Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Mail & Media AG Email -> zip geöffnet -> Trojaner im Online Banking? (https://www.trojaner-board.de/178005-mail-media-ag-email-zip-geoeffnet-trojaner-online-banking.html)

jobi2122 26.04.2016 18:19
ich wollte nur bescheid geben, dass ich für 2 Wochen nicht erreichbar bin.

Ist das Problem nun behoben?

LG

cosinus 27.04.2016 09:44
Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Untersuchen klicken

http://www.trojaner-board.de/picture...&pictureid=611

jobi2122 11.05.2016 10:02
so bin nun wieder erreichbar

hier die FRST:


FRST Logfile:
Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:18-04-2016
durchgeführt von Gerhard (Administrator) auf GERHARD-PC (11-05-2016 10:45:42)
Gestartet von C:\Users\Administrator\Desktop
Geladene Profile: Gerhard (Verfügbare Profile: Gerhard)
Platform: Windows 10 Pro Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Amazon Inc.) C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(TeamViewer GmbH) C:\Users\Administrator\AppData\Local\Temp\TeamViewer\Version9\TeamViewer_Service_2016-04-21-18-34-12.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.168_none_76587b40265ca57e\TiWorker.exe
(TeamViewer GmbH) C:\Users\Administrator\AppData\Local\Temp\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Users\Administrator\AppData\Local\Temp\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Users\Administrator\AppData\Local\Temp\TeamViewer\Version9\tv_x64.exe
(Microsoft Corporation) C:\Windows\Temp\4204A68B-EA3F-482E-827A-EE41F10FB437\DismHost.exe
(TeamViewer GmbH) C:\Users\Administrator\AppData\Local\Temp\TeamViewer\Version9\TeamViewer_Desktop.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3738336 2015-11-02] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11046504 2010-07-14] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [HP LJ300-400 color MFP M375-M475 Series Fax] => C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [3706424 2011-05-06] (Hewlett-Packard Company)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM-x32\...\Run: [BePCSC] => C:\Program Files (x86)\EmvSmartCardReader\BePCSC.exe [130560 2010-07-06] ()
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] ()
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [136760 2011-07-19] (Hewlett-Packard Company)
HKLM-x32\...\Run: [ASUS Screen Saver Protector] => C:\Windows\AsScrPro.exe
HKLM-x32\...\Run: [ADSMTray] => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe [272952 2009-06-24] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2644038190-2686571229-67561758-500\...\Run: [Adobe Reader Synchronizer] => "C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe"
HKU\S-1-5-21-2644038190-2686571229-67561758-500\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-2644038190-2686571229-67561758-500\...\Run: [Dropbox Update] => C:\Users\Administrator\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-18] (Dropbox, Inc.)
HKU\S-1-5-21-2644038190-2686571229-67561758-500\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-2644038190-2686571229-67561758-500\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-2644038190-2686571229-67561758-500\...\Run: [Google Update] => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2016-02-13] (Google Inc.)
HKU\S-1-5-21-2644038190-2686571229-67561758-500\...\Run: [snubber-91] => C:\ProgramData\snubber-9\snubber-7.exe [799296 2016-04-21] ()
HKU\S-1-5-21-2644038190-2686571229-67561758-500\...\RunOnce: [Uninstall C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"
HKU\S-1-5-21-2644038190-2686571229-67561758-500\...\RunOnce: [Uninstall C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1"
HKU\S-1-5-21-2644038190-2686571229-67561758-500\...\RunOnce: [inverter-8] => C:\Users\Administrator\AppData\Roaming\inverter-01\inverter-42.exe [879104 2016-04-21] ()
HKU\S-1-5-21-2644038190-2686571229-67561758-500\...\Winlogon: [Shell] C:\ProgramData\hotswap-93\hotswap-1.exe -mt,explorer.exe <==== ACHTUNG
Lsa: [Authentication Packages] msv1_0 wvauth
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll [2007-06-15] ()
ShellIconOverlayIdentifiers: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll [2007-06-01] ()
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll [2007-06-15] ()
ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll [2007-06-01] ()
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-09-04]
ShortcutTarget: Dropbox.lnk -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pressure-4.lnk [2016-04-21]
ShortcutTarget: pressure-4.lnk -> C:\Users\Administrator\AppData\Roaming\pressure-56\pressure-4.exe (Accmeware Corporation)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{d7e12351-98a7-4bb9-a8c9-4ed95e6e835d}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{e745f5c5-1c2f-459b-82bf-1668a547eab4}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKU\S-1-5-21-2644038190-2686571229-67561758-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p10_serp_ie_de_display?ie=UTF8&tagbase=bds-p10&tbrId=v1_abb-channel-10_0_1201_1401_20160210_DE_ie_sp_
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\S-1-5-21-2644038190-2686571229-67561758-500 -> DefaultScope {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxps://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p10_serp_ie_de_display?ie=UTF8&tagbase=bds-p10&tbrId=v1_abb-channel-10_0_1201_1401_20160210_DE_ie_ds_&tag=bds-p10-serp-de-ie-21&query={searchTerms}
SearchScopes: HKU\S-1-5-21-2644038190-2686571229-67561758-500 -> {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxps://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p10_serp_ie_de_display?ie=UTF8&tagbase=bds-p10&tbrId=v1_abb-channel-10_0_1201_1401_20160210_DE_ie_ds_&tag=bds-p10-serp-de-ie-21&query={searchTerms}
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-03-28] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-28] (Oracle Corporation)

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [Keine Datei]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-28] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-07-19] (VideoLAN)
FF Plugin HKU\S-1-5-21-2644038190-2686571229-67561758-500: @tools.google.com/Google Update;version=3 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-13] (Google Inc.)
FF Plugin HKU\S-1-5-21-2644038190-2686571229-67561758-500: @tools.google.com/Google Update;version=9 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-13] (Google Inc.)

