1286636927-1001 - Administrator - Enabled) => C:\Users\Kerstin

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}) (Version: 9.0.0 - Adobe Systems)
Adobe Acrobat 9 Pro Extended 64-bit Add-On (HKLM\...\{AC76BA86-1033-0000-0064-0003D0000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Creative Suite 5 Master Collection (HKLM-x32\...\{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-1366167738-2161922973-1286636927-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Amazon Music (HKU\S-1-5-21-1366167738-2161922973-1286636927-1001\...\Amazon Amazon Music) (Version: 4.0.0.1205 - Amazon Services LLC)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{EBF1529E-D2D5-47CF-97EC-7D90CEF0FE04}) (Version: 3.0.859.0 - Advanced Micro Devices, Inc.)
ArcGIS 10.3.1 for Desktop (HKLM-x32\...\ArcGIS 10.3.1 for Desktop) (Version: 10.3.4959 - Environmental Systems Research Institute, Inc.)
ArcGIS 10.3.1 for Desktop (x32 Version: 10.3.4959 - Environmental Systems Research Institute, Inc.) Hidden
ArcGIS Editor for OpenStreetMap (HKLM-x32\...\{3B46855B-DCBA-44A1-ADB3-CC7C5D43F42D}) (Version: 10.3.0.13 - ESRI)
ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{61438020-DDD4-42FA-99A2-50225441980A}) (Version: 2.0.1.161 - ArcSoft)
ArcSoft WebCam Companion 4 (HKLM-x32\...\{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}) (Version: 4.0.21.457 - ArcSoft)
ASTERICS 4.0.4 (HKLM-x32\...\{F66B9ED8-DB45-4A0C-BE7B-513BE9E28226}) (Version: 4.0.4 - University Duisburg-Essen, Germany)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.135 - Atheros)
Avast Browser Cleanup (HKU\S-1-5-21-1366167738-2161922973-1286636927-1001\...\Avast Browser Cleanup) (Version: 10.3.2223.101 - AVAST Software)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.15.129 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{eac7da46-2097-4dd4-80a6-8b67cbb2b23f}) (Version: 1.1.53.13962 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.53.13962 - Avira Operations GmbH & Co. KG) Hidden
Cinergy T Stick MKII V9.06.3.01 (HKLM-x32\...\Cinergy T Stick MKII) (Version: 9.06.3.01 - )
Citavi 5 (HKLM-x32\...\{7EB278FB-0C3C-445E-8665-4A6CDD9B794E}) (Version: 5.2.0.8 - Swiss Academic Software)
Content Transfer (HKLM-x32\...\{CFADE4AF-C0CF-4A04-A776-741318F1658F}) (Version: 1.3.0.23190 - Sony Corporation)
CyberLink PowerDVD 15 (HKLM-x32\...\{DE85B8F3-D088-4D6E-A970-EE0BC7883A66}) (Version: 15.0.1510.58 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.12.6 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.77 - Dropbox, Inc.) Hidden
Duden-Rechtschreibprüfung (HKLM-x32\...\{2085B2F0-3806-4E3C-933B-45212C1EAC80}) (Version: 9.0.0 - Bibliographisches Institut GmbH)
Echo of Soul (HKLM-x32\...\Echo of Soul) (Version:  - )
FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.97 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{520C4DD4-2BC7-409B-BA48-E1A4F832662D}) (Version: 2.1.0.0140 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
Intel® PROSet/Wireless WiFi-Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0642 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Java(TM) 7 Update 1 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417001FF}) (Version: 7.0.10 - Oracle)
Java(TM) 7 Update 1 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217001FF}) (Version: 7.0.10 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
KUx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Media Gallery (HKLM\...\{0EB7792D-EFA2-42AB-9A22-F33D9458E974}) (Version: 2.1.0.13300 - Sony Corporation)
Media Go (HKLM-x32\...\{167A1F6A-9BF2-4B24-83DB-C6D659F680EA}) (Version: 2.0.317 - Sony)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
Mozilla Thunderbird 38.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 38.5.0 (x86 de)) (Version: 38.5.0 - Mozilla)
Mozilla Thunderbird 38.5.1 (x86 de) (HKU\S-1-5-21-1366167738-2161922973-1286636927-1001\...\Mozilla Thunderbird 38.5.1 (x86 de)) (Version: 38.5.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PlayMemories Home (HKLM-x32\...\{E03CD71A-F595-49DF-9ADC-0CFC93B1B211}) (Version: 6.1.01.14210 - Sony Corporation)
PlayMemories Home/PMB VAIO Edition Plug-in 3D Theme Data (x32 Version: 1.0.00.16130 - Sony Corporation) Hidden
PlayMemories Home/PMB VAIO Edition Plug-in Ver.2.2 Upgrade Program (x32 Version: 2.2.00.18250 - Sony Corporation) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PRIMER 7 (HKLM-x32\...\{392f5a02-0dd2-4ff7-a561-1b487ad88f02}) (Version: 7.0.10.0 - PRIMER-E)
PRIMER 7 (x32 Version: 7.0.10.0 - PRIMER-E) Hidden
PYV_x86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Qualcomm Atheros Direct Connect (x32 Version: 3.1 - Qualcomm Atheros) Hidden