Chrome:
=======
CHR HomePage: Default -> search.ask.com/?gct=hp
CHR DefaultSearchURL: Default -> hxxp://www.search.ask.com/web?q={searchTerms}
CHR DefaultSearchKeyword: Default -> search.ask.com
CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-13]
CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-13]
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-13]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-13]
CHR Extension: (Google-Suche) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-13]
CHR Extension: (Google Tabellen) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-13]
CHR Extension: (Google Docs Offline) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-23]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Google Mail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-13]
StartMenuInternet: Google Chrome.TXKAABCIGSADGJW74L3ITIXXME - C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 ADSMService; C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe [225280 2008-03-31] (ASUSTek Computer Inc.) [Datei ist nicht signiert]
R2 Amazon 1Button App Service; C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe [436032 2016-02-17] (Amazon Inc.)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2015-09-10] (Broadcom Corporation.)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [11127016 2016-02-12] (DisplayLink Corp.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144104 2015-11-02] (ELAN Microelectronics Corp.)
S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2010-10-27] (Hewlett-Packard Company) [Datei ist nicht signiert]
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [162816 2011-07-08] (HP) [Datei ist nicht signiert]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
S4 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [1558016 2010-03-31] (Wave Systems Corp.) [Datei ist nicht signiert]
S3 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] ()
R2 TeamViewer9; c:\Users\Administrator\AppData\Local\Temp\teamviewer\Version9\TeamViewer_Service.exe [4382992 2014-09-12] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R0 assd; C:\Windows\System32\Drivers\assd.sys [27264 2010-04-28] (ASUS Corporation)
R3 athr; C:\Windows\System32\drivers\athwnx.sys [4207104 2015-10-30] (Qualcomm Atheros Communications, Inc.)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2015-09-10] (Broadcom Corporation.)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
S3 DisplayLinkUsbIo_x64; C:\Windows\system32\DRIVERS\DisplayLinkUsbIo_x64_7.9.1488.0.sys [67344 2016-03-09] ()
S3 EmvScard; C:\Windows\system32\DRIVERS\EmvScard.sys [30208 2010-07-06] (Alcor Micro, Corp.) [Datei ist nicht signiert]
R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [17464 2007-08-03] ()
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [49584 2016-04-19] ()
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [15416 2009-07-21] ( )
S3 LAN9500; C:\Windows\System32\drivers\lan9500-x64-n630f.sys [95712 2015-06-16] (SMSC)
R3 SzCCID; C:\Windows\system32\DRIVERS\SzCCID.sys [60072 2015-09-10] (Generic)
R2 WavxDMgr; C:\Windows\System32\DRIVERS\WavxDMgr.sys [305744 2010-07-07] (Wave Systems Corp.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 AmUStor; \SystemRoot\system32\drivers\AmUStor.SYS [X]
U3 idsvc; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-04-21 18:42 - 2016-04-21 18:42 - 00001735 _____ C:\Users\Administrator\Desktop\JRT.txt
2016-04-21 18:36 - 2016-04-21 18:37 - 01610352 _____ (Malwarebytes) C:\Users\Administrator\Desktop\JRT.exe
2016-04-21 17:13 - 2016-04-21 17:13 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-04-21 16:38 - 2016-04-21 18:30 - 00000000 ____D C:\AdwCleaner
2016-04-21 16:37 - 2016-04-21 16:38 - 03683904 _____ C:\Users\Administrator\Desktop\AdwCleaner_5.112.exe
2016-04-21 13:30 - 2016-04-21 13:30 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\pressure-56
2016-04-21 13:27 - 2016-04-21 13:27 - 00000000 ____D C:\ProgramData\hotswap-93
2016-04-21 12:43 - 2016-05-11 10:48 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\inverter-01
2016-04-21 12:06 - 2016-04-21 12:06 - 00000000 ____D C:\ProgramData\snubber-9
2016-04-20 13:29 - 2016-04-21 12:08 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-04-20 13:29 - 2016-04-21 11:01 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-20 13:29 - 2016-04-20 13:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-20 13:28 - 2016-04-21 12:08 - 00000000 ____D C:\Users\Administrator\Desktop\mbar
2016-04-20 13:28 - 2016-04-21 10:59 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-04-20 13:27 - 2016-04-20 13:28 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Administrator\Desktop\mbar-1.09.3.1001.exe
2016-04-20 13:01 - 2016-04-20 13:02 - 00057467 _____ C:\Users\Administrator\Desktop\Addition.txt
2016-04-20 12:59 - 2016-05-11 10:45 - 00024252 _____ C:\Users\Administrator\Desktop\FRST.txt
2016-04-20 12:33 - 2016-04-20 12:33 - 00000000 ____D C:\Users\Administrator\Desktop\alt
2016-04-20 12:00 - 2016-04-20 12:03 - 00000000 ____D C:\Users\Administrator\Desktop\ramsch
2016-04-20 11:46 - 2016-04-20 11:46 - 00059017 _____ C:\Users\Administrator\Desktop\2. post.txt
2016-04-20 11:28 - 2016-05-11 10:45 - 00000000 ____D C:\FRST
2016-04-20 11:26 - 2016-04-20 11:28 - 02375680 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2016-04-19 11:58 - 2016-04-19 11:58 - 00001178 _____ C:\WINDOWS\system32\.crusader
2016-04-19 10:55 - 2016-04-19 12:02 - 00049584 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2016-04-19 10:54 - 2016-04-19 12:01 - 00000000 ____D C:\ProgramData\HitmanPro
2016-04-19 10:54 - 2016-04-19 10:54 - 11441744 _____ (SurfRight B.V.) C:\Users\Administrator\Downloads\hitmanpro_x64.exe
2016-04-19 10:33 - 2016-04-19 10:34 - 07103256 _____ (TeamViewer) C:\Users\Administrator\Downloads\TeamViewerQS_de-jfa.exe
2016-04-18 17:36 - 2016-04-18 17:50 - 00000000 ____D C:\ProgramData\xq
2016-04-18 09:16 - 2016-04-18 09:16 - 00099037 _____ C:\Users\Administrator\Downloads\c8318b81-61c8-4ecc-aef6-7a38216c7f12.pdf
2016-04-18 09:16 - 2016-04-18 09:16 - 00099037 _____ C:\Users\Administrator\Downloads\c8318b81-61c8-4ecc-aef6-7a38216c7f12 (1).pdf
2016-04-18 09:10 - 2016-04-18 09:10 - 00001214 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2644038190-2686571229-67561758-500Core1d199416bd8b8fb.job
2016-04-15 17:30 - 2016-04-15 17:30 - 00208048 _____ C:\Users\Administrator\Downloads\X32142_20160425__X32142_20160425__X32143_20160510__X32143_20160510 (1).pdf
2016-04-15 17:29 - 2016-04-15 17:29 - 00208048 _____ C:\Users\Administrator\Downloads\X32142_20160425__X32142_20160425__X32143_20160510__X32143_20160510.pdf
2016-04-13 16:29 - 2016-03-29 09:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-04-13 16:29 - 2016-03-29 09:19 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-04-13 16:29 - 2016-03-29 09:12 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-04-13 16:29 - 2016-03-29 09:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-04-13 16:29 - 2016-03-29 09:02 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-04-13 16:29 - 2016-03-29 08:37 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-04-13 16:29 - 2016-03-29 08:05 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-04-13 16:29 - 2016-03-29 08:02 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-04-13 16:29 - 2016-03-29 07:38 - 18673664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-04-13 16:29 - 2016-03-29 07:37 - 19340800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-04-13 16:28 - 2016-04-02 05:26 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-04-13 16:28 - 2016-04-02 05:19 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-04-13 16:28 - 2016-04-02 05:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-04-13 16:28 - 2016-04-02 05:15 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-04-13 16:28 - 2016-04-02 05:14 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-04-13 16:28 - 2016-04-02 05:09 - 01832448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-04-13 16:28 - 2016-04-02 05:07 - 03575296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-04-13 16:28 - 2016-04-02 05:07 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-04-13 16:28 - 2016-04-02 05:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-04-13 16:28 - 2016-03-29 12:22 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-13 16:28 - 2016-03-29 12:22 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-13 16:28 - 2016-03-29 12:20 - 07474016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-04-13 16:28 - 2016-03-29 12:20 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 16:28 - 2016-03-29 12:20 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-13 16:28 - 2016-03-29 12:20 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-13 16:28 - 2016-03-29 12:18 - 02152280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-04-13 16:28 - 2016-03-29 12:02 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-04-13 16:28 - 2016-03-29 11:56 - 01297752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-04-13 16:28 - 2016-03-29 11:37 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-04-13 16:28 - 2016-03-29 11:28 - 00696664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-04-13 16:28 - 2016-03-29 11:13 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-04-13 16:28 - 2016-03-29 11:11 - 00605440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-04-13 16:28 - 2016-03-29 10:41 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-04-13 16:28 - 2016-03-29 10:06 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-04-13 16:28 - 2016-03-29 10:02 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-04-13 16:28 - 2016-03-29 10:01 - 00541304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-04-13 16:28 - 2016-03-29 09:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-04-13 16:28 - 2016-03-29 09:46 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-04-13 16:28 - 2016-03-29 09:36 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-04-13 16:28 - 2016-03-29 09:34 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-04-13 16:28 - 2016-03-29 09:20 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-04-13 16:28 - 2016-03-29 09:16 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-04-13 16:28 - 2016-03-29 09:15 - 01714688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-04-13 16:28 - 2016-03-29 09:15 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-04-13 16:28 - 2016-03-29 09:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-04-13 16:28 - 2016-03-29 09:14 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-04-13 16:28 - 2016-03-29 09:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-04-13 16:28 - 2016-03-29 09:12 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-04-13 16:28 - 2016-03-29 09:10 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-04-13 16:28 - 2016-03-29 09:10 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-04-13 16:28 - 2016-03-29 09:07 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-04-13 16:28 - 2016-03-29 09:05 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-04-13 16:28 - 2016-03-29 09:02 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-04-13 16:28 - 2016-03-29 09:02 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-04-13 16:28 - 2016-03-29 09:00 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-04-13 16:28 - 2016-03-29 08:59 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-04-13 16:28 - 2016-03-29 08:42 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-04-13 16:28 - 2016-03-29 08:37 - 01444352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-04-13 16:28 - 2016-03-29 08:37 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-04-13 16:28 - 2016-03-29 08:36 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-04-13 16:28 - 2016-03-29 08:35 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-04-13 16:28 - 2016-03-29 08:34 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-04-13 16:28 - 2016-03-29 08:32 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-04-13 16:28 - 2016-03-29 08:32 - 01098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-04-13 16:28 - 2016-03-29 08:31 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-04-13 16:28 - 2016-03-29 08:31 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-04-13 16:28 - 2016-03-29 08:30 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-04-13 16:28 - 2016-03-29 08:28 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-04-13 16:28 - 2016-03-29 08:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-04-13 16:28 - 2016-03-29 08:26 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-04-13 16:28 - 2016-03-29 08:19 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-04-13 16:28 - 2016-03-29 08:05 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-04-13 16:28 - 2016-03-29 08:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-04-13 16:28 - 2016-03-29 08:05 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-04-13 16:28 - 2016-03-29 08:01 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-04-13 16:28 - 2016-03-29 07:58 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-04-13 16:28 - 2016-03-29 07:56 - 16985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-04-13 16:28 - 2016-03-29 07:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-04-13 16:28 - 2016-03-29 07:51 - 22378496 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-04-13 16:28 - 2016-03-29 07:51 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-04-13 16:28 - 2016-03-29 07:49 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-04-13 16:28 - 2016-03-29 07:45 - 03078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-04-13 16:28 - 2016-03-29 07:43 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-04-13 16:28 - 2016-03-29 07:41 - 24602112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-04-13 16:28 - 2016-03-29 07:41 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-04-13 16:28 - 2016-03-29 07:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-04-13 16:28 - 2016-03-29 07:38 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-04-13 16:28 - 2016-03-29 07:36 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-04-13 16:28 - 2016-03-29 07:27 - 07836160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-04-13 16:28 - 2016-03-29 07:27 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-04-13 16:28 - 2016-03-29 07:26 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-04-13 16:27 - 2016-04-02 06:13 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-04-13 16:27 - 2016-04-02 06:10 - 00770640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2016-04-13 16:27 - 2016-04-02 06:10 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-04-13 16:27 - 2016-04-02 06:10 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-04-13 16:27 - 2016-04-02 05:30 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-04-13 16:27 - 2016-04-02 05:29 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-04-13 16:27 - 2016-04-02 05:29 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-04-13 16:27 - 2016-04-02 05:25 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2016-04-13 16:27 - 2016-04-02 05:25 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2016-04-13 16:27 - 2016-04-02 05:23 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-04-13 16:27 - 2016-04-02 05:23 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-04-13 16:27 - 2016-04-02 05:21 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-04-13 16:27 - 2016-04-02 05:08 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-04-13 16:27 - 2016-04-02 05:03 - 04774912 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-04-13 16:27 - 2016-03-29 12:23 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-04-13 16:27 - 2016-03-29 12:15 - 00100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2016-04-13 16:27 - 2016-03-29 12:11 - 00686976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-04-13 16:27 - 2016-03-29 12:05 - 01152864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-04-13 16:27 - 2016-03-29 12:02 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-04-13 16:27 - 2016-03-29 11:28 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-04-13 16:27 - 2016-03-29 11:28 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-04-13 16:27 - 2016-03-29 11:25 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-04-13 16:27 - 2016-03-29 11:25 - 00058400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-04-13 16:27 - 2016-03-29 11:19 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-04-13 16:27 - 2016-03-29 11:18 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-04-13 16:27 - 2016-03-29 11:17 - 00300104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-04-13 16:27 - 2016-03-29 11:11 - 00074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2016-04-13 16:27 - 2016-03-29 11:10 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-04-13 16:27 - 2016-03-29 11:09 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-04-13 16:27 - 2016-03-29 11:08 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-04-13 16:27 - 2016-03-29 11:08 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2016-04-13 16:27 - 2016-03-29 11:07 - 00081144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-04-13 16:27 - 2016-03-29 10:44 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-04-13 16:27 - 2016-03-29 10:44 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-04-13 16:27 - 2016-03-29 10:41 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-04-13 16:27 - 2016-03-29 10:32 - 00253088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-04-13 16:27 - 2016-03-29 10:26 - 02403680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-04-13 16:27 - 2016-03-29 10:26 - 01089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-04-13 16:27 - 2016-03-29 10:26 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
2016-04-13 16:27 - 2016-03-29 10:25 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
2016-04-13 16:27 - 2016-03-29 10:24 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-04-13 16:27 - 2016-03-29 10:23 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
2016-04-13 16:27 - 2016-03-29 10:21 - 00378208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2016-04-13 16:27 - 2016-03-29 10:17 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-04-13 16:27 - 2016-03-29 10:16 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-04-13 16:27 - 2016-03-29 10:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2016-04-13 16:27 - 2016-03-29 10:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2016-04-13 16:27 - 2016-03-29 10:07 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-04-13 16:27 - 2016-03-29 10:07 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2016-04-13 16:27 - 2016-03-29 10:07 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
2016-04-13 16:27 - 2016-03-29 10:06 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll
2016-04-13 16:27 - 2016-03-29 10:00 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-04-13 16:27 - 2016-03-29 10:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2016-04-13 16:27 - 2016-03-29 10:00 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-04-13 16:27 - 2016-03-29 09:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2016-04-13 16:27 - 2016-03-29 09:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-04-13 16:27 - 2016-03-29 09:57 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-13 16:27 - 2016-03-29 09:57 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-04-13 16:27 - 2016-03-29 09:57 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-04-13 16:27 - 2016-03-29 09:55 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-04-13 16:27 - 2016-03-29 09:55 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-04-13 16:27 - 2016-03-29 09:55 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2016-04-13 16:27 - 2016-03-29 09:54 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-04-13 16:27 - 2016-03-29 09:54 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-04-13 16:27 - 2016-03-29 09:53 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-04-13 16:27 - 2016-03-29 09:52 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2016-04-13 16:27 - 2016-03-29 09:51 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2016-04-13 16:27 - 2016-03-29 09:51 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-04-13 16:27 - 2016-03-29 09:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-04-13 16:27 - 2016-03-29 09:50 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2016-04-13 16:27 - 2016-03-29 09:50 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-04-13 16:27 - 2016-03-29 09:50 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-04-13 16:27 - 2016-03-29 09:50 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-04-13 16:27 - 2016-03-29 09:50 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2016-04-13 16:27 - 2016-03-29 09:49 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-04-13 16:27 - 2016-03-29 09:48 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2016-04-13 16:27 - 2016-03-29 09:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-04-13 16:27 - 2016-03-29 09:46 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-04-13 16:27 - 2016-03-29 09:44 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2016-04-13 16:27 - 2016-03-29 09:42 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-04-13 16:27 - 2016-03-29 09:39 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-04-13 16:27 - 2016-03-29 09:38 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-04-13 16:27 - 2016-03-29 09:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-04-13 16:27 - 2016-03-29 09:36 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2016-04-13 16:27 - 2016-03-29 09:35 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2016-04-13 16:27 - 2016-03-29 09:35 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-04-13 16:27 - 2016-03-29 09:34 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-04-13 16:27 - 2016-03-29 09:34 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2016-04-13 16:27 - 2016-03-29 09:34 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2016-04-13 16:27 - 2016-03-29 09:33 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-04-13 16:27 - 2016-03-29 09:32 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-04-13 16:27 - 2016-03-29 09:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-04-13 16:27 - 2016-03-29 09:30 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-04-13 16:27 - 2016-03-29 09:30 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-04-13 16:27 - 2016-03-29 09:28 - 00460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-04-13 16:27 - 2016-03-29 09:27 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-04-13 16:27 - 2016-03-29 09:26 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-04-13 16:27 - 2016-03-29 09:23 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2016-04-13 16:27 - 2016-03-29 09:23 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-04-13 16:27 - 2016-03-29 09:23 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-04-13 16:27 - 2016-03-29 09:22 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2016-04-13 16:27 - 2016-03-29 09:21 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-13 16:27 - 2016-03-29 09:20 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-04-13 16:27 - 2016-03-29 09:20 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2016-04-13 16:27 - 2016-03-29 09:20 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll
2016-04-13 16:27 - 2016-03-29 09:19 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-04-13 16:27 - 2016-03-29 09:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll
2016-04-13 16:27 - 2016-03-29 09:18 - 00676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2016-04-13 16:27 - 2016-03-29 09:17 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-04-13 16:27 - 2016-03-29 09:17 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-04-13 16:27 - 2016-03-29 09:17 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-04-13 16:27 - 2016-03-29 09:16 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-04-13 16:27 - 2016-03-29 09:14 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-04-13 16:27 - 2016-03-29 09:14 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-04-13 16:27 - 2016-03-29 09:11 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-04-13 16:27 - 2016-03-29 09:11 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-04-13 16:27 - 2016-03-29 09:11 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-04-13 16:27 - 2016-03-29 09:11 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-04-13 16:27 - 2016-03-29 09:11 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-04-13 16:27 - 2016-03-29 09:11 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
2016-04-13 16:27 - 2016-03-29 09:09 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2016-04-13 16:27 - 2016-03-29 09:09 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-04-13 16:27 - 2016-03-29 09:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2016-04-13 16:27 - 2016-03-29 09:08 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-04-13 16:27 - 2016-03-29 09:08 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-04-13 16:27 - 2016-03-29 09:08 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-04-13 16:27 - 2016-03-29 09:07 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-13 16:27 - 2016-03-29 09:06 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-04-13 16:27 - 2016-03-29 09:06 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-04-13 16:27 - 2016-03-29 09:06 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2016-04-13 16:27 - 2016-03-29 09:05 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2016-04-13 16:27 - 2016-03-29 09:04 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2016-04-13 16:27 - 2016-03-29 09:03 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-04-13 16:27 - 2016-03-29 09:00 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-04-13 16:27 - 2016-03-29 09:00 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-04-13 16:27 - 2016-03-29 09:00 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-04-13 16:27 - 2016-03-29 08:59 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-04-13 16:27 - 2016-03-29 08:59 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-04-13 16:27 - 2016-03-29 08:56 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-04-13 16:27 - 2016-03-29 08:56 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-04-13 16:27 - 2016-03-29 08:55 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2016-04-13 16:27 - 2016-03-29 08:53 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2016-04-13 16:27 - 2016-03-29 08:53 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2016-04-13 16:27 - 2016-03-29 08:52 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-04-13 16:27 - 2016-03-29 08:52 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2016-04-13 16:27 - 2016-03-29 08:49 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2016-04-13 16:27 - 2016-03-29 08:48 - 00346624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-04-13 16:27 - 2016-03-29 08:44 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-04-13 16:27 - 2016-03-29 08:43 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll
2016-04-13 16:27 - 2016-03-29 08:42 - 01410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-04-13 16:27 - 2016-03-29 08:42 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-13 16:27 - 2016-03-29 08:41 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2016-04-13 16:27 - 2016-03-29 08:40 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-04-13 16:27 - 2016-03-29 08:39 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2016-04-13 16:27 - 2016-03-29 08:39 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2016-04-13 16:27 - 2016-03-29 08:39 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-04-13 16:27 - 2016-03-29 08:38 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-04-13 16:27 - 2016-03-29 08:36 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-04-13 16:27 - 2016-03-29 08:34 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-04-13 16:27 - 2016-03-29 08:34 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2016-04-13 16:27 - 2016-03-29 08:34 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-04-13 16:27 - 2016-03-29 08:32 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-04-13 16:27 - 2016-03-29 08:32 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2016-04-13 16:27 - 2016-03-29 08:32 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-04-13 16:27 - 2016-03-29 08:32 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-04-13 16:27 - 2016-03-29 08:32 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-04-13 16:27 - 2016-03-29 08:32 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2016-04-13 16:27 - 2016-03-29 08:31 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-04-13 16:27 - 2016-03-29 08:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-04-13 16:27 - 2016-03-29 08:29 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-04-13 16:27 - 2016-03-29 08:29 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-04-13 16:27 - 2016-03-29 08:28 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-04-13 16:27 - 2016-03-29 08:27 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-04-13 16:27 - 2016-03-29 08:27 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-04-13 16:27 - 2016-03-29 08:27 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-04-13 16:27 - 2016-03-29 08:27 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-04-13 16:27 - 2016-03-29 08:23 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2016-04-13 16:27 - 2016-03-29 08:22 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-04-13 16:27 - 2016-03-29 08:17 - 00765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-04-13 16:27 - 2016-03-29 08:14 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-04-13 16:27 - 2016-03-29 08:13 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2016-04-13 16:27 - 2016-03-29 08:10 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-04-13 16:27 - 2016-03-29 08:06 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-04-13 16:27 - 2016-03-29 08:05 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-04-13 16:27 - 2016-03-29 08:05 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-04-13 16:27 - 2016-03-29 08:04 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-04-13 16:27 - 2016-03-29 08:04 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-04-13 16:27 - 2016-03-29 08:01 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-04-13 16:27 - 2016-03-29 08:00 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-04-13 16:27 - 2016-03-29 07:45 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2016-04-13 16:27 - 2016-03-29 07:43 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-04-13 16:27 - 2016-03-29 07:35 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2016-04-13 16:27 - 2016-03-29 07:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-04-13 16:27 - 2016-03-29 07:27 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-04-13 16:27 - 2016-03-29 07:26 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-04-13 16:27 - 2016-03-29 07:25 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-04-13 16:27 - 2016-03-29 07:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-04-13 16:27 - 2016-03-29 07:21 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-05-11 10:47 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-05-11 10:45 - 2015-12-05 06:22 - 02093950 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-05-11 10:45 - 2015-10-30 20:35 - 00892760 _____ C:\WINDOWS\system32\perfh007.dat
2016-05-11 10:45 - 2015-10-30 20:35 - 00198308 _____ C:\WINDOWS\system32\perfc007.dat
2016-05-11 10:45 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-05-11 10:45 - 2015-09-10 22:24 - 00004160 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{90A90AAA-6423-4099-9395-1F329D06981B}
2016-04-22 09:57 - 2012-12-17 21:50 - 00453288 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-04-21 19:13 - 2015-06-16 20:03 - 00001244 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2644038190-2686571229-67561758-500UA.job
2016-04-21 19:05 - 2012-01-14 05:28 - 00001140 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-21 18:35 - 2012-01-14 05:28 - 00001136 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-21 18:34 - 2015-06-30 21:08 - 00000000 ___RD C:\Users\Administrator\iCloudDrive
2016-04-21 18:32 - 2015-12-05 06:42 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-21 18:32 - 2015-10-30 08:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-04-21 17:13 - 2012-09-17 22:06 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Dropbox
2016-04-21 07:59 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-20 21:24 - 2014-08-06 09:06 - 00000000 ____D C:\ProgramData\Package Cache
2016-04-20 21:24 - 2012-12-17 21:55 - 00000000 ____D C:\ProgramData\Avira
2016-04-20 21:24 - 2012-12-17 21:55 - 00000000 ____D C:\Program Files (x86)\Avira
2016-04-20 21:18 - 2012-12-17 22:00 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Avira
2016-04-20 12:54 - 2015-12-05 06:14 - 00337344 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-20 12:32 - 2013-04-01 09:40 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-04-20 12:28 - 2012-01-14 05:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-04-20 12:27 - 2015-12-05 06:00 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-04-20 12:27 - 2015-10-30 20:47 - 00000000 ____D C:\WINDOWS\ShellNew
2016-04-20 12:24 - 2009-07-14 04:34 - 00000387 _____ C:\WINDOWS\win.ini
2016-04-20 12:23 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-04-20 12:20 - 2014-12-27 15:59 - 00000000 ____D C:\Program Files\Adobe
2016-04-19 12:01 - 2015-12-05 06:24 - 00000000 ____D C:\Users\Administrator
2016-04-19 10:34 - 2014-09-30 20:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\TeamViewer
2016-04-19 10:31 - 2015-06-16 20:03 - 00000000 ____D C:\Users\Administrator\AppData\Local\Dropbox
2016-04-18 10:53 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2016-04-15 17:04 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-04-14 03:32 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-04-14 03:32 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-04-14 03:32 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-04-14 03:32 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-04-13 19:01 - 2012-09-17 21:37 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Skype
2016-04-13 16:55 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-13 16:51 - 2013-08-06 18:10 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-13 16:45 - 2013-04-02 13:02 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-13 16:32 - 2015-09-10 18:08 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
2016-04-12 09:36 - 2016-02-13 19:25 - 00002499 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-12 09:36 - 2016-02-13 19:25 - 00002491 _____ C:\Users\Administrator\Desktop\Google Chrome.lnk

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2013-04-01 09:29 - 2006-06-02 14:27 - 0017542 _____ () C:\Program Files\Common Files\Net4Switch.ico
2007-06-12 10:34 - 2007-06-12 10:34 - 0035822 _____ () C:\Program Files (x86)\Common Files\ASPG_icon.ico
2008-05-22 09:35 - 2008-05-22 09:35 - 0051962 _____ () C:\Program Files (x86)\Common Files\banner.jpg
2009-04-08 11:31 - 2009-04-08 11:31 - 0106496 _____ () C:\Program Files (x86)\Common Files\CPInstallAction.dll
2008-08-11 22:45 - 2008-08-11 22:45 - 0155648 _____ (ASUS) C:\Program Files (x86)\Common Files\MSIactionall.dll
2013-04-01 09:29 - 2006-06-02 14:27 - 0017542 _____ () C:\Program Files (x86)\Common Files\Net4Switch.ico
2016-02-16 16:58 - 2016-02-16 16:58 - 0004096 ____H () C:\Users\Administrator\AppData\Local\keyfile3.drm
2012-09-18 13:12 - 2012-09-18 13:12 - 0007606 _____ () C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2014-01-05 17:48 - 2014-01-05 17:48 - 0000088 ____H () C:\ProgramData\aspg.dat
2012-01-14 05:40 - 2010-07-07 02:10 - 0131472 _____ () C:\ProgramData\FullRemove.exe
2012-01-14 05:26 - 2012-01-14 05:27 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2012-01-14 05:26 - 2012-01-14 05:26 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\ProgramData\aspg.dat


Einige Dateien in TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\avgnt.exe
C:\Users\Administrator\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpg921ym.dll
C:\Users\Administrator\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\Administrator\AppData\Local\Temp\jre-8u77-windows-au.exe
C:\Users\Administrator\AppData\Local\Temp\libeay32.dll
C:\Users\Administrator\AppData\Local\Temp\msvcr120.dll
C:\Users\Administrator\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-04-20 14:33

==================== Ende von FRST.txt ============================
--- --- ---

jobi2122 11.05.2016 10:03
und hier die addition

Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:18-04-2016
durchgeführt von Gerhard (2016-05-11 10:48:44)
Gestartet von C:\Users\Administrator\Desktop
Windows 10 Pro Version 1511 (X64) (2015-12-05 04:48:35)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

DefaultAccount (S-1-5-21-2644038190-2686571229-67561758-503 - Limited - Disabled)
Gast (S-1-5-21-2644038190-2686571229-67561758-501 - Limited - Disabled)
Gerhard (S-1-5-21-2644038190-2686571229-67561758-500 - Administrator - Enabled) => C:\Users\Administrator

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

64 Bit HP CIO Components Installer (Version: 8.2.1 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Alcor Micro Smart Card Reader Driver (HKLM-x32\...\SZCCID) (Version: 1.7.44.0 - Alcor Micro Corp.)
Amazon 1Button App (HKLM-x32\...\{B6DCCCD3-520D-4485-B642-FCC136CE12C3}) (Version: 2.3.4 - Amazon) <==== ACHTUNG
Apple Application Support (32-Bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ArcSoft PhotoImpression 6 (HKLM-x32\...\{063E409E-3D7C-4A4A-95AB-2F124B9224B3}) (Version: 6.1.8.146 - ArcSoft)
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.10 - ASUS)
ASUS CopyProtect (HKLM-x32\...\{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}) (Version: 1.0.0015 - ASUS)
ASUS Data Security Manager (HKLM-x32\...\{FA2092C5-7979-412D-A962-6485274AE1EE}) (Version: 1.00.0014 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.37 - ASUS)
ASUS Secure Delete (HKLM\...\{761C6783-D3BC-48AB-8E7C-61CE918A8436}) (Version: 1.00.0006 - ASUS)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.4.617 - ASUSTEK)
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.26 - Atheros Communications Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0006 - ASUS)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisplayLink Core Software (HKLM\...\{5346695A-EC06-45D4-8ACE-4E889A6D5289}) (Version: 7.9.1488.0 - DisplayLink Corp.)
DisplayLink Graphics (HKLM\...\{A744DD78-EF5D-4DC4-B58B-5C69A0A1811A}) (Version: 7.3.48949.0 - DisplayLink Corp.)
Document Manager Lite (Version: 06.10.00.026 - Wave Systems Corp.) Hidden
Document Manager Lite (x32 Version:  - ) Hidden
Dropbox (HKU\S-1-5-21-2644038190-2686571229-67561758-500\...\Dropbox) (Version: 3.8.8 - Dropbox, Inc.)
ELAN Touchpad 15.9.6.1_X64_WHQL (HKLM\...\Elantech) (Version: 15.9.6.1 - ELAN Microelectronic Corp.)
EMBASSY Security Center Lite (Version: 04.01.00.055 - Wave Systems Corp) Hidden
EMBASSY Security Center Lite (x32 Version:  - ) Hidden
EMBASSY Security Setup (Version: 04.01.00.055 - Wave Systems Corp) Hidden
EMBASSY Security Setup (x32 Version:  - ) Hidden
Embassy Trust Suite - Asus Edition (HKLM\...\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}) (Version: 02.05.02.019 - Wave Systems Corp)
ESC Home Page Plugin (Version: 04.01.00.014 - Wave Systems Corp) Hidden
ESC Home Page Plugin (x32 Version:  - ) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKU\S-1-5-21-2644038190-2686571229-67561758-500\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HP LJ300-400 color MFP M375-M475 (HKLM-x32\...\{9D1DE902-8058-4555-A16A-FBFAA49587DB}) (Version:  - Hewlett-Packard)
HP LJ300-400 color MFP M375-M475 Fax (HKLM-x32\...\{F284FAB3-7B91-499F-856A-1A8BF7649D8D}) (Version: 24.0.0.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
hpbDSService (x32 Version: 001.001.05133 - Hewlett-Packard) Hidden
hpbM375M475DSService (x32 Version: 001.001.05164 - Hewlett-Packard) Hidden
HPLaserJet300-400ColorM375-M475Series_HelpLearnCenter_SI (HKLM-x32\...\{72A474E0-5AA3-4EDD-8FAA-D87CB2FD0654}) (Version: 1.01.0000 - Hewlett-Packard)
HPLJDXPHelper (x32 Version: 020.021.004 - HP) Hidden
HPLJUTCore (x32 Version: 1.02.0014 - HP) Hidden
HPLJUTM375-M475 (x32 Version: 1.02.0013 - HP) Hidden
hppFaxDrvM375M475 (x32 Version: 003.000.00002 - Hewlett-Packard) Hidden
hppLaserJetService (x32 Version: 009.022.00806 - Hewlett-Packard) Hidden
hppM375_M475LaserJetService (x32 Version: 005.020.00094 - Hewlett-Packard) Hidden
hppSendFaxM375M475 (x32 Version: 003.000.00002 - Hewlett-Packard) Hidden
hppToolboxProxyM375 (x32 Version: 020.021.004 - HP) Hidden
hpStatusAlerts (x32 Version: 020.025.1119 - Hewlett Packard) Hidden
hpStatusAlertsM375_M475 (x32 Version: 020.023.01805 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
InstanceFinder (x32 Version: 020.021.004 - HP) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2993 - Intel Corporation)
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kensington Office Dock (HKLM\...\{A0239037-2BB4-4EB9-864A-281797A50D24}) (Version: 6.1.35912.0 - Kensington Computer Products Group)
LJDXPHelperUI (x32 Version: 020.021.004 - HP) Hidden
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.97 - LSI Corporation)
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 5.1.6 - CEWE Stiftung u Co. KGaA)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Application Compatibility Toolkit 5.6 (HKLM-x32\...\{0F5AEBB0-43F3-4571-ACE7-A7942E8AA179}) (Version: 5.6.7324.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
NB Probe (HKLM-x32\...\{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}) (Version:  - )
Net4Switch (HKLM-x32\...\{9D6D7811-43B3-463C-BC79-5D1755269989}) (Version: 1.00.0020 - ASUS)
OVTScanner_Vista64 (HKLM-x32\...\{AE09704D-9051-4C25-B940-77F889F0C93F}) (Version: 1.00.0000 - OVT)
Preboot Manager (Version: 03.01.00.149 - Wave Systems Corp.) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6156 - Realtek Semiconductor Corp.)
SceneSwitch (HKLM-x32\...\{5172E572-C175-4F80-A6D5-5CB45826AD61}) (Version: 1.0.6 - ASUS)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
SmartCard Reader Driver Installation (HKLM-x32\...\EmvSCard) (Version: 1.8.1220.12 - Alcor Micro,Corp.)
SmartCard Reader Driver Installation (x32 Version: 1.8.1220.12 - Alcor Micro,Corp.) Hidden
SmartTools Office DDE-Fix (HKLM-x32\...\SmartTools PublishingOffice DDE-Fixv1.20) (Version: v1.20 - SmartTools Publishing)
System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
ToolboxProxy (x32 Version: 020.023.005 - HP) Hidden
Validity Sensors PBA DDK (HKLM\...\{1858AED4-8D6A-40D2-BAC5-BA6F10DFE056}) (Version: 4.1.316.0 - Validity Sensors, Inc.)
VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN)
Wave Infrastructure Installer (Version: 07.65.30.0046 - Wave Systems Corp) Hidden
Wave Support Software (Version: 05.11.00.051 - Wave Systems Corp) Hidden
Wave Support Software (x32 Version:  - ) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.5.500 - Broadcom Corporation)
Windows Driver Package - Broadcom Bluetooth  (07/17/2009 6.2.0.9403) (HKLM\...\F9FD5BBF579A4BFD40D38BE291F731666B27DC28) (Version: 07/17/2009 6.2.0.9403 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (07/29/2009 6.1.7100.0) (HKLM\...\2AA10AB519DC7432D599A0E860206A7DDCC27764) (Version: 07/29/2009 6.1.7100.0 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (06/11/2009 6.2.0.9500) (HKLM\...\0E74EB10C05C955C24243E6D3120CDC972FC5B1D) (Version: 06/11/2009 6.2.0.9500 - Broadcom)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.30.2 - ASUS)
WinRAR 4.20 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.19 - ASUS)
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Элемент управления Windows Live Mesh ActiveX для удаленных подключений (HKLM-x32\...\{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}) (Version: 15.4.5722.2 - Microsoft Corporation)
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים (HKLM-x32\...\{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}) (Version: 15.4.5722.2 - Microsoft Corporation)
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة (HKLM-x32\...\{E18B30AA-6E2D-480C-B918-AF61009F4010}) (Version: 15.4.5722.2 - Microsoft Corporation)
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-2644038190-2686571229-67561758-500_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2644038190-2686571229-67561758-500_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2644038190-2686571229-67561758-500_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2644038190-2686571229-67561758-500_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2644038190-2686571229-67561758-500_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2644038190-2686571229-67561758-500_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2644038190-2686571229-67561758-500_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2644038190-2686571229-67561758-500_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2644038190-2686571229-67561758-500_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2644038190-2686571229-67561758-500_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2644038190-2686571229-67561758-500_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2644038190-2686571229-67561758-500_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2644038190-2686571229-67561758-500_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2644038190-2686571229-67561758-500_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2644038190-2686571229-67561758-500_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2644038190-2686571229-67561758-500_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {01CEAF64-CE8A-48A2-8A5B-83A290ABEBCB} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {1B22D1AF-C381-4BC3-ACA7-42D2FA9E8FDA} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {1CD17094-0524-45F8-953B-7B2C3626C0E7} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-05-28] (ATK)
Task: {25D8FD54-AB49-41AD-90A9-4723964E4814} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {268B0B51-046F-4891-8FB1-CDCE6BE7E974} - System32\Tasks\{AB7EEF8E-1C2E-4889-B84B-589E7046B020} => C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
Task: {26BFE618-2A22-4DE0-982E-BE2223983411} - System32\Tasks\ASUS Secure Delete => C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe [2010-05-12] ()
Task: {28EAFF5D-BD4B-4905-A672-587481956B42} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {2C97B89E-D8AA-4F92-BBF9-70770CEA060E} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {2D3E19AC-1E45-4E8F-9A08-7EEA25A25E6B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {444F243F-2D4C-4A2E-9B96-E0FCC3C1C7F0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {4BDFCE52-C808-4737-986D-9ECD1E8AC559} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {514C7F94-2F4A-4BCC-93A0-6BC66A9B621E} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-03-20] (Oracle Corporation)
Task: {5407258E-55B5-42C2-BA2B-6D14A2993624} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {5714D371-1AB7-446D-B2C5-0F179C2CC967} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {573C295C-61F2-499C-A44B-3BCCF896C9E1} - System32\Tasks\{C9C09D3A-FD1D-4594-912C-57E800C56817} => C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
Task: {615DE480-C4CD-4008-9A56-09BC9F351C25} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {6369A2A1-BF63-4A58-B691-C453A8FC5633} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {63E24031-D4E2-4A7C-A155-3B36B0138678} - System32\Tasks\{108C5CB6-A0C0-4901-9ACC-45B6FAC27EA8} => C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
Task: {68D12659-804F-4468-8553-8DB889E87D3A} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2013-05-30] (Hewlett-Packard)
Task: {6980B2B6-816E-44AD-B0CA-3C1CD1FBFB1B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {72E77CEC-9110-4301-8A85-6A0D493739E2} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {77657F50-9813-4BB8-B5E8-C93C318A553D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {7B139354-2BED-4879-8E24-AE3576F855AA} - System32\Tasks\ASPG => C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe [2009-06-29] (ASUS)
Task: {7C0DAC6D-CD62-4C39-AA98-74C280527F7E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {7E431463-7B2F-4DA2-98A2-8030BE8B5E41} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2644038190-2686571229-67561758-500UA => C:\Users\Administrator\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-04-18] (Dropbox, Inc.)
Task: {84A7A949-4BE4-454A-9C40-C3ADFCA7264B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {8C20687D-61E7-4EC4-A2C5-E7200EF9B937} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {939625EB-478B-414E-843A-D297AC34FE72} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {95130C98-AD4D-46C0-A7EB-B0994F92C133} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {95B1839A-7F5F-4003-AE35-85C6E16B634D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {95FE939A-B728-4DF3-BD1A-D255CBC61618} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {98D803DB-2ECE-46D3-8080-1EFEF05A627F} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {9E75445C-E131-4C89-ADAE-FC986BC568B0} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-18] (ASUS)
Task: {A8E0D983-6D1A-4D1D-879E-0EFC34C860F2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {AC155BD6-A2EE-4254-AEC0-7FD9CEE82ECA} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {B1FF92EB-5C34-427B-AD8F-5492187655FF} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2011-05-03] (Hewlett Packard)
Task: {B22D48A6-8DE0-4C7F-AC13-C9E1D2E6859A} - System32\Tasks\{308AAF61-7C61-4DE8-964D-0D88E25EF86D} => C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
Task: {B2A26076-47C3-4E49-8968-2B1CFF7DF304} - System32\Tasks\{BBC67C3D-86BA-456C-AA64-A5CAC48A33D3} => C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
Task: {B319FE70-C7A7-4F0C-B693-F84015D8B1F1} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {B336544B-958F-4628-B83F-590D1D00F1C0} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {B8C8E244-7EA3-49CB-A5CC-8CA18210379E} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {BE863B77-773B-4017-9F5B-DA052BF78A3B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-04-13] (Microsoft Corporation)
Task: {BF91D213-3EC5-43C4-A55D-B71B1BB115B8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {C06D00A4-662F-4CC1-BDC9-A324694B47AD} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {C14C060B-AFBC-4AB3-9BBC-251642336147} - System32\Tasks\Google Updater and Installer => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2016-02-13] (Google Inc.)
Task: {CA5443C1-02D8-4298-9BF9-B4ABDFE6B61F} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {CF77F960-7E79-44F3-8579-DCFBF3751B04} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {D2A5A1FB-0557-4135-ADBB-DE71848BFB58} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {DDBFF1DE-6BE7-45F9-82A9-4B1563490BFF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {E37E693E-65CB-42A0-B445-9DE86626E55B} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {F1C6476A-95E1-48D7-9689-054A0A3CCCBC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {F4FB54C8-51B9-4A81-9244-3356CF39A101} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: {F9EAD1BE-75B3-4774-9946-095A0C641FDD} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2644038190-2686571229-67561758-500Core1d199416bd8b8fb.job => C:\Users\Administrator\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2644038190-2686571229-67561758-500UA.job => C:\Users\Administrator\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2644038190-2686571229-67561758-500Core.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2644038190-2686571229-67561758-500Core1d1668364fc4b9f.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2644038190-2686571229-67561758-500Core1d16685343da637.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-04-13 16:28 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 16:28 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2007-06-15 10:28 - 2007-06-15 10:28 - 00104960 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll
2007-06-01 16:52 - 2007-06-01 16:52 - 00159744 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
2010-07-07 20:19 - 2010-07-07 20:19 - 00299520 _____ () C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\ContextMenuItem.dll
2010-07-07 20:17 - 2010-07-07 20:17 - 00278016 _____ () C:\WINDOWS\SYSTEM32\wxvault.dll
2016-02-12 17:20 - 2016-02-12 17:20 - 01652456 _____ () C:\Program Files\DisplayLink Core Software\AddOnApi64.dll
2015-12-18 10:25 - 2015-12-07 06:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-04-13 16:27 - 2016-04-02 05:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-04-13 16:28 - 2016-04-02 05:03 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-04-13 16:27 - 2016-04-02 04:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-04-13 16:28 - 2016-04-02 04:59 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-04-13 16:28 - 2016-04-02 05:02 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-03-29 14:18 - 2016-03-29 14:18 - 00016896 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-03-29 14:18 - 2016-03-29 14:18 - 17535488 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-03-06 16:04 - 2016-03-06 16:06 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-04-19 10:33 - 2016-04-19 10:34 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-03-18 22:56 - 2016-03-18 22:56 - 01040656 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00237328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2016-04-19 10:33 - 2016-04-19 10:34 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 10:33 - 2016-04-19 10:34 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\.DEFAULT\...\amazon.de -> hxxps://amazon.de
IE trusted site: HKU\S-1-5-21-2644038190-2686571229-67561758-500\...\amazon.de -> hxxps://amazon.de