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{E727B31A-8B24-4C1C-934A-69634E0D2C0B}) (Version: 3.0 - Qualcomm Atheros)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6564 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.91 - Realtek Semiconductor Corp.)
Remote Keyboard (x32 Version: 1.2.0.09270 - Sony Corporation) Hidden
RStudio (HKLM-x32\...\RStudio) (Version: 0.98.1103 - RStudio)
Skype™ 7.14 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.14.106 - Skype Technologies S.A.)
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.15.2 - Synaptics Incorporated)
TerraTec Home Cinema (HKLM-x32\...\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}) (Version: 6.11.5 - )
TrackID(TM) with BRAVIA (x32 Version: 1.2.0.09270 - Sony Corportaion) Hidden
TriDef 3D (Sony) 2.0.5 (HKLM-x32\...\experience-sony-bundle) (Version: 2.0.5 - Dynamic Digital Depth Australia Pty Ltd)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
V3DPx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VAIO - Media Gallery - VAIO Personalization Manager Update (HKLM\...\{50A7190B-5DA6-4A51-B275-3D413E617BA6}) (Version: 4.2.5.07160 - Sony Corporation)
VAIO - Microsoft Visual C++ 2010 SP1 Runtime 10.0.40219.325 (HKLM\...\{34EB42BE-F4D3-44C1-B28E-9740115DB72C}) (Version: 1.0.00.01300 - Sony Corporation)
VAIO - PlayMemories Home Plug-in (HKLM\...\{886C0C18-F905-49B2-90BA-EFC0FEDF27C6}) (Version: 2.0.00.14200 - Sony Corporation)
VAIO - PlayMemories Home Plug-in (HKLM-x32\...\InstallShield_{F9395F3D-4198-476C-8C41-63D0B5B51E35}) (Version: 2.2.00.18250 - Sony Corporation)
VAIO - Remote-Tastatur (HKLM-x32\...\{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}) (Version: 1.2.0.09270 - Sony Corporation)
VAIO - TrackID™ mit BRAVIA (HKLM-x32\...\{2F41EF61-A066-4EBF-84F8-21C1B317A780}) (Version: 1.2.0.09270 - Sony Corporation)
VAIO 3D Portal (HKLM-x32\...\{C14EAE86-C526-4E00-B245-CFF86233C3D2}) (Version: 1.2.0.10131 - Sony Corporation)
VAIO Care (HKLM\...\{934ACD4F-3E96-4B2A-96A8-158A5E057288}) (Version: 8.4.3.07161 - Sony Corporation)
VAIO Care Recovery (HKLM\...\{6ED1750E-F44F-4635-8F0D-B76B9262B7FB}) (Version: 1.1.1.13230 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 5.2.1.15070 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.9.0.13190 - Sony Corporation)
VAIO Data Restore Tool (x32 Version: 1.9.0.13190 - Sony Corporation) Hidden
VAIO Easy Connect (HKLM-x32\...\InstallShield_{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}) (Version: 1.1.2.01120 - Sony Corporation)
VAIO Easy Connect (x32 Version: 1.1.2.01120 - Sony Corporation) Hidden
VAIO Gate (HKLM-x32\...\{A7C30414-2382-4086-B0D6-01A88ABA21C3}) (Version: 2.4.1.09230 - Sony Corporation)
VAIO Gate (x32 Version: 2.4.1.09230 - Sony Corporation) Hidden
VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 2.5.2.02090 - Sony Corporation)
VAIO Gesture Control (HKLM-x32\...\{692955F2-DE9F-4078-8FAA-858D6F3A1776}) (Version: 1.0.0.12300 - Sony Corporation)
VAIO Gesture Control (x32 Version: 1.0.0.12300 - Sony Corporation) Hidden
VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 1.3.0.12280 - Sony Corporation)
VAIO Improvement Validation (HKLM\...\{75C95C84-264F-4CC7-8A7E-346444E6C7C1}) (Version: 1.0.4.01190 - Sony Corporation)
VAIO Sample Contents (HKLM-x32\...\{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}) (Version: 1.4.2.09010 - Sony Corporation)
VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.14.1.07010 - Sony Corporation)
VAIO Transfer Support (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.7.1.06040 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.1.0.08060 - Sony Corporation)
VAIO*CPU-Lüfterdiagnose (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.1.0.09200 - Sony Corporation)
VAIO-Handbuch (HKLM-x32\...\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}) (Version: 2.3.0.12300 - Sony Corporation)
VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VHD (x32 Version: 1.0.0 - Microsoft) Hidden
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VMLx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSNx64 (Version: 1.0.0 - Sony Corporation) Hidden