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2016-04-20 12:51 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

MSCONFIG\startupfolder: C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AmIcoSinglun64 => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
MSCONFIG\startupreg: AppleIEDAV => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ASUSWebStorage => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
MSCONFIG\startupreg: ATKMEDIA => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: com.apple.dav.bookmarks.daemon => C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun                                                                                                                                                                                                         
MSCONFIG\startupreg: EmbassySecurityCheck => "C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe"                                                                                                                                                                                   
MSCONFIG\startupreg: Google Update => "C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Setwallpaper => c:\programdata\SetWallpaper.cmd
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: UpdateLBPShortCut => "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
MSCONFIG\startupreg: WavXMgr => C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
HKLM\...\StartupApproved\Run32: => "ADSMTray"
HKLM\...\StartupApproved\Run32: => "ASUS Screen Saver Protector"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKU\S-1-5-21-2644038190-2686571229-67561758-500\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-2644038190-2686571229-67561758-500\...\StartupApproved\StartupFolder: => "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk"
HKU\S-1-5-21-2644038190-2686571229-67561758-500\...\StartupApproved\Run: => "Adobe Reader Synchronizer"
HKU\S-1-5-21-2644038190-2686571229-67561758-500\...\StartupApproved\Run: => "Dropbox Update"
HKU\S-1-5-21-2644038190-2686571229-67561758-500\...\StartupApproved\Run: => "OneDrive"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{69DD8164-9C4B-4E16-B6AE-41C3E3CDC4B9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8B2586A5-AF76-4E6B-8CDC-8FA33DC3EBCE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{282A9542-334D-43D0-8625-E1806D34BE6A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{089428DA-2DA0-4B8B-9BD9-E8460B660739}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{1917B999-8A11-4E3E-B225-8A894B1A1A71}C:\users\administrator\desktop\googlechromeportable\app\chrome-bin\chrome.exe] => (Block) C:\users\administrator\desktop\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [TCP Query User{B19A3798-38C5-48B2-9A85-9B74A0E68E61}C:\users\administrator\desktop\googlechromeportable\app\chrome-bin\chrome.exe] => (Block) C:\users\administrator\desktop\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [{1469BA5B-7099-4537-97B9-E8B168D80D1C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{F198ED16-CDEC-4B53-9A0E-402C9ACAE4CC}] => (Allow) LPort=2869
FirewallRules: [{4F2BA1D8-98B1-4634-84EB-F241E7C2C826}] => (Allow) LPort=1900
FirewallRules: [{EC0A2835-B9EE-4CDF-AD8B-CBC994C4FF68}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{BC465971-05FC-43CF-8C0D-7353D69C4B0D}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{2B7414FE-EC18-42DC-86FF-17165B2E89F0}] => (Allow) LPort=5353
FirewallRules: [{A0A7D015-F216-4B2F-9931-BA96B9285F71}] => (Allow) LPort=8182
FirewallRules: [{2B4CE917-A839-472A-9A20-E33DC25AC02E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{A3489AFF-8E70-41C3-AACE-4FD0122751C9}] => (Allow) C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{98AA766E-F183-409E-9989-C6C308669B7E}] => (Allow) C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{546115A9-AC6A-4338-A915-001C31DCA85C}C:\users\administrator\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\administrator\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{96EDB608-E3AB-44B6-BCC3-C8113B018B5A}C:\users\administrator\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\administrator\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{58B6271A-1BE4-4B26-A41C-FB2314484609}] => (Allow) C:\Program Files (x86)\HP\HP LJ300-400 color MFP M375-M475\Bin\HPNetworkCommunicator.exe
FirewallRules: [{5AE18D10-38B1-4618-A0E4-035681DCDBEA}] => (Allow) C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [{DDE1F6AC-EB3D-4442-8776-0C57666426EB}] => (Allow) C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
FirewallRules: [{10AB0320-8F7B-4645-9180-375B2B1BA538}] => (Allow) C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
FirewallRules: [{17B8C282-005D-4B09-80CC-616CCB42CD32}] => (Allow) E:\fsetup.exe
FirewallRules: [{52EC2750-F05D-4C41-88C1-B3C16999C07F}] => (Allow) E:\fsetup.exe
FirewallRules: [{6BE51BF0-7B79-4BA1-ABD2-310C1B40FC41}] => (Allow) E:\fsetup.exe
FirewallRules: [{62468E78-8A9C-48FD-A126-F072A6DA9E16}] => (Allow) E:\fsetup.exe
FirewallRules: [{5490CC6D-BBF5-4CF2-A2AC-A6A9D67DBFDC}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{F988AF88-CCDB-4490-8EF5-FDE9AC92D420}C:\users\administrator\appdata\local\temp\teamviewer\version9\teamviewer.exe] => (Block) C:\users\administrator\appdata\local\temp\teamviewer\version9\teamviewer.exe
FirewallRules: [UDP Query User{B251A169-9959-43B6-94B5-E4A13F3B9604}C:\users\administrator\appdata\local\temp\teamviewer\version9\teamviewer.exe] => (Block) C:\users\administrator\appdata\local\temp\teamviewer\version9\teamviewer.exe

==================== Wiederherstellungspunkte =========================

ACHTUNG: Systemwiederherstellung ist deaktiviert

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (05/11/2016 10:41:38 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Gerhard-PC)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2147024865. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (04/21/2016 04:37:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: microsoftedgecp.exe, Version: 11.0.10586.20, Zeitstempel: 0x56540c35
Name des fehlerhaften Moduls: iertutil.dll, Version: 11.0.10586.122, Zeitstempel: 0x56cbfa23
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000000000007040
ID des fehlerhaften Prozesses: 0x1434
Startzeit der fehlerhaften Anwendung: 0xmicrosoftedgecp.exe0
Pfad der fehlerhaften Anwendung: microsoftedgecp.exe1
Pfad des fehlerhaften Moduls: microsoftedgecp.exe2
Berichtskennung: microsoftedgecp.exe3
Vollständiger Name des fehlerhaften Pakets: microsoftedgecp.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: microsoftedgecp.exe5

Error: (04/21/2016 04:36:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: microsoftedgecp.exe, Version: 11.0.10586.20, Zeitstempel: 0x56540c35
Name des fehlerhaften Moduls: iertutil.dll, Version: 11.0.10586.122, Zeitstempel: 0x56cbfa23
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000000000007040
ID des fehlerhaften Prozesses: 0x674
Startzeit der fehlerhaften Anwendung: 0xmicrosoftedgecp.exe0
Pfad der fehlerhaften Anwendung: microsoftedgecp.exe1
Pfad des fehlerhaften Moduls: microsoftedgecp.exe2
Berichtskennung: microsoftedgecp.exe3
Vollständiger Name des fehlerhaften Pakets: microsoftedgecp.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: microsoftedgecp.exe5

Error: (04/21/2016 04:36:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: microsoftedgecp.exe, Version: 11.0.10586.20, Zeitstempel: 0x56540c35
Name des fehlerhaften Moduls: iertutil.dll, Version: 11.0.10586.122, Zeitstempel: 0x56cbfa23
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000000000007040
ID des fehlerhaften Prozesses: 0x674
Startzeit der fehlerhaften Anwendung: 0xmicrosoftedgecp.exe0
Pfad der fehlerhaften Anwendung: microsoftedgecp.exe1
Pfad des fehlerhaften Moduls: microsoftedgecp.exe2
Berichtskennung: microsoftedgecp.exe3
Vollständiger Name des fehlerhaften Pakets: microsoftedgecp.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: microsoftedgecp.exe5

Error: (04/21/2016 04:36:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: microsoftedgecp.exe, Version: 11.0.10586.20, Zeitstempel: 0x56540c35
Name des fehlerhaften Moduls: iertutil.dll, Version: 11.0.10586.122, Zeitstempel: 0x56cbfa23
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000000000007040
ID des fehlerhaften Prozesses: 0x674
Startzeit der fehlerhaften Anwendung: 0xmicrosoftedgecp.exe0
Pfad der fehlerhaften Anwendung: microsoftedgecp.exe1
Pfad des fehlerhaften Moduls: microsoftedgecp.exe2
Berichtskennung: microsoftedgecp.exe3
Vollständiger Name des fehlerhaften Pakets: microsoftedgecp.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: microsoftedgecp.exe5

Error: (04/21/2016 04:36:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: microsoftedgecp.exe, Version: 11.0.10586.20, Zeitstempel: 0x56540c35
Name des fehlerhaften Moduls: iertutil.dll, Version: 11.0.10586.122, Zeitstempel: 0x56cbfa23
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000000000007040
ID des fehlerhaften Prozesses: 0x62c
Startzeit der fehlerhaften Anwendung: 0xmicrosoftedgecp.exe0
Pfad der fehlerhaften Anwendung: microsoftedgecp.exe1
Pfad des fehlerhaften Moduls: microsoftedgecp.exe2
Berichtskennung: microsoftedgecp.exe3
Vollständiger Name des fehlerhaften Pakets: microsoftedgecp.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: microsoftedgecp.exe5

Error: (04/21/2016 04:34:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5712094

Error: (04/21/2016 04:34:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5712094

Error: (04/21/2016 04:34:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/21/2016 01:51:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5578


Systemfehler:
=============
Error: (05/11/2016 10:41:38 AM) (Source: DCOM) (EventID: 10001) (User: Gerhard-PC)
Description: "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca31CortanaUI.AppXn73w0hsq3g4wx1h9fhf7q02vw2wta6qc.mcaNicht verfügbarNicht verfügbar

Error: (04/21/2016 06:34:29 PM) (Source: SCardSvr) (EventID: 610) (User: )
Description: Kein Medium im Laufwerk.Alcor Micro USB Smart Card Reader 00x3136b040 a1 05 8f

Error: (04/21/2016 06:34:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Net.Pipe-Listeneradapter" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (04/21/2016 06:34:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Net.Msmq-Listeneradapter" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (04/21/2016 06:34:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst NetMsmqActivator erreicht.

Error: (04/21/2016 06:34:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst NetPipeActivator erreicht.

Error: (04/21/2016 06:33:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Apple Mobile Device Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (04/21/2016 06:33:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Apple Mobile Device Service erreicht.

Error: (04/21/2016 06:32:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "NetTcpActivator" ist vom Dienst "NetTcpPortSharing" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058

Error: (04/21/2016 06:32:49 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "ATKGFNEXSrv" ist von folgendem Dienst abhängig: ASMMAP64. Dieser Dienst ist möglicherweise nicht installiert.


CodeIntegrity:
===================================
  Date: 2016-04-21 18:41:24.619
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-21 18:41:24.596
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-21 17:29:55.096
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-21 17:29:55.075
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-21 17:29:52.795
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-21 17:29:52.772
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-21 17:29:52.714
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-21 17:29:52.693
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-21 17:29:52.637
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-21 17:29:52.615
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen ===========================

Prozessor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz
Prozentuale Nutzung des RAM: 57%
Installierter physikalischer RAM: 3893.15 MB
Verfügbarer physikalischer RAM: 1659.77 MB
Summe virtueller Speicher: 7861.15 MB
Verfügbarer virtueller Speicher: 5359.94 MB

==================== Laufwerke ================================

Drive c: (OS) (Fixed) (Total:74.52 GB) (Free:32.09 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
Drive d: (DATA) (Fixed) (Total:202.08 GB) (Free:154.46 GB) NTFS
Drive g: (TREKSTOR) (Fixed) (Total:186.26 GB) (Free:53.64 GB) FAT32

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 98B324F9)
Partition 1: (Not Active) - (Size=21.5 GB) - (Type=1C)
Partition 2: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=202.1 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 186.3 GB) (Disk ID: 0E02B1D3)
Partition 1: (Not Active) - (Size=186.3 GB) - (Type=0C)

==================== Ende von Addition.txt ============================
LG

jobi2122 18.05.2016 13:00
wollte nochmals nachfragen wie es nun aussieht? Ist alles weg und kann der Notebook wieder verwendet werden?