VSNx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VSSTx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Websuche (HKLM-x32\...\Websuche) (Version:  - Websuche)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (HKLM-x32\...\{09B7C7EB-3140-4B5E-842F-9C79A7137139}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основи Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотоколекція Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-1366167738-2161922973-1286636927-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Kerstin\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {015FEF40-8573-45D7-B34D-AFDBE725A5DE} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {063C06A6-0715-4ACD-87F9-5018279F6146} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {08057D43-183B-4199-905B-45C18EFCE7C3} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {09C2A532-A01C-4905-A148-534842351396} - System32\Tasks\Sony Corporation\VAIO Update\Launch Application => C:\Program Files\SONY\VAIO Update\ShellExeProxy.exe [2015-07-31] (Sony Corporation)
Task: {0A2E6FF8-C85C-42FE-86CA-3C18C4DA050A} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {1252FBA6-8DAB-4210-993A-4B915363E354} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {1442756A-90E3-46D7-818D-010D67149C52} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {14E98FB6-2CE9-4E8B-9FB3-A044080E2CE7} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {150DB219-03FF-4132-8A79-1D767322BBC7} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {15AB8188-B001-44C9-9BEE-1E14030F34C8} - System32\Tasks\Amazon Music Helper => C:\Users\Kerstin\AppData\Local\Amazon Music\Amazon Music Helper.exe [2015-12-15] ()
Task: {1A39910F-AF9F-4B94-B333-126E5B0EA980} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-01-29] (Dropbox, Inc.)
Task: {1A3BFEE7-CE2C-48EA-B1D5-5139A595EAE2} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {1FA2D1E2-4127-4606-B356-3EDCAFD3D239} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {2197BA6D-2ABF-49D8-BBE5-53D74C42A344} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {21A65CE5-AD66-4C1D-A994-3A734B60B82C} - System32\Tasks\{1D3DE915-F334-4D30-AA85-F81DCD21BB2B} => pcalua.exe -a F:\Software\Eduroam.exe -d F:\Software
Task: {303C566D-CB45-4B2B-AD63-76781350CDE4} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {32D63F3A-23D2-46D8-92D8-4CBFB9A4545A} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {337ECA33-FE29-413C-ADAE-FDE94E0FE1EC} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {39194CC1-9904-4902-931F-9C5C2E89E17C} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2015-02-04] (Sony Corporation)
Task: {3E85CE2A-43E7-4787-BB1A-5AC85EC21ED1} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {43ED7F43-B1CE-472A-8DC0-2E536215B8CB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {460F51E9-AE60-43BB-9D94-9CA34278D33A} - \StartPoint Updater -> Keine Datei <==== ACHTUNG
Task: {47BD7B19-03B0-40A5-B9A8-B5521B958B27} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {4CD9E8E3-C9F9-4511-A777-765C8F0060BB} - System32\Tasks\{C405C04D-FD68-44BB-AB4B-98BFE4947D97} => pcalua.exe -a G:\Setup.exe -d G:\
Task: {559BE56B-1B8B-4EF4-9E39-232311BA211D} - System32\Tasks\VHDInformationCheck => C:\Program Files (x86)\Sony\VAIO Recovery\plugins\InformationCheck.exe [2012-02-24] (Sony Corporation)
Task: {59355796-2A82-4620-8477-9BC1AB866D29} - System32\Tasks\{D3B63872-5F5A-4BDF-BA19-0D6712AF2FCE} => pcalua.exe -a G:\setup.exe -d G:\
Task: {5A1FBEE0-6B62-49DE-9792-89E5523E752F} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {5BF055E1-C3E3-4B62-9469-4A55E2D04675} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {5DBB02F8-DAF2-4BBD-B3DE-61885701A5B9} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2011-12-27] (Sony Corporation)
Task: {6784BF76-3714-4938-BEF8-CF25F5B90BB4} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {68A809F5-1B6D-4674-8B01-DA5F5B2EE5E4} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"
Task: {6A7C3105-9C0F-429C-9F3C-5A8DDB42623E} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {713AABCD-DFC2-4547-AF30-9191E2A630D6} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {7527BC15-BBB0-4936-B647-F083512B6FAA} - System32\Tasks\Sony Corporation\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2011-09-23] (Sony Corporation)
Task: {7817A4E6-12E1-4226-B192-1B4F8F859F75} - System32\Tasks\avastBCLRestart_firefox.exe => Firefox.exe
Task: {7C2603AA-F632-4EE2-872E-693E476F3752} - System32\Tasks\avast! BCU UpdateS-1-5-21-1366167738-2161922973-1286636927-1001 => C:\Users\Kerstin\AppData\Roaming\AVAST Software\Browser Cleanup\BCUUpdate.exe [2015-03-18] (AVAST Software)
Task: {84AA4058-CC58-419B-BFE8-8B708DB5C4A2} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {8612375F-7846-481F-84D6-BD27F5C1DA4D} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {8CDF3E22-EE5C-4BAC-99DA-B188BF4DCD39} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-03-07] (Sony Corporation)
Task: {9A90EB33-B5A8-4102-A1AA-5945D692D145} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {9C12BF68-355C-4A26-955B-428B02D55DA0} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {9F94A9F6-5A87-4B2C-B1A8-C7A72DED1408} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2011-12-27] (Sony Corporation)
Task: {A04D2D8E-72A6-4E4E-BEFE-713720B5E089} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {A47F0152-06A2-4059-A428-90BC800C6D60} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {A4C0D119-1EC6-4E9C-B998-BC57ABEAB733} - System32\Tasks\{20FFFD0A-7AC7-4286-9234-18E6790EDA31} => G:\Setup.exe
Task: {A650E462-2142-40D6-B3BB-146A014FD7B9} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {A79D3BD7-6716-4055-9D07-1221186E468F} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {AD15C420-EAF0-4671-A9B9-06E7506E710E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {B31E4C6F-2F64-4EA4-94C0-D29DBC667D19} - System32\Tasks\Sony Corporation\VAIO Care\ActiveStatusCollect => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {B4BA0949-7D77-4BD2-A0CE-1276F9C778DA} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {B5465050-0846-4725-BCFD-2562FA6122DD} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {B60BA25C-D5C5-4874-9715-6E45220B676B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {B919144E-C315-467D-9A48-4B9D0B99C971} - System32\Tasks\{5AD6CD0A-6B90-4C26-9F14-01B14F151621} => pcalua.exe -a H:\Software\Microsoft.Office.2007.Enterprise.SP1.DVD.GERMAN-BIE\setup.exe -d H:\Software\Microsoft.Office.2007.Enterprise.SP1.DVD.GERMAN-BIE
Task: {BA407432-8D50-418D-B692-4CB1D1545E75} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {BAB51DAD-539F-419D-ACEE-0436BB62B4DC} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2015-08-06] (Sony Corporation)
Task: {BD805383-06DB-4F64-9128-CE6C299B9BB0} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-01-29] (Dropbox, Inc.)
Task: {BDCB8DC7-9FA8-431B-BBA0-3DB13B23ADBC} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {C272AC0C-B03E-49B1-96BE-118FCD606B2F} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorSystem => C:\Program Files\Sony\VAIO Improvement\vim.exe [2013-03-29] (Sony Corporation)
Task: {C34B2937-A578-47FF-BFBB-7CCCF9F5B6B8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {C38C1DF3-CE0A-4399-AAE9-225C363B6114} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2015-07-31] (Sony Corporation)
Task: {C84CE7B0-93E2-47DC-AD7B-39246BBA599A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {CA13EC31-F387-423C-8497-1B8089341E6E} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorUser => C:\Program Files\Sony\VAIO Improvement\vim.exe [2013-03-29] (Sony Corporation)
Task: {CA15B3AA-CB05-4890-A7F3-419F4B5A2FE6} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-03-07] (Sony Corporation)
Task: {CEF38715-F78A-4AAD-9C02-4387F0DA7FE8} - System32\Tasks\AdobeAAMUpdater-1.0-Kerstin-VAIO-Kerstin => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {CF5779A1-9418-44B8-8C50-91B1D204B939} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2015-07-13] (Sony Corporation)
Task: {D0907EAE-7B5B-4A5E-8FE9-340CEB71FD2B} - System32\Tasks\Sony Corporation\VAIO Improvement Validation\VAIO Improvement Validation => C:\Program Files\Sony\VAIO Improvement Validation\viv.exe [2011-01-20] (Sony Corporation)
Task: {D68B42BF-EF90-4F92-9653-7B7A20100867} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {D76D413C-B52B-42FB-8CC6-2B610D5F4ACE} - System32\Tasks\Sony Corporation\VAIO Smart Network\VSN Logon Start => net
Task: {D90EE70C-D198-4112-A8DE-5DE22AD06395} - System32\Tasks\avastBCLS-1-5-21-1366167738-2161922973-1286636927-1001 => C:\Users\Kerstin\AppData\Roaming\AVAST Software\Browser Cleanup\BCUSched.exe [2015-11-09] (AVAST Software)
Task: {E02091FF-CDFB-46C7-82D9-33F1C092DE41} - \Run_Bobby_Browser -> Keine Datei <==== ACHTUNG
Task: {E18B7764-D373-4A22-8CDB-2AF43CAB9959} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {E7CC161F-93C3-4369-AF25-805F0DF15CEE} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {ECE59462-99F0-495C-A65F-F2FCB532BFC8} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {EEC588A5-9179-41B6-AF09-186B55765252} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {F2320397-C334-49BC-8116-E2E336FE356A} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2011-09-23] (Sony Corporation)
Task: {F24ED9DA-2E87-4BD3-86D0-1DE1C2D6C90D} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-07-13] (Sony Corporation)
Task: {F6F093AA-34B2-4539-99CF-88B82FE94304} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {FE6A1582-EC96-4F68-B8A2-6CA1B1B5AF7E} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {FFDDC436-AE0B-448C-B457-92FD5A19A601} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-19] (Adobe Systems Incorporated)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