LG

cosinus 18.05.2016 22:25
Dein Beitrag ist leider nach den zwei Wochen völlig abgesoffen :blabla:

Da es schon wieder ne Woche her ist, bitte erstmal ein Kontrollscan mit MBAM, anschließend bitte neue FRST-Logs.

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


jobi2122 19.05.2016 11:43
okay kein ding:D

hier die neue Addition.txt
Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:18-04-2016
durchgeführt von Gerhard (2016-05-19 12:38:51)
Gestartet von C:\Users\Administrator\Desktop
Windows 10 Pro Version 1511 (X64) (2015-12-05 04:48:35)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

DefaultAccount (S-1-5-21-2644038190-2686571229-67561758-503 - Limited - Disabled)
Gast (S-1-5-21-2644038190-2686571229-67561758-501 - Limited - Disabled)
Gerhard (S-1-5-21-2644038190-2686571229-67561758-500 - Administrator - Enabled) => C:\Users\Administrator

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

64 Bit HP CIO Components Installer (Version: 8.2.1 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Alcor Micro Smart Card Reader Driver (HKLM-x32\...\SZCCID) (Version: 1.7.44.0 - Alcor Micro Corp.)
Amazon 1Button App (x32 Version: 2.3.4 - Amazon) Hidden <==== ACHTUNG
Amazon Assistant (HKLM-x32\...\Amazon Assistant) (Version: 2.3.4 - Amazon) <==== ACHTUNG
Apple Application Support (32-Bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ArcSoft PhotoImpression 6 (HKLM-x32\...\{063E409E-3D7C-4A4A-95AB-2F124B9224B3}) (Version: 6.1.8.146 - ArcSoft)
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.10 - ASUS)
ASUS CopyProtect (HKLM-x32\...\{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}) (Version: 1.0.0015 - ASUS)
ASUS Data Security Manager (HKLM-x32\...\{FA2092C5-7979-412D-A962-6485274AE1EE}) (Version: 1.00.0014 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.37 - ASUS)
ASUS Secure Delete (HKLM\...\{761C6783-D3BC-48AB-8E7C-61CE918A8436}) (Version: 1.00.0006 - ASUS)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.4.617 - ASUSTEK)
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.26 - Atheros Communications Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0006 - ASUS)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisplayLink Core Software (HKLM\...\{5346695A-EC06-45D4-8ACE-4E889A6D5289}) (Version: 7.9.1488.0 - DisplayLink Corp.)
DisplayLink Graphics (HKLM\...\{A744DD78-EF5D-4DC4-B58B-5C69A0A1811A}) (Version: 7.3.48949.0 - DisplayLink Corp.)
Document Manager Lite (Version: 06.10.00.026 - Wave Systems Corp.) Hidden
Document Manager Lite (x32 Version:  - ) Hidden
Dropbox (HKU\S-1-5-21-2644038190-2686571229-67561758-500\...\Dropbox) (Version: 3.8.8 - Dropbox, Inc.)
ELAN Touchpad 15.9.6.1_X64_WHQL (HKLM\...\Elantech) (Version: 15.9.6.1 - ELAN Microelectronic Corp.)
EMBASSY Security Center Lite (Version: 04.01.00.055 - Wave Systems Corp) Hidden
EMBASSY Security Center Lite (x32 Version:  - ) Hidden
EMBASSY Security Setup (Version: 04.01.00.055 - Wave Systems Corp) Hidden
EMBASSY Security Setup (x32 Version:  - ) Hidden
Embassy Trust Suite - Asus Edition (HKLM\...\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}) (Version: 02.05.02.019 - Wave Systems Corp)
ESC Home Page Plugin (Version: 04.01.00.014 - Wave Systems Corp) Hidden
ESC Home Page Plugin (x32 Version:  - ) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKU\S-1-5-21-2644038190-2686571229-67561758-500\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
HP LJ300-400 color MFP M375-M475 (HKLM-x32\...\{9D1DE902-8058-4555-A16A-FBFAA49587DB}) (Version:  - Hewlett-Packard)
HP LJ300-400 color MFP M375-M475 Fax (HKLM-x32\...\{F284FAB3-7B91-499F-856A-1A8BF7649D8D}) (Version: 24.0.0.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
hpbDSService (x32 Version: 001.001.05133 - Hewlett-Packard) Hidden
hpbM375M475DSService (x32 Version: 001.001.05164 - Hewlett-Packard) Hidden
HPLaserJet300-400ColorM375-M475Series_HelpLearnCenter_SI (HKLM-x32\...\{72A474E0-5AA3-4EDD-8FAA-D87CB2FD0654}) (Version: 1.01.0000 - Hewlett-Packard)
HPLJDXPHelper (x32 Version: 020.021.004 - HP) Hidden
HPLJUTCore (x32 Version: 1.02.0014 - HP) Hidden
HPLJUTM375-M475 (x32 Version: 1.02.0013 - HP) Hidden
hppFaxDrvM375M475 (x32 Version: 003.000.00002 - Hewlett-Packard) Hidden
hppLaserJetService (x32 Version: 009.022.00806 - Hewlett-Packard) Hidden
hppM375_M475LaserJetService (x32 Version: 005.020.00094 - Hewlett-Packard) Hidden
hppSendFaxM375M475 (x32 Version: 003.000.00002 - Hewlett-Packard) Hidden
hppToolboxProxyM375 (x32 Version: 020.021.004 - HP) Hidden
hpStatusAlerts (x32 Version: 020.025.1119 - Hewlett Packard) Hidden
hpStatusAlertsM375_M475 (x32 Version: 020.023.01805 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
InstanceFinder (x32 Version: 020.021.004 - HP) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2993 - Intel Corporation)
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kensington Office Dock (HKLM\...\{A0239037-2BB4-4EB9-864A-281797A50D24}) (Version: 6.1.35912.0 - Kensington Computer Products Group)
LJDXPHelperUI (x32 Version: 020.021.004 - HP) Hidden
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.97 - LSI Corporation)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 5.1.6 - CEWE Stiftung u Co. KGaA)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Application Compatibility Toolkit 5.6 (HKLM-x32\...\{0F5AEBB0-43F3-4571-ACE7-A7942E8AA179}) (Version: 5.6.7324.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
NB Probe (HKLM-x32\...\{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}) (Version:  - )
Net4Switch (HKLM-x32\...\{9D6D7811-43B3-463C-BC79-5D1755269989}) (Version: 1.00.0020 - ASUS)
OVTScanner_Vista64 (HKLM-x32\...\{AE09704D-9051-4C25-B940-77F889F0C93F}) (Version: 1.00.0000 - OVT)
Preboot Manager (Version: 03.01.00.149 - Wave Systems Corp.) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6156 - Realtek Semiconductor Corp.)
SceneSwitch (HKLM-x32\...\{5172E572-C175-4F80-A6D5-5CB45826AD61}) (Version: 1.0.6 - ASUS)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
SmartCard Reader Driver Installation (HKLM-x32\...\EmvSCard) (Version: 1.8.1220.12 - Alcor Micro,Corp.)
SmartCard Reader Driver Installation (x32 Version: 1.8.1220.12 - Alcor Micro,Corp.) Hidden
SmartTools Office DDE-Fix (HKLM-x32\...\SmartTools PublishingOffice DDE-Fixv1.20) (Version: v1.20 - SmartTools Publishing)
System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
ToolboxProxy (x32 Version: 020.023.005 - HP) Hidden
Validity Sensors PBA DDK (HKLM\...\{1858AED4-8D6A-40D2-BAC5-BA6F10DFE056}) (Version: 4.1.316.0 - Validity Sensors, Inc.)
VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN)
Wave Infrastructure Installer (Version: 07.65.30.0046 - Wave Systems Corp) Hidden
Wave Support Software (Version: 05.11.00.051 - Wave Systems Corp) Hidden
Wave Support Software (x32 Version:  - ) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.5.500 - Broadcom Corporation)
Windows Driver Package - Broadcom Bluetooth  (07/17/2009 6.2.0.9403) (HKLM\...\F9FD5BBF579A4BFD40D38BE291F731666B27DC28) (Version: 07/17/2009 6.2.0.9403 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (07/29/2009 6.1.7100.0) (HKLM\...\2AA10AB519DC7432D599A0E860206A7DDCC27764) (Version: 07/29/2009 6.1.7100.0 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (06/11/2009 6.2.0.9500) (HKLM\...\0E74EB10C05C955C24243E6D3120CDC972FC5B1D) (Version: 06/11/2009 6.2.0.9500 - Broadcom)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.30.2 - ASUS)
WinRAR 4.20 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.19 - ASUS)
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Элемент управления Windows Live Mesh ActiveX для удаленных подключений (HKLM-x32\...\{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}) (Version: 15.4.5722.2 - Microsoft Corporation)
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים (HKLM-x32\...\{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}) (Version: 15.4.5722.2 - Microsoft Corporation)
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة (HKLM-x32\...\{E18B30AA-6E2D-480C-B918-AF61009F4010}) (Version: 15.4.5722.2 - Microsoft Corporation)
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-2644038190-2686571229-67561758-500_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2644038190-2686571229-67561758-500_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2644038190-2686571229-67561758-500_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2644038190-2686571229-67561758-500_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2644038190-2686571229-67561758-500_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2644038190-2686571229-67561758-500_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2644038190-2686571229-67561758-500_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2644038190-2686571229-67561758-500_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2644038190-2686571229-67561758-500_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2644038190-2686571229-67561758-500_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2644038190-2686571229-67561758-500_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2644038190-2686571229-67561758-500_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2644038190-2686571229-67561758-500_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2644038190-2686571229-67561758-500_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2644038190-2686571229-67561758-500_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2644038190-2686571229-67561758-500_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2644038190-2686571229-67561758-500_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {01CEAF64-CE8A-48A2-8A5B-83A290ABEBCB} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {0D8FEC7F-825D-4F8A-B141-BB7495CD8727} - System32\Tasks\DistromaticUpdater-logon => C:\Program Files (x86)\Amazon Browser Settings\updater.exe [2016-05-17] (Distromatic) <==== ACHTUNG
Task: {1B22D1AF-C381-4BC3-ACA7-42D2FA9E8FDA} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {1CD17094-0524-45F8-953B-7B2C3626C0E7} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-05-28] (ATK)
Task: {230E99F3-C975-4D3F-B724-F2425BFA483D} - System32\Tasks\DistromaticSearchProtect-hourly => C:\Program Files (x86)\Amazon Browser Settings\AmznSearchProtect.exe [2016-05-17] (Distromatic) <==== ACHTUNG
Task: {25D8FD54-AB49-41AD-90A9-4723964E4814} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {268B0B51-046F-4891-8FB1-CDCE6BE7E974} - System32\Tasks\{AB7EEF8E-1C2E-4889-B84B-589E7046B020} => C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
Task: {26BFE618-2A22-4DE0-982E-BE2223983411} - System32\Tasks\ASUS Secure Delete => C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe [2010-05-12] ()
Task: {28EAFF5D-BD4B-4905-A672-587481956B42} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {2C97B89E-D8AA-4F92-BBF9-70770CEA060E} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {2D3E19AC-1E45-4E8F-9A08-7EEA25A25E6B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {32AA9121-62C2-4175-85D2-48D55E6F106F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2644038190-2686571229-67561758-500Core1d16685343da637 => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2016-02-13] (Google Inc.)
Task: {444F243F-2D4C-4A2E-9B96-E0FCC3C1C7F0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {4BDFCE52-C808-4737-986D-9ECD1E8AC559} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {514C7F94-2F4A-4BCC-93A0-6BC66A9B621E} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-04-01] (Oracle Corporation)
Task: {5407258E-55B5-42C2-BA2B-6D14A2993624} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {5714D371-1AB7-446D-B2C5-0F179C2CC967} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {573C295C-61F2-499C-A44B-3BCCF896C9E1} - System32\Tasks\{C9C09D3A-FD1D-4594-912C-57E800C56817} => C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
Task: {615DE480-C4CD-4008-9A56-09BC9F351C25} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {6369A2A1-BF63-4A58-B691-C453A8FC5633} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {63E24031-D4E2-4A7C-A155-3B36B0138678} - System32\Tasks\{108C5CB6-A0C0-4901-9ACC-45B6FAC27EA8} => C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
Task: {676691E9-65A8-4F6C-A88C-E277B36C859A} - System32\Tasks\DistromaticUpdater-periodic => C:\Program Files (x86)\Amazon Browser Settings\updater.exe [2016-05-17] (Distromatic) <==== ACHTUNG
Task: {68D12659-804F-4468-8553-8DB889E87D3A} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2013-05-30] (Hewlett-Packard)
Task: {6980B2B6-816E-44AD-B0CA-3C1CD1FBFB1B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {72E77CEC-9110-4301-8A85-6A0D493739E2} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {77657F50-9813-4BB8-B5E8-C93C318A553D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {7B139354-2BED-4879-8E24-AE3576F855AA} - System32\Tasks\ASPG => C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe [2009-06-29] (ASUS)
Task: {7C0DAC6D-CD62-4C39-AA98-74C280527F7E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {7E431463-7B2F-4DA2-98A2-8030BE8B5E41} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2644038190-2686571229-67561758-500UA => C:\Users\Administrator\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-04-18] (Dropbox, Inc.)
Task: {84A7A949-4BE4-454A-9C40-C3ADFCA7264B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {8C20687D-61E7-4EC4-A2C5-E7200EF9B937} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {939625EB-478B-414E-843A-D297AC34FE72} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {95130C98-AD4D-46C0-A7EB-B0994F92C133} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {95B1839A-7F5F-4003-AE35-85C6E16B634D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {95FE939A-B728-4DF3-BD1A-D255CBC61618} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {98D803DB-2ECE-46D3-8080-1EFEF05A627F} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {9E75445C-E131-4C89-ADAE-FC986BC568B0} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-18] (ASUS)
Task: {A8E0D983-6D1A-4D1D-879E-0EFC34C860F2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {AC155BD6-A2EE-4254-AEC0-7FD9CEE82ECA} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {B1FF92EB-5C34-427B-AD8F-5492187655FF} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2011-05-03] (Hewlett Packard)
Task: {B22D48A6-8DE0-4C7F-AC13-C9E1D2E6859A} - System32\Tasks\{308AAF61-7C61-4DE8-964D-0D88E25EF86D} => C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
Task: {B2A26076-47C3-4E49-8968-2B1CFF7DF304} - System32\Tasks\{BBC67C3D-86BA-456C-AA64-A5CAC48A33D3} => C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
Task: {B319FE70-C7A7-4F0C-B693-F84015D8B1F1} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {B336544B-958F-4628-B83F-590D1D00F1C0} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {B8C8E244-7EA3-49CB-A5CC-8CA18210379E} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {BE863B77-773B-4017-9F5B-DA052BF78A3B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-11] (Microsoft Corporation)
Task: {BF91D213-3EC5-43C4-A55D-B71B1BB115B8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {C06D00A4-662F-4CC1-BDC9-A324694B47AD} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {C14C060B-AFBC-4AB3-9BBC-251642336147} - System32\Tasks\Google Updater and Installer => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2016-02-13] (Google Inc.)
Task: {CA5443C1-02D8-4298-9BF9-B4ABDFE6B61F} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {CD9F6580-2360-4A84-A6A5-7DB0D63F3B6E} - System32\Tasks\DistromaticSearchProtect-logon => C:\Program Files (x86)\Amazon Browser Settings\AmznSearchProtect.exe [2016-05-17] (Distromatic) <==== ACHTUNG
Task: {CF77F960-7E79-44F3-8579-DCFBF3751B04} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {D2A5A1FB-0557-4135-ADBB-DE71848BFB58} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {DDBFF1DE-6BE7-45F9-82A9-4B1563490BFF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {E37E693E-65CB-42A0-B445-9DE86626E55B} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {EDE261F7-78D9-4252-9C9C-134F1982DBB9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2644038190-2686571229-67561758-500UA => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2016-02-13] (Google Inc.)
Task: {F1C6476A-95E1-48D7-9689-054A0A3CCCBC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {F4FB54C8-51B9-4A81-9244-3356CF39A101} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: {F9EAD1BE-75B3-4774-9946-095A0C641FDD} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2644038190-2686571229-67561758-500Core1d199416bd8b8fb.job => C:\Users\Administrator\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2644038190-2686571229-67561758-500UA.job => C:\Users\Administrator\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2644038190-2686571229-67561758-500Core.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2644038190-2686571229-67561758-500Core1d1668364fc4b9f.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2644038190-2686571229-67561758-500Core1d16685343da637.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2644038190-2686571229-67561758-500UA.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-02-12 17:20 - 2016-02-12 17:20 - 01652456 _____ () C:\Program Files\DisplayLink Core Software\AddOnApi64.dll
2016-04-13 16:28 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 16:28 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2007-06-15 10:28 - 2007-06-15 10:28 - 00104960 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll
2007-06-01 16:52 - 2007-06-01 16:52 - 00159744 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
2015-12-18 10:25 - 2015-12-07 06:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-11 11:16 - 2016-04-23 06:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-11 11:18 - 2016-04-23 06:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-11 11:18 - 2016-04-23 05:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-11 11:19 - 2016-04-23 05:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-11 11:19 - 2016-04-23 06:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2012-11-26 23:54 - 2012-11-26 23:54 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-07-06 23:51 - 2010-07-06 23:51 - 00130560 _____ () C:\Program Files (x86)\EmvSmartCardReader\BePCSC.exe
2010-09-24 02:53 - 2010-09-24 02:53 - 01601536 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2007-06-15 10:28 - 2007-06-15 10:28 - 00147456 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
2007-06-01 17:08 - 2007-06-01 17:08 - 00143360 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 01040656 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00237328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2011-07-19 16:07 - 2011-07-19 16:07 - 00111160 _____ () C:\Program Files (x86)\HP\StatusAlerts\bin\nativeutils.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\.DEFAULT\...\amazon.de -> hxxps://amazon.de
IE trusted site: HKU\S-1-5-21-2644038190-2686571229-67561758-500\...\amazon.de -> hxxps://amazon.de