ShortcutWithArgument: C:\Users\Kerstin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> www.startseite24.net

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-07-10 04:33 - 2015-07-10 04:33 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-09-10 06:12 - 2015-09-10 06:12 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-09-10 06:12 - 2015-09-10 06:12 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-01-18 14:56 - 2012-03-13 17:01 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2015-10-23 17:53 - 2015-10-23 17:53 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-23 17:53 - 2015-10-23 17:53 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-10-23 17:53 - 2015-10-23 17:53 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-10 04:13 - 2015-07-10 04:13 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-12-08 19:28 - 2015-11-25 05:20 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-08 19:28 - 2015-11-25 05:17 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-08 19:28 - 2015-11-25 05:17 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-23 17:53 - 2015-10-23 17:53 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 04:13 - 2015-09-10 06:12 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-01-21 11:17 - 2015-12-15 01:43 - 05890368 _____ () C:\Users\Kerstin\AppData\Local\Amazon Music\Amazon Music Helper.exe
2015-02-04 15:37 - 2015-02-04 15:37 - 00062464 _____ () C:\Program Files\Sony\VAIO Care\listener.exe
2016-01-26 19:22 - 2016-01-26 19:23 - 00015872 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.122.14020.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-01-26 19:22 - 2016-01-26 19:23 - 14870016 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.122.14020.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2015-11-22 14:19 - 2015-11-22 14:19 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.122.14020.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-01-21 09:02 - 2016-01-21 09:03 - 03563008 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.19020.0_x64__8wekyb3d8bbwe\Calculator.exe
2015-12-15 09:30 - 2015-12-15 09:31 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.19020.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2015-01-18 15:12 - 2012-03-07 18:57 - 00021128 _____ () C:\Program Files (x86)\Sony\VAIO Control Center\VESBasePS.dll
2016-01-22 21:43 - 2015-03-19 07:46 - 00867592 _____ () C:\Program Files (x86)\CyberLink\PowerDVD15\common\UNO\UNO.dll
2016-01-22 21:43 - 2013-12-10 12:31 - 00074240 _____ () C:\Program Files (x86)\CyberLink\PowerDVD15\Common\Koan\_ctypes.pyd
2016-01-22 21:43 - 2013-12-10 12:31 - 00285184 _____ () C:\Program Files (x86)\CyberLink\PowerDVD15\Common\Koan\_hashlib.pyd
2016-01-22 21:43 - 2013-12-10 12:31 - 00040960 _____ () C:\Program Files (x86)\CyberLink\PowerDVD15\Common\Koan\_socket.pyd
2016-01-22 21:43 - 2013-12-10 12:31 - 00721920 _____ () C:\Program Files (x86)\CyberLink\PowerDVD15\Common\Koan\_ssl.pyd
2015-11-10 17:14 - 2015-11-10 17:14 - 00172032 _____ () C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IsdiInterop\a93f0f4ae82ff4f730dd3b3c311656bb\IsdiInterop.ni.dll