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2016-04-20 12:51 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

MSCONFIG\startupfolder: C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AmIcoSinglun64 => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
MSCONFIG\startupreg: AppleIEDAV => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ASUSWebStorage => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
MSCONFIG\startupreg: ATKMEDIA => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: com.apple.dav.bookmarks.daemon => C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun                                                                                                                                                                                                         
MSCONFIG\startupreg: EmbassySecurityCheck => "C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe"                                                                                                                                                                                   
MSCONFIG\startupreg: Google Update => "C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Setwallpaper => c:\programdata\SetWallpaper.cmd
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: UpdateLBPShortCut => "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
MSCONFIG\startupreg: WavXMgr => C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
HKLM\...\StartupApproved\Run32: => "ADSMTray"
HKLM\...\StartupApproved\Run32: => "ASUS Screen Saver Protector"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKU\S-1-5-21-2644038190-2686571229-67561758-500\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-2644038190-2686571229-67561758-500\...\StartupApproved\StartupFolder: => "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk"
HKU\S-1-5-21-2644038190-2686571229-67561758-500\...\StartupApproved\Run: => "Adobe Reader Synchronizer"
HKU\S-1-5-21-2644038190-2686571229-67561758-500\...\StartupApproved\Run: => "Dropbox Update"
HKU\S-1-5-21-2644038190-2686571229-67561758-500\...\StartupApproved\Run: => "OneDrive"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{69DD8164-9C4B-4E16-B6AE-41C3E3CDC4B9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8B2586A5-AF76-4E6B-8CDC-8FA33DC3EBCE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{282A9542-334D-43D0-8625-E1806D34BE6A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{089428DA-2DA0-4B8B-9BD9-E8460B660739}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{1917B999-8A11-4E3E-B225-8A894B1A1A71}C:\users\administrator\desktop\googlechromeportable\app\chrome-bin\chrome.exe] => (Block) C:\users\administrator\desktop\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [TCP Query User{B19A3798-38C5-48B2-9A85-9B74A0E68E61}C:\users\administrator\desktop\googlechromeportable\app\chrome-bin\chrome.exe] => (Block) C:\users\administrator\desktop\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [{1469BA5B-7099-4537-97B9-E8B168D80D1C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{F198ED16-CDEC-4B53-9A0E-402C9ACAE4CC}] => (Allow) LPort=2869
FirewallRules: [{4F2BA1D8-98B1-4634-84EB-F241E7C2C826}] => (Allow) LPort=1900
FirewallRules: [{EC0A2835-B9EE-4CDF-AD8B-CBC994C4FF68}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{BC465971-05FC-43CF-8C0D-7353D69C4B0D}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{2B7414FE-EC18-42DC-86FF-17165B2E89F0}] => (Allow) LPort=5353
FirewallRules: [{A0A7D015-F216-4B2F-9931-BA96B9285F71}] => (Allow) LPort=8182
FirewallRules: [{2B4CE917-A839-472A-9A20-E33DC25AC02E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{A3489AFF-8E70-41C3-AACE-4FD0122751C9}] => (Allow) C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{98AA766E-F183-409E-9989-C6C308669B7E}] => (Allow) C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{546115A9-AC6A-4338-A915-001C31DCA85C}C:\users\administrator\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\administrator\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{96EDB608-E3AB-44B6-BCC3-C8113B018B5A}C:\users\administrator\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\administrator\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{58B6271A-1BE4-4B26-A41C-FB2314484609}] => (Allow) C:\Program Files (x86)\HP\HP LJ300-400 color MFP M375-M475\Bin\HPNetworkCommunicator.exe
FirewallRules: [{5AE18D10-38B1-4618-A0E4-035681DCDBEA}] => (Allow) C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [{DDE1F6AC-EB3D-4442-8776-0C57666426EB}] => (Allow) C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
FirewallRules: [{10AB0320-8F7B-4645-9180-375B2B1BA538}] => (Allow) C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
FirewallRules: [{17B8C282-005D-4B09-80CC-616CCB42CD32}] => (Allow) E:\fsetup.exe
FirewallRules: [{52EC2750-F05D-4C41-88C1-B3C16999C07F}] => (Allow) E:\fsetup.exe
FirewallRules: [{6BE51BF0-7B79-4BA1-ABD2-310C1B40FC41}] => (Allow) E:\fsetup.exe
FirewallRules: [{62468E78-8A9C-48FD-A126-F072A6DA9E16}] => (Allow) E:\fsetup.exe
FirewallRules: [{5490CC6D-BBF5-4CF2-A2AC-A6A9D67DBFDC}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{F988AF88-CCDB-4490-8EF5-FDE9AC92D420}C:\users\administrator\appdata\local\temp\teamviewer\version9\teamviewer.exe] => (Block) C:\users\administrator\appdata\local\temp\teamviewer\version9\teamviewer.exe
FirewallRules: [UDP Query User{B251A169-9959-43B6-94B5-E4A13F3B9604}C:\users\administrator\appdata\local\temp\teamviewer\version9\teamviewer.exe] => (Block) C:\users\administrator\appdata\local\temp\teamviewer\version9\teamviewer.exe

==================== Wiederherstellungspunkte =========================

ACHTUNG: Systemwiederherstellung ist deaktiviert

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (05/19/2016 11:48:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: microsoftedgecp.exe, Version: 11.0.10586.20, Zeitstempel: 0x56540c35
Name des fehlerhaften Moduls: iertutil.dll, Version: 11.0.10586.306, Zeitstempel: 0x571af338
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000000000007040
ID des fehlerhaften Prozesses: 0x2870
Startzeit der fehlerhaften Anwendung: 0xmicrosoftedgecp.exe0
Pfad der fehlerhaften Anwendung: microsoftedgecp.exe1
Pfad des fehlerhaften Moduls: microsoftedgecp.exe2
Berichtskennung: microsoftedgecp.exe3
Vollständiger Name des fehlerhaften Pakets: microsoftedgecp.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: microsoftedgecp.exe5

Error: (05/19/2016 11:48:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: microsoftedgecp.exe, Version: 11.0.10586.20, Zeitstempel: 0x56540c35
Name des fehlerhaften Moduls: iertutil.dll, Version: 11.0.10586.306, Zeitstempel: 0x571af338
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000000000007040
ID des fehlerhaften Prozesses: 0x2870
Startzeit der fehlerhaften Anwendung: 0xmicrosoftedgecp.exe0
Pfad der fehlerhaften Anwendung: microsoftedgecp.exe1
Pfad des fehlerhaften Moduls: microsoftedgecp.exe2
Berichtskennung: microsoftedgecp.exe3
Vollständiger Name des fehlerhaften Pakets: microsoftedgecp.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: microsoftedgecp.exe5

Error: (05/19/2016 11:48:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: microsoftedgecp.exe, Version: 11.0.10586.20, Zeitstempel: 0x56540c35
Name des fehlerhaften Moduls: iertutil.dll, Version: 11.0.10586.306, Zeitstempel: 0x571af338
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000000000007040
ID des fehlerhaften Prozesses: 0x2870
Startzeit der fehlerhaften Anwendung: 0xmicrosoftedgecp.exe0
Pfad der fehlerhaften Anwendung: microsoftedgecp.exe1
Pfad des fehlerhaften Moduls: microsoftedgecp.exe2
Berichtskennung: microsoftedgecp.exe3
Vollständiger Name des fehlerhaften Pakets: microsoftedgecp.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: microsoftedgecp.exe5

Error: (05/19/2016 11:48:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: microsoftedgecp.exe, Version: 11.0.10586.20, Zeitstempel: 0x56540c35
Name des fehlerhaften Moduls: iertutil.dll, Version: 11.0.10586.306, Zeitstempel: 0x571af338
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000000000007040
ID des fehlerhaften Prozesses: 0x2870
Startzeit der fehlerhaften Anwendung: 0xmicrosoftedgecp.exe0
Pfad der fehlerhaften Anwendung: microsoftedgecp.exe1
Pfad des fehlerhaften Moduls: microsoftedgecp.exe2
Berichtskennung: microsoftedgecp.exe3
Vollständiger Name des fehlerhaften Pakets: microsoftedgecp.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: microsoftedgecp.exe5

Error: (05/19/2016 11:48:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: microsoftedgecp.exe, Version: 11.0.10586.20, Zeitstempel: 0x56540c35
Name des fehlerhaften Moduls: iertutil.dll, Version: 11.0.10586.306, Zeitstempel: 0x571af338
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000000000007040
ID des fehlerhaften Prozesses: 0x8ec
Startzeit der fehlerhaften Anwendung: 0xmicrosoftedgecp.exe0
Pfad der fehlerhaften Anwendung: microsoftedgecp.exe1
Pfad des fehlerhaften Moduls: microsoftedgecp.exe2
Berichtskennung: microsoftedgecp.exe3
Vollständiger Name des fehlerhaften Pakets: microsoftedgecp.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: microsoftedgecp.exe5

Error: (05/19/2016 11:46:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: microsoftedgecp.exe, Version: 11.0.10586.20, Zeitstempel: 0x56540c35
Name des fehlerhaften Moduls: iertutil.dll, Version: 11.0.10586.306, Zeitstempel: 0x571af338
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000000000007040
ID des fehlerhaften Prozesses: 0x1d90
Startzeit der fehlerhaften Anwendung: 0xmicrosoftedgecp.exe0
Pfad der fehlerhaften Anwendung: microsoftedgecp.exe1
Pfad des fehlerhaften Moduls: microsoftedgecp.exe2
Berichtskennung: microsoftedgecp.exe3
Vollständiger Name des fehlerhaften Pakets: microsoftedgecp.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: microsoftedgecp.exe5

Error: (05/19/2016 11:46:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: microsoftedgecp.exe, Version: 11.0.10586.20, Zeitstempel: 0x56540c35
Name des fehlerhaften Moduls: iertutil.dll, Version: 11.0.10586.306, Zeitstempel: 0x571af338
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000000000007040
ID des fehlerhaften Prozesses: 0x1d90
Startzeit der fehlerhaften Anwendung: 0xmicrosoftedgecp.exe0
Pfad der fehlerhaften Anwendung: microsoftedgecp.exe1
Pfad des fehlerhaften Moduls: microsoftedgecp.exe2
Berichtskennung: microsoftedgecp.exe3
Vollständiger Name des fehlerhaften Pakets: microsoftedgecp.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: microsoftedgecp.exe5

Error: (05/19/2016 11:46:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: microsoftedgecp.exe, Version: 11.0.10586.20, Zeitstempel: 0x56540c35
Name des fehlerhaften Moduls: iertutil.dll, Version: 11.0.10586.306, Zeitstempel: 0x571af338
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000000000007040
ID des fehlerhaften Prozesses: 0x1d90
Startzeit der fehlerhaften Anwendung: 0xmicrosoftedgecp.exe0
Pfad der fehlerhaften Anwendung: microsoftedgecp.exe1
Pfad des fehlerhaften Moduls: microsoftedgecp.exe2
Berichtskennung: microsoftedgecp.exe3
Vollständiger Name des fehlerhaften Pakets: microsoftedgecp.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: microsoftedgecp.exe5

Error: (05/19/2016 11:46:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: microsoftedgecp.exe, Version: 11.0.10586.20, Zeitstempel: 0x56540c35
Name des fehlerhaften Moduls: iertutil.dll, Version: 11.0.10586.306, Zeitstempel: 0x571af338
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000000000007040
ID des fehlerhaften Prozesses: 0x1d90
Startzeit der fehlerhaften Anwendung: 0xmicrosoftedgecp.exe0
Pfad der fehlerhaften Anwendung: microsoftedgecp.exe1
Pfad des fehlerhaften Moduls: microsoftedgecp.exe2
Berichtskennung: microsoftedgecp.exe3
Vollständiger Name des fehlerhaften Pakets: microsoftedgecp.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: microsoftedgecp.exe5

Error: (05/19/2016 11:46:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: microsoftedgecp.exe, Version: 11.0.10586.20, Zeitstempel: 0x56540c35
Name des fehlerhaften Moduls: iertutil.dll, Version: 11.0.10586.306, Zeitstempel: 0x571af338
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000000000007040
ID des fehlerhaften Prozesses: 0x1314
Startzeit der fehlerhaften Anwendung: 0xmicrosoftedgecp.exe0
Pfad der fehlerhaften Anwendung: microsoftedgecp.exe1
Pfad des fehlerhaften Moduls: microsoftedgecp.exe2
Berichtskennung: microsoftedgecp.exe3
Vollständiger Name des fehlerhaften Pakets: microsoftedgecp.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: microsoftedgecp.exe5


Systemfehler:
=============
Error: (05/19/2016 12:34:36 PM) (Source: DCOM) (EventID: 10016) (User: Gerhard-PC)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Gerhard-PCGerhardS-1-5-21-2644038190-2686571229-67561758-500LocalHost (unter Verwendung von LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (05/19/2016 12:34:36 PM) (Source: DCOM) (EventID: 10016) (User: Gerhard-PC)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Gerhard-PCGerhardS-1-5-21-2644038190-2686571229-67561758-500LocalHost (unter Verwendung von LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (05/19/2016 12:34:36 PM) (Source: DCOM) (EventID: 10016) (User: Gerhard-PC)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Gerhard-PCGerhardS-1-5-21-2644038190-2686571229-67561758-500LocalHost (unter Verwendung von LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (05/19/2016 12:34:34 PM) (Source: DCOM) (EventID: 10016) (User: Gerhard-PC)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Gerhard-PCGerhardS-1-5-21-2644038190-2686571229-67561758-500LocalHost (unter Verwendung von LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (05/19/2016 12:34:15 PM) (Source: SCardSvr) (EventID: 610) (User: )
Description: Kein Medium im Laufwerk.Alcor Micro USB Smart Card Reader 00x3136b040 a1 05 8f

Error: (05/19/2016 12:27:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "NetTcpActivator" ist vom Dienst "NetTcpPortSharing" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058

Error: (05/19/2016 12:26:57 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "ATKGFNEXSrv" ist von folgendem Dienst abhängig: ASMMAP64. Dieser Dienst ist möglicherweise nicht installiert.