2015-01-18 14:57 - 2011-11-29 20:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2015-01-18 14:56 - 2012-03-13 17:02 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2016-01-12 17:07 - 2016-01-12 17:07 - 00153032 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2016-01-12 17:07 - 2016-01-12 17:07 - 00022472 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2016-01-29 08:31 - 2016-01-27 18:39 - 01632584 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\libglesv2.dll
2016-01-29 08:31 - 2016-01-27 18:39 - 00087880 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\libegl.dll
2012-08-30 11:52 - 2012-08-30 11:52 - 00472168 _____ () C:\Program Files (x86)\Duden\Duden-Rechtschreibpruefung\adxloader.dll
2012-08-30 11:52 - 2012-08-30 11:52 - 00786432 _____ () C:\Program Files (x86)\Duden\Duden-Rechtschreibpruefung\Interop.Access.dll
2012-08-30 11:52 - 2012-08-30 11:52 - 00950272 _____ () C:\Program Files (x86)\Duden\Duden-Rechtschreibpruefung\Interop.Excel.dll
2012-08-30 11:52 - 2012-08-30 11:52 - 00065536 _____ () C:\Program Files (x86)\Duden\Duden-Rechtschreibpruefung\Interop.FrontPage.dll
2012-08-30 11:52 - 2012-08-30 11:52 - 00286720 _____ () C:\Program Files (x86)\Duden\Duden-Rechtschreibpruefung\Interop.Outlook.dll
2012-08-30 11:52 - 2012-08-30 11:52 - 00204800 _____ () C:\Program Files (x86)\Duden\Duden-Rechtschreibpruefung\Interop.PowerPoint.dll
2012-08-30 11:52 - 2012-08-30 11:52 - 00495616 _____ () C:\Program Files (x86)\Duden\Duden-Rechtschreibpruefung\Interop.Word.dll
2012-10-26 11:56 - 2012-10-26 11:56 - 00314368 _____ () C:\Program Files (x86)\Duden\Duden-Rechtschreibpruefung\MBControls.dll
2012-08-30 11:52 - 2012-08-30 11:52 - 00151552 _____ () C:\Program Files (x86)\Duden\Duden-Rechtschreibpruefung\Interop.Office.dll
2015-09-24 16:40 - 2015-09-24 16:40 - 00057856 _____ () C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\de_de\brdlang32.DEU
2016-01-14 21:38 - 2016-01-14 21:38 - 09499136 _____ () C:\Users\Kerstin\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_rdlang32.deu
2015-11-12 20:54 - 2015-08-13 14:08 - 03544576 _____ () C:\Program Files (x86)\Adobe\Reader 10.0\Reader\plug_ins\Citavi Picker\CitaviPicker.api
2016-01-14 22:45 - 2016-01-14 22:45 - 01180160 _____ () C:\Users\Kerstin\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_PPKLite.DEU
2016-01-14 22:45 - 2016-01-14 22:45 - 01319424 _____ () C:\Users\Kerstin\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_AcroForm.DEU
2016-01-14 22:45 - 2016-01-14 22:45 - 00316416 _____ () C:\Users\Kerstin\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_DigSig.DEU
2016-01-14 22:44 - 2016-01-14 22:44 - 00100352 _____ () C:\Users\Kerstin\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_EScript.DEU
2016-01-14 22:44 - 2016-01-14 22:44 - 03066880 _____ () C:\Users\Kerstin\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_Annots.DEU
2015-09-24 16:40 - 2015-09-24 16:40 - 00305544 _____ () C:\Program Files (x86)\Adobe\Reader 10.0\Reader\sqlite.dll
2016-01-14 21:39 - 2016-01-14 21:39 - 00014336 _____ () C:\Users\Kerstin\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_Updater.DEU