Error: (05/19/2016 12:25:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Synchronisierungshost_de518c erreicht.

Error: (05/19/2016 12:25:29 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Benutzerdatenspeicher _de518c erreicht.

Error: (05/19/2016 12:25:29 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Benutzerdatenspeicher _de518c" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056


CodeIntegrity:
===================================
  Date: 2016-05-19 10:49:55.296
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-05-19 10:49:55.261
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-05-19 10:49:55.206
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-05-18 21:59:18.072
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-05-18 21:59:18.049
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-05-18 21:59:17.917
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-05-18 21:29:25.877
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-17 09:59:20.479
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-05-17 09:59:20.452
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-05-17 09:59:20.383
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen ===========================

Prozessor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz
Prozentuale Nutzung des RAM: 49%
Installierter physikalischer RAM: 3893.15 MB
Verfügbarer physikalischer RAM: 1972.78 MB
Summe virtueller Speicher: 7861.15 MB
Verfügbarer virtueller Speicher: 5632.46 MB

==================== Laufwerke ================================

Drive c: (OS) (Fixed) (Total:74.52 GB) (Free:31.94 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
Drive d: (DATA) (Fixed) (Total:202.08 GB) (Free:154.46 GB) NTFS
Drive g: (TREKSTOR) (Fixed) (Total:186.26 GB) (Free:53.58 GB) FAT32

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 98B324F9)
Partition 1: (Not Active) - (Size=21.5 GB) - (Type=1C)
Partition 2: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=202.1 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 186.3 GB) (Disk ID: 0E02B1D3)
Partition 1: (Not Active) - (Size=186.3 GB) - (Type=0C)

==================== Ende von Addition.txt ============================
und die mbam.txt

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlaufdatum: 19.05.2016
Suchlaufzeit: 11:43
Protokolldatei: mbam.txt
Administrator: Ja

Version: 2.2.1.1043
Malware-Datenbank: v2016.05.19.02
Rootkit-Datenbank: v2016.05.06.01
Lizenz: Testversion
Malware-Schutz: Aktiviert
Schutz vor bösartigen Websites: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 10
CPU: x64
Dateisystem: NTFS
Benutzer: Gerhard

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 360424
Abgelaufene Zeit: 33 Min., 31 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 1
PUP.Optional.OpenCandy, C:\Users\Administrator\Downloads\DTLite4454-0314.exe, In Quarantäne, [d6e82ea94c4d68ce414663faea1a51af],

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
LG

jobi2122 19.05.2016 11:44
und nun noch die FRST

Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:18-04-2016
durchgeführt von Gerhard (Administrator) auf GERHARD-PC (19-05-2016 12:36:57)
Gestartet von C:\Users\Administrator\Desktop
Geladene Profile: Gerhard (Verfügbare Profile: Gerhard)
Platform: Windows 10 Pro Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Amazon Inc.) C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(TeamViewer GmbH) C:\Users\Administrator\AppData\Local\Temp\TeamViewer\Version9\TeamViewer_Service_2016-05-19-12-34-38.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\ASPG.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\EmvSmartCardReader\BePCSC.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Dropbox, Inc.) C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(TeamViewer GmbH) C:\Users\Administrator\AppData\Local\Temp\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Users\Administrator\AppData\Local\Temp\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Users\Administrator\AppData\Local\Temp\TeamViewer\Version9\tv_x64.exe
(TeamViewer GmbH) C:\Users\Administrator\AppData\Local\Temp\TeamViewer\Version9\TeamViewer_Desktop.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3738336 2015-11-02] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11046504 2010-07-14] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [HP LJ300-400 color MFP M375-M475 Series Fax] => C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [3706424 2011-05-06] (Hewlett-Packard Company)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM-x32\...\Run: [BePCSC] => C:\Program Files (x86)\EmvSmartCardReader\BePCSC.exe [130560 2010-07-06] ()
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] ()
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [136760 2011-07-19] (Hewlett-Packard Company)
HKLM-x32\...\Run: [ASUS Screen Saver Protector] => C:\Windows\AsScrPro.exe
HKLM-x32\...\Run: [ADSMTray] => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe [272952 2009-06-24] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2644038190-2686571229-67561758-500\...\Run: [Adobe Reader Synchronizer] => "C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe"
HKU\S-1-5-21-2644038190-2686571229-67561758-500\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-2644038190-2686571229-67561758-500\...\Run: [Dropbox Update] => C:\Users\Administrator\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-18] (Dropbox, Inc.)
HKU\S-1-5-21-2644038190-2686571229-67561758-500\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-2644038190-2686571229-67561758-500\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-2644038190-2686571229-67561758-500\...\Run: [Google Update] => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2016-02-13] (Google Inc.)
HKU\S-1-5-21-2644038190-2686571229-67561758-500\...\Run: [snubber-91] => C:\ProgramData\snubber-9\snubber-7.exe [799296 2016-04-21] ()
HKU\S-1-5-21-2644038190-2686571229-67561758-500\...\RunOnce: [Uninstall C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"
HKU\S-1-5-21-2644038190-2686571229-67561758-500\...\RunOnce: [Uninstall C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1"
HKU\S-1-5-21-2644038190-2686571229-67561758-500\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [4515256 2016-04-23] (Microsoft Corporation) <==== ACHTUNG
Lsa: [Authentication Packages] msv1_0 wvauth
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll [2007-06-15] ()
ShellIconOverlayIdentifiers: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll [2007-06-01] ()
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll [2007-06-15] ()
ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll [2007-06-01] ()
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-09-04]
ShortcutTarget: Dropbox.lnk -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{d7e12351-98a7-4bb9-a8c9-4ed95e6e835d}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{e745f5c5-1c2f-459b-82bf-1668a547eab4}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKU\S-1-5-21-2644038190-2686571229-67561758-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p10_serp_ie_de_display?ie=UTF8&tagbase=bds-p10&tbrId=v1_abb-channel-10_86b104d2_1201_1401_20160517_DE_ie_sp_
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\S-1-5-21-2644038190-2686571229-67561758-500 -> DefaultScope {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxps://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p10_serp_ie_de_display?ie=UTF8&tagbase=bds-p10&tbrId=v1_abb-channel-10_86b104d2_1201_1401_20160517_DE_ie_ds_&tag=bds-p10-serp-de-ie-21&query={searchTerms}
SearchScopes: HKU\S-1-5-21-2644038190-2686571229-67561758-500 -> {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxps://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p10_serp_ie_de_display?ie=UTF8&tagbase=bds-p10&tbrId=v1_abb-channel-10_86b104d2_1201_1401_20160517_DE_ie_ds_&tag=bds-p10-serp-de-ie-21&query={searchTerms}
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-17] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-17] (Oracle Corporation)

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [Keine Datei]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-17] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-07-19] (VideoLAN)
FF Plugin HKU\S-1-5-21-2644038190-2686571229-67561758-500: @tools.google.com/Google Update;version=3 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin HKU\S-1-5-21-2644038190-2686571229-67561758-500: @tools.google.com/Google Update;version=9 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)