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-1366167738-2161922973-1286636927-1001\...\aeriagames.com -> hxxps://aeriagames.com
IE trusted site: HKU\S-1-5-21-1366167738-2161922973-1286636927-1001\...\aeriagames.com -> hxxp://aeriagames.com

==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2015-01-30 11:37 - 00001028 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1                  activate.adobe.com
127.0.0.1                  practivate.adobe.com
127.0.0.1                  lmlicenses.wip4.adobe.com
127.0.0.1                  lm.licenses.adobe.com

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1366167738-2161922973-1286636927-1001\Control Panel\Desktop\\Wallpaper -> D:\Bilder\Korfu 2015\Best of\4 (136).JPG
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\...\StartupApproved\Run32: => "ContentTransferWMDetector.exe"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [UDP Query User{FEB18DAC-C172-42C9-BE01-AECCBE351B95}C:\users\kerstin\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\kerstin\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{BDD1B632-72C0-47A2-865B-1EEAB13CEA7D}C:\users\kerstin\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\kerstin\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{FB3AFA9E-6DF7-4160-8A9F-824C185367D0}C:\users\kerstin\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\kerstin\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{FA385E60-426F-4380-AEC7-E2DE04146EFE}C:\users\kerstin\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\kerstin\appdata\local\akamai\netsession_win.exe
FirewallRules: [{7761AF3E-EB48-4193-A1D3-2A919174CAC2}] => (Allow) C:\Program Files\Sony\VAIO Care\VAIOShell.exe
FirewallRules: [{259CF2C6-F411-4907-AF79-8D805A3A6A98}] => (Allow) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
FirewallRules: [{FA859391-BDE0-4617-ADCF-5DDB24FDFFD3}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAdmin.exe
FirewallRules: [{CF6147EB-BF77-472B-8A84-495CC59EF89F}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAgent.exe
FirewallRules: [UDP Query User{D60C932D-C659-4FEB-A8DE-3B4AC40F7E53}C:\users\kerstin\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\kerstin\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{9C63613F-E8E0-40C4-AA3F-BF3FF81A71B3}C:\users\kerstin\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\kerstin\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{DB0AFDC7-5DDC-4C4C-A382-FCC93AA80689}] => (Allow) C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\CinergyDvr.exe
FirewallRules: [{64CEFCD6-74E6-4FDD-906C-4D6710C30444}] => (Allow) C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\CinergyDvr.exe
FirewallRules: [{A69B0AD0-CA37-4003-8038-40477C83243B}] => (Allow) C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe
FirewallRules: [{46CC4BB6-C9E5-4505-B6C3-FFD42DDAC42C}] => (Allow) C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe
FirewallRules: [{B61F7B8C-3D79-4AF1-99EE-94F6BC5C2532}] => (Allow) C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\InstTool.exe
FirewallRules: [{D6B25D2E-D613-4AA0-88C4-E7FA7712F917}] => (Allow) C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\InstTool.exe
FirewallRules: [UDP Query User{F7E15CFB-81F3-462F-B860-8D4B55069A4D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{F71C91E9-951D-4671-BD70-2286B8919DA9}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{E80FF284-063D-4C68-9D2A-E61612429558}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{115A53EA-93D1-482C-B34E-6EACBE368A3C}] => (Block) C:\Program Files (x86)\Sony\VAIO Creations\VAIO Movie Story\VMStory.exe
FirewallRules: [{86A73A03-F7A7-45A7-913B-2FF017DEA602}] => (Block) C:\Program Files (x86)\Sony\VAIO Creations\VAIO Movie Story\VMStory.exe
FirewallRules: [{6405F0BC-506B-4C7B-BAD2-53B41D618F34}] => (Block) C:\Program Files (x86)\Sony\VAIO Creations\VAIO Movie Story\VMStory.exe
FirewallRules: [{48526780-E8D0-478B-952C-5DB519AAA95E}] => (Allow) C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe
FirewallRules: [{8F447791-02F9-4CBF-841A-44C3C0B91421}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{B8F84441-A0A0-457E-8AD4-78EA643F4591}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{87CBF9CF-2B13-42BA-9CA9-EB28F3F98A3E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{742BE255-E3EF-4E59-87D4-8D1B567C05FB}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{8FA70B8C-31F1-413E-A638-ACCAF092057C}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{3DF28D09-AD7E-41FE-A77E-67FD30125758}] => (Allow) LPort=1900
FirewallRules: [{2A5B6337-4343-41B6-A0DE-A4C244E2DFDF}] => (Allow) LPort=2869
FirewallRules: [{F027C7F6-82A6-4378-9CF5-5A5B78AB878E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{5BBB7283-42EE-485A-983F-EDF7400357BF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{D54C0A26-F8F3-455E-B5CC-6B42213FA416}] => (Allow) C:\Program Files\Sony\VAIO Smart Network\WFDA\WiFiDirectApplication.exe
FirewallRules: [{F44742A4-7B5D-460F-B36B-807BBE6E501D}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{C76FBEF9-563F-4255-B83C-645AFA579FEA}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{19FD6C30-4599-4011-AE89-0AE62AB209C8}] => (Allow) C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe
FirewallRules: [{C66CC04D-EDBF-4151-B9CF-7591C615239D}] => (Allow) C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe
FirewallRules: [{479CD170-2B32-45E9-BC2E-16402BC8EDCE}] => (Allow) C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\CinergyDvr.exe
FirewallRules: [{AC50747C-D475-45D1-A9A8-102162088DA9}] => (Allow) C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\CinergyDvr.exe
FirewallRules: [{C0A58A64-6070-465F-A5B2-3166B2041BE2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD.exe
FirewallRules: [{006A772F-A41D-4DEE-82E3-6548A3F46F04}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\Kernel\DMS\CLMSServerPDVD15.exe
FirewallRules: [{E85E7530-705F-4070-89C9-656DB2979578}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD15Agent.exe
FirewallRules: [{30EFC8BD-6D5E-495F-ADD7-68ADF53340A8}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\Movie\PowerDVDMovie.exe
FirewallRules: [{E397CB1C-C2A1-4645-9E89-CE0B0C063A3A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{3BA930FC-18D6-43DB-A2FE-6CEE95A506F7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{2CFBE66F-F641-49FB-B62B-A96327711D33}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe] => Enabled:TriDef 3D Media Player

==================== Wiederherstellungspunkte =========================

22-01-2016 20:27:09 Installiert PowerDVD
25-01-2016 14:30:17 PRIMER 7
01-02-2016 17:52:21 JRT Pre-Junkware Removal

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (02/02/2016 07:54:07 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=43, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0

Error: (02/02/2016 07:54:07 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=25, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0

Error: (02/02/2016 07:54:07 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=17, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0

Error: (02/02/2016 07:54:07 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=23, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0

Error: (02/02/2016 07:54:07 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=21, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0

Error: (02/02/2016 07:54:07 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=18, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0

Error: (02/02/2016 07:52:38 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: VAIO)
Description: Bei der Aktivierung der App „Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (02/01/2016 11:31:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: VAIO)
Description: Bei der Aktivierung der App „Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (02/01/2016 11:31:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: VAIO)
Description: Bei der Aktivierung der App „Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (02/01/2016 11:31:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: VAIO)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.


Systemfehler:
=============
Error: (02/02/2016 07:54:05 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Net.Tcp-Listeneradapter" ist vom Dienst "Net.Tcp-Portfreigabedienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058

Error: (02/02/2016 07:52:58 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenzugriff_Session2" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/02/2016 07:52:58 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenspeicher _Session2" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/02/2016 07:52:58 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Kontaktdaten_Session2" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/02/2016 07:52:58 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Synchronisierungshost_Session2" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/02/2016 07:52:38 AM) (Source: DCOM) (EventID: 10010) (User: VAIO)
Description: App

Error: (02/02/2016 07:52:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management and Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/02/2016 07:52:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "VCService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/02/2016 07:52:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) System Behavior Tracker Collector Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/02/2016 07:52:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Energy Server Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


CodeIntegrity:
===================================
  Date: 2016-02-02 08:53:50.668
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-02 08:53:50.625
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-02 08:53:50.610
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-02 08:53:50.593
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-02 08:53:50.162
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-02 08:53:50.147
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-02 08:53:49.923
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-02 08:53:49.904
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-02 08:53:49.821
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-02 08:53:49.797
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen ===========================

Prozessor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
Prozentuale Nutzung des RAM: 40%
Installierter physikalischer RAM: 8162.36 MB
Verfügbarer physikalischer RAM: 4863.45 MB
Summe virtueller Speicher: 16354.36 MB
Verfügbarer virtueller Speicher: 12101.48 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:150 GB) (Free:60.72 GB) NTFS
Drive d: () (Fixed) (Total:298.69 GB) (Free:107.82 GB) NTFS
Drive f: (AMY) (Removable) (Total:57.82 GB) (Free:41.06 GB) FAT32

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 946CD195)
Partition 1: (Not Active) - (Size=16.7 GB) - (Type=27)
Partition 2: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=150 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=298.7 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 57.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== Ende von Addition.txt ============================


Alle Zeitangaben in WEZ +1. Es ist jetzt 20:02 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20