Chrome:
=======
CHR HomePage: Default -> amazon.de/gp/bit/amazonserp/?ie=UTF8__PARAM__
CHR DefaultSearchURL: Default -> hxxps://www.amazon.de/gp/bit/amazonserp/?ie=UTF8__PARAM__&query={searchTerms}
CHR DefaultSearchKeyword: Default -> amazon
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-13]
CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-13]
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-13]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-13]
CHR Extension: (Google-Suche) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-13]
CHR Extension: (Google Tabellen) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-13]
CHR Extension: (Google Docs Offline) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-23]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Amazon Assistant for Chrome) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2016-05-19]
CHR Extension: (Google Mail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-13]
CHR HKU\S-1-5-21-2644038190-2686571229-67561758-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nmoahkagidnagifdhchhbfllnocpklcj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2644038190-2686571229-67561758-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pbjikboenpfhbbejgkoklgkhjpfogcam] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.TXKAABCIGSADGJW74L3ITIXXME - C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 ADSMService; C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe [225280 2008-03-31] (ASUSTek Computer Inc.) [Datei ist nicht signiert]
R2 Amazon 1Button App Service; C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe [436032 2016-02-17] (Amazon Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2015-09-10] (Broadcom Corporation.)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [11127016 2016-02-12] (DisplayLink Corp.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144104 2015-11-02] (ELAN Microelectronics Corp.)
S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2010-10-27] (Hewlett-Packard Company) [Datei ist nicht signiert]
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [162816 2011-07-08] (HP) [Datei ist nicht signiert]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
S4 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [1558016 2010-03-31] (Wave Systems Corp.) [Datei ist nicht signiert]
S3 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] ()
R2 TeamViewer9; c:\Users\Administrator\AppData\Local\Temp\teamviewer\Version9\TeamViewer_Service.exe [4382992 2014-09-12] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R0 assd; C:\Windows\System32\Drivers\assd.sys [27264 2010-04-28] (ASUS Corporation)
R3 athr; C:\Windows\System32\drivers\athwnx.sys [4207104 2015-10-30] (Qualcomm Atheros Communications, Inc.)
S3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2015-09-10] (Broadcom Corporation.)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R3 DisplayLinkUsbIo_x64; C:\Windows\system32\DRIVERS\DisplayLinkUsbIo_x64_7.9.1488.0.sys [67344 2016-03-09] ()
S3 EmvScard; C:\Windows\system32\DRIVERS\EmvScard.sys [30208 2010-07-06] (Alcor Micro, Corp.) [Datei ist nicht signiert]
R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [17464 2007-08-03] ()
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [49584 2016-04-19] ()
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [15416 2009-07-21] ( )
R3 LAN9500; C:\Windows\System32\drivers\lan9500-x64-n630f.sys [95712 2015-06-16] (SMSC)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-05-19] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 SzCCID; C:\Windows\system32\DRIVERS\SzCCID.sys [60072 2015-09-10] (Generic)
R2 WavxDMgr; C:\Windows\System32\DRIVERS\WavxDMgr.sys [305744 2010-07-07] (Wave Systems Corp.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 AmUStor; \SystemRoot\system32\drivers\AmUStor.SYS [X]
U3 idsvc; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-05-19 12:36 - 2016-05-19 12:37 - 00026272 _____ C:\Users\Administrator\Desktop\FRST.txt
2016-05-19 12:36 - 2016-05-19 12:36 - 00001281 _____ C:\Users\Administrator\Desktop\mbam.txt
2016-05-19 11:41 - 2016-05-19 11:41 - 00001169 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-05-19 11:41 - 2016-05-19 11:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-19 11:41 - 2016-05-19 11:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-05-19 11:41 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-05-19 11:41 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-05-19 11:39 - 2016-05-19 11:40 - 22851472 _____ (Malwarebytes ) C:\Users\Administrator\Desktop\mbam-setup-2.2.1.1043.exe
2016-05-19 10:13 - 2016-05-19 10:13 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-05-17 09:45 - 2016-05-19 12:34 - 00004712 _____ C:\WINDOWS\System32\Tasks\DistromaticSearchProtect-hourly
2016-05-17 09:45 - 2016-05-17 09:45 - 00004188 _____ C:\WINDOWS\System32\Tasks\DistromaticSearchProtect-logon
2016-05-17 09:45 - 2016-05-17 09:45 - 00000000 ____D C:\Users\Administrator\AppData\Local\Amazon Browser Settings
2016-05-17 09:44 - 2016-05-17 09:44 - 00004580 _____ C:\WINDOWS\System32\Tasks\DistromaticUpdater-periodic
2016-05-17 09:44 - 2016-05-17 09:44 - 00004050 _____ C:\WINDOWS\System32\Tasks\DistromaticUpdater-logon
2016-05-17 09:42 - 2016-05-17 09:43 - 00000000 ____D C:\Program Files (x86)\Amazon Browser Settings
2016-05-12 15:15 - 2016-05-12 15:15 - 00047688 _____ C:\Users\Administrator\Downloads\Monatsplan 2016_06.xlsx
2016-05-12 15:15 - 2016-05-12 15:15 - 00047688 _____ C:\Users\Administrator\Downloads\Monatsplan 2016_06 (3).xlsx
2016-05-12 15:15 - 2016-05-12 15:15 - 00047688 _____ C:\Users\Administrator\Downloads\Monatsplan 2016_06 (2).xlsx
2016-05-12 15:15 - 2016-05-12 15:15 - 00047688 _____ C:\Users\Administrator\Downloads\Monatsplan 2016_06 (1).xlsx
2016-05-11 11:20 - 2016-04-23 06:31 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-05-11 11:20 - 2016-04-23 06:30 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-05-11 11:20 - 2016-04-23 06:28 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-05-11 11:20 - 2016-04-23 06:26 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-05-11 11:20 - 2016-04-23 06:25 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-05-11 11:20 - 2016-04-23 06:22 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-05-11 11:20 - 2016-04-23 06:20 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-05-11 11:20 - 2016-04-23 06:20 - 18676224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-05-11 11:20 - 2016-04-23 06:19 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-05-11 11:20 - 2016-04-23 06:19 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-05-11 11:20 - 2016-04-23 06:19 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-05-11 11:20 - 2016-04-23 06:19 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-05-11 11:20 - 2016-04-23 06:18 - 24604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-05-11 11:20 - 2016-04-23 06:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-05-11 11:20 - 2016-04-23 06:18 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-05-11 11:20 - 2016-04-23 06:18 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-05-11 11:20 - 2016-04-23 06:16 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-05-11 11:20 - 2016-04-23 06:15 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-05-11 11:20 - 2016-04-23 06:15 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-05-11 11:20 - 2016-04-23 06:14 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-05-11 11:20 - 2016-04-23 06:13 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-05-11 11:20 - 2016-04-23 06:13 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-05-11 11:20 - 2016-04-23 06:07 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-05-11 11:19 - 2016-04-23 07:28 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-05-11 11:19 - 2016-04-23 07:24 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-05-11 11:19 - 2016-04-23 07:24 - 01819208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-05-11 11:19 - 2016-04-23 07:10 - 02919832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-05-11 11:19 - 2016-04-23 07:09 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-05-11 11:19 - 2016-04-23 07:09 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-05-11 11:19 - 2016-04-23 07:09 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-05-11 11:19 - 2016-04-23 07:08 - 06605504 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-05-11 11:19 - 2016-04-23 06:23 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-05-11 11:19 - 2016-04-23 06:22 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-05-11 11:19 - 2016-04-23 06:19 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-05-11 11:19 - 2016-04-23 06:18 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-05-11 11:19 - 2016-04-23 06:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-05-11 11:19 - 2016-04-23 06:14 - 13383168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-05-11 11:19 - 2016-04-23 06:10 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-05-11 11:19 - 2016-04-23 06:08 - 05324288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-05-11 11:19 - 2016-04-23 06:08 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-05-11 11:19 - 2016-04-23 06:06 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-05-11 11:19 - 2016-04-23 06:05 - 05502976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-05-11 11:19 - 2016-04-23 06:03 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-05-11 11:19 - 2016-04-23 06:02 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-05-11 11:18 - 2016-04-30 08:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-05-11 11:18 - 2016-04-30 08:31 - 03591168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-05-11 11:18 - 2016-04-23 08:12 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-05-11 11:18 - 2016-04-23 08:12 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-05-11 11:18 - 2016-04-23 08:12 - 00713920 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-05-11 11:18 - 2016-04-23 08:12 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-05-11 11:18 - 2016-04-23 08:12 - 00294592 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-05-11 11:18 - 2016-04-23 08:12 - 00190144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-05-11 11:18 - 2016-04-23 08:12 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-05-11 11:18 - 2016-04-23 07:28 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-05-11 11:18 - 2016-04-23 07:24 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-05-11 11:18 - 2016-04-23 07:24 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-05-11 11:18 - 2016-04-23 07:12 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-05-11 11:18 - 2016-04-23 07:12 - 00451928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-05-11 11:18 - 2016-04-23 07:12 - 00413536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-05-11 11:18 - 2016-04-23 07:11 - 01092464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-05-11 11:18 - 2016-04-23 07:11 - 00498960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-05-11 11:18 - 2016-04-23 07:10 - 03673424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-05-11 11:18 - 2016-04-23 07:09 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-05-11 11:18 - 2016-04-23 07:09 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-05-11 11:18 - 2016-04-23 07:09 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-05-11 11:18 - 2016-04-23 07:08 - 04515256 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-05-11 11:18 - 2016-04-23 07:07 - 01848072 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-05-11 11:18 - 2016-04-23 07:01 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-05-11 11:18 - 2016-04-23 07:01 - 00650304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-05-11 11:18 - 2016-04-23 07:01 - 00577368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-05-11 11:18 - 2016-04-23 07:01 - 00522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-05-11 11:18 - 2016-04-23 07:00 - 01594920 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-05-11 11:18 - 2016-04-23 07:00 - 01372304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-05-11 11:18 - 2016-04-23 06:56 - 00534872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-05-11 11:18 - 2016-04-23 06:39 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-05-11 11:18 - 2016-04-23 06:32 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-05-11 11:18 - 2016-04-23 06:31 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-05-11 11:18 - 2016-04-23 06:30 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-05-11 11:18 - 2016-04-23 06:29 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-05-11 11:18 - 2016-04-23 06:26 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-05-11 11:18 - 2016-04-23 06:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-05-11 11:18 - 2016-04-23 06:21 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-05-11 11:18 - 2016-04-23 06:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-05-11 11:18 - 2016-04-23 06:20 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-05-11 11:18 - 2016-04-23 06:18 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-05-11 11:18 - 2016-04-23 06:18 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-05-11 11:18 - 2016-04-23 06:18 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-05-11 11:18 - 2016-04-23 06:18 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-05-11 11:18 - 2016-04-23 06:18 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-05-11 11:18 - 2016-04-23 06:17 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-05-11 11:18 - 2016-04-23 06:17 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-05-11 11:18 - 2016-04-23 06:16 - 01319424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-05-11 11:18 - 2016-04-23 06:16 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-05-11 11:18 - 2016-04-23 06:15 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-05-11 11:18 - 2016-04-23 06:15 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-05-11 11:18 - 2016-04-23 06:15 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-05-11 11:18 - 2016-04-23 06:14 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-05-11 11:18 - 2016-04-23 06:14 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-05-11 11:18 - 2016-04-23 06:14 - 00647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-05-11 11:18 - 2016-04-23 06:14 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-05-11 11:18 - 2016-04-23 06:14 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-05-11 11:18 - 2016-04-23 06:13 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-05-11 11:18 - 2016-04-23 06:13 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-05-11 11:18 - 2016-04-23 06:13 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-05-11 11:18 - 2016-04-23 06:10 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-05-11 11:18 - 2016-04-23 06:09 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-05-11 11:18 - 2016-04-23 06:09 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-05-11 11:18 - 2016-04-23 06:07 - 02598912 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-05-11 11:18 - 2016-04-23 06:07 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-05-11 11:18 - 2016-04-23 06:05 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-05-11 11:18 - 2016-04-23 06:05 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-05-11 11:18 - 2016-04-23 06:05 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-05-11 11:18 - 2016-04-23 06:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-05-11 11:18 - 2016-04-23 06:05 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-05-11 11:18 - 2016-04-23 06:04 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-05-11 11:18 - 2016-04-23 06:04 - 01731072 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-05-11 11:18 - 2016-04-23 06:03 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-05-11 11:18 - 2016-04-23 06:03 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-05-11 11:18 - 2016-04-23 06:03 - 02000896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-05-11 11:18 - 2016-04-23 06:03 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-05-11 11:18 - 2016-04-23 06:02 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-05-11 11:18 - 2016-04-23 06:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-05-11 11:18 - 2016-04-23 06:00 - 00984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-05-11 11:17 - 2016-05-06 06:53 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdport.sys
2016-05-11 11:17 - 2016-05-06 06:05 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-05-11 11:17 - 2016-05-06 06:03 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-05-11 11:17 - 2016-05-06 05:53 - 00351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-05-11 11:17 - 2016-05-06 05:49 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2016-05-11 11:17 - 2016-05-06 05:44 - 00582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-05-11 11:17 - 2016-05-06 05:43 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-05-11 11:17 - 2016-05-06 05:23 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-05-11 11:17 - 2016-04-23 08:12 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-05-11 11:17 - 2016-04-23 07:26 - 00707608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-05-11 11:17 - 2016-04-23 07:24 - 00638816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-05-11 11:17 - 2016-04-23 07:24 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-05-11 11:17 - 2016-04-23 07:24 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-05-11 11:17 - 2016-04-23 07:22 - 01161120 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-05-11 11:17 - 2016-04-23 07:18 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-05-11 11:17 - 2016-04-23 07:13 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-05-11 11:17 - 2016-04-23 07:13 - 00306832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2016-05-11 11:17 - 2016-04-23 07:13 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-05-11 11:17 - 2016-04-23 07:11 - 00696672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-05-11 11:17 - 2016-04-23 07:11 - 00390496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-05-11 11:17 - 2016-04-23 07:11 - 00131424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys
2016-05-11 11:17 - 2016-04-23 07:11 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-05-11 11:17 - 2016-04-23 07:10 - 00330072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-05-11 11:17 - 2016-04-23 07:09 - 00569744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2016-05-11 11:17 - 2016-04-23 07:09 - 00565600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-05-11 11:17 - 2016-04-23 07:09 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-05-11 11:17 - 2016-04-23 07:08 - 00725776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2016-05-11 11:17 - 2016-04-23 07:07 - 01536088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-05-11 11:17 - 2016-04-23 07:07 - 00204048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2016-05-11 11:17 - 2016-04-23 07:07 - 00183904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2016-05-11 11:17 - 2016-04-23 07:06 - 00291360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2016-05-11 11:17 - 2016-04-23 07:02 - 00188256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-05-11 11:17 - 2016-04-23 07:01 - 00619296 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-05-11 11:17 - 2016-04-23 07:01 - 00513368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-05-11 11:17 - 2016-04-23 07:01 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-05-11 11:17 - 2016-04-23 07:01 - 00217440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-05-11 11:17 - 2016-04-23 07:00 - 01776768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-05-11 11:17 - 2016-04-23 07:00 - 01522152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-05-11 11:17 - 2016-04-23 07:00 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-05-11 11:17 - 2016-04-23 07:00 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-05-11 11:17 - 2016-04-23 07:00 - 00550656 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2016-05-11 11:17 - 2016-04-23 07:00 - 00453472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2016-05-11 11:17 - 2016-04-23 07:00 - 00058208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwminit.dll
2016-05-11 11:17 - 2016-04-23 06:35 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-05-11 11:17 - 2016-04-23 06:34 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-05-11 11:17 - 2016-04-23 06:34 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2016-05-11 11:17 - 2016-04-23 06:34 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-05-11 11:17 - 2016-04-23 06:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2016-05-11 11:17 - 2016-04-23 06:32 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-05-11 11:17 - 2016-04-23 06:30 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-05-11 11:17 - 2016-04-23 06:29 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-05-11 11:17 - 2016-04-23 06:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys
2016-05-11 11:17 - 2016-04-23 06:29 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-05-11 11:17 - 2016-04-23 06:29 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2016-05-11 11:17 - 2016-04-23 06:29 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe
2016-05-11 11:17 - 2016-04-23 06:29 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2016-05-11 11:17 - 2016-04-23 06:28 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2016-05-11 11:17 - 2016-04-23 06:28 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-05-11 11:17 - 2016-04-23 06:28 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-05-11 11:17 - 2016-04-23 06:27 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-05-11 11:17 - 2016-04-23 06:26 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2016-05-11 11:17 - 2016-04-23 06:25 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-05-11 11:17 - 2016-04-23 06:25 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-05-11 11:17 - 2016-04-23 06:25 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2016-05-11 11:17 - 2016-04-23 06:24 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-05-11 11:17 - 2016-04-23 06:24 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-05-11 11:17 - 2016-04-23 06:24 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-05-11 11:17 - 2016-04-23 06:24 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2016-05-11 11:17 - 2016-04-23 06:24 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-05-11 11:17 - 2016-04-23 06:23 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-05-11 11:17 - 2016-04-23 06:23 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2016-05-11 11:17 - 2016-04-23 06:23 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-05-11 11:17 - 2016-04-23 06:21 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-05-11 11:17 - 2016-04-23 06:20 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-05-11 11:17 - 2016-04-23 06:20 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-05-11 11:17 - 2016-04-23 06:20 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-05-11 11:17 - 2016-04-23 06:20 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2016-05-11 11:17 - 2016-04-23 06:19 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2016-05-11 11:17 - 2016-04-23 06:18 - 00988672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-05-11 11:17 - 2016-04-23 06:18 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-05-11 11:17 - 2016-04-23 06:18 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-05-11 11:17 - 2016-04-23 06:17 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-05-11 11:17 - 2016-04-23 06:15 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-05-11 11:17 - 2016-04-23 06:14 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-05-11 11:17 - 2016-04-23 06:12 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-05-11 11:17 - 2016-04-23 06:07 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-05-11 11:17 - 2016-04-23 06:05 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-05-11 11:17 - 2016-04-23 06:05 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-05-11 11:17 - 2016-04-23 06:03 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-05-11 11:17 - 2016-04-23 06:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-05-11 11:17 - 2016-04-23 06:01 - 04775424 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-05-11 11:17 - 2016-04-23 05:45 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-05-11 11:17 - 2016-04-23 04:10 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-05-11 11:16 - 2016-04-23 06:33 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-05-11 11:16 - 2016-04-23 06:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-05-11 11:16 - 2016-04-23 06:33 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe
2016-05-11 11:16 - 2016-04-23 06:32 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-05-11 11:16 - 2016-04-23 06:30 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-05-11 11:16 - 2016-04-23 06:29 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-05-11 11:16 - 2016-04-23 06:28 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-05-11 11:16 - 2016-04-23 06:28 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-05-11 11:16 - 2016-04-23 06:27 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2016-05-11 11:16 - 2016-04-23 06:25 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-05-11 11:16 - 2016-04-23 06:24 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-05-11 11:16 - 2016-04-23 06:23 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-05-11 11:16 - 2016-04-23 06:22 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-05-11 11:16 - 2016-04-23 06:19 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll
2016-05-11 11:16 - 2016-04-23 06:18 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-05-11 11:16 - 2016-04-23 06:18 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-05-11 11:16 - 2016-04-23 06:17 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2016-05-11 11:16 - 2016-04-23 04:10 - 00002186 _____ C:\WINDOWS\system32\AppxProvisioning.xml
2016-05-11 11:16 - 2016-04-19 00:30 - 00002186 _____ C:\WINDOWS\SysWOW64\AppxProvisioning.xml
2016-05-11 10:49 - 2016-05-19 11:54 - 00001162 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2644038190-2686571229-67561758-500UA.job
2016-05-11 10:49 - 2016-05-11 10:49 - 00004282 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2644038190-2686571229-67561758-500UA
2016-05-11 10:49 - 2016-05-11 10:49 - 00003936 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2644038190-2686571229-67561758-500Core1d16685343da637
2016-04-21 18:42 - 2016-04-21 18:42 - 00001735 _____ C:\Users\Administrator\Desktop\JRT.txt
2016-04-21 18:36 - 2016-04-21 18:37 - 01610352 _____ (Malwarebytes) C:\Users\Administrator\Desktop\JRT.exe
2016-04-21 16:38 - 2016-04-21 18:30 - 00000000 ____D C:\AdwCleaner
2016-04-21 16:37 - 2016-04-21 16:38 - 03683904 _____ C:\Users\Administrator\Desktop\AdwCleaner_5.112.exe
2016-04-21 13:30 - 2016-05-11 12:11 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\pressure-56
2016-04-21 13:27 - 2016-05-11 12:11 - 00000000 ____D C:\ProgramData\hotswap-93
2016-04-21 12:43 - 2016-05-11 10:48 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\inverter-01
2016-04-21 12:06 - 2016-04-21 12:06 - 00000000 ____D C:\ProgramData\snubber-9
2016-04-20 13:29 - 2016-05-19 12:33 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-20 13:29 - 2016-05-19 11:41 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-20 13:29 - 2016-04-21 12:08 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-04-20 13:28 - 2016-04-21 12:08 - 00000000 ____D C:\Users\Administrator\Desktop\mbar
2016-04-20 13:28 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-04-20 13:27 - 2016-04-20 13:28 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Administrator\Desktop\mbar-1.09.3.1001.exe
2016-04-20 12:33 - 2016-04-20 12:33 - 00000000 ____D C:\Users\Administrator\Desktop\alt
2016-04-20 12:00 - 2016-04-20 12:03 - 00000000 ____D C:\Users\Administrator\Desktop\ramsch
2016-04-20 11:46 - 2016-04-20 11:46 - 00059017 _____ C:\Users\Administrator\Desktop\2. post.txt
2016-04-20 11:28 - 2016-05-19 12:36 - 00000000 ____D C:\FRST
2016-04-20 11:26 - 2016-04-20 11:28 - 02375680 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2016-04-19 11:58 - 2016-04-19 11:58 - 00001178 _____ C:\WINDOWS\system32\.crusader
2016-04-19 10:55 - 2016-04-19 12:02 - 00049584 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2016-04-19 10:54 - 2016-04-19 12:01 - 00000000 ____D C:\ProgramData\HitmanPro
2016-04-19 10:54 - 2016-04-19 10:54 - 11441744 _____ (SurfRight B.V.) C:\Users\Administrator\Downloads\hitmanpro_x64.exe
2016-04-19 10:33 - 2016-04-19 10:34 - 07103256 _____ (TeamViewer) C:\Users\Administrator\Downloads\TeamViewerQS_de-jfa.exe

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-05-19 12:34 - 2015-06-30 21:08 - 00000000 ___RD C:\Users\Administrator\iCloudDrive
2016-05-19 12:33 - 2015-12-05 06:22 - 02093950 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-05-19 12:33 - 2015-10-30 20:35 - 00892760 _____ C:\WINDOWS\system32\perfh007.dat
2016-05-19 12:33 - 2015-10-30 20:35 - 00198308 _____ C:\WINDOWS\system32\perfc007.dat
2016-05-19 12:33 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-05-19 12:33 - 2012-01-14 05:28 - 00001136 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-19 12:26 - 2015-12-05 06:42 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-19 12:26 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\Registration
2016-05-19 12:25 - 2015-12-05 06:24 - 00000000 ____D C:\Users\Administrator
2016-05-19 12:25 - 2015-10-30 08:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-05-19 12:13 - 2015-06-16 20:03 - 00001244 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2644038190-2686571229-67561758-500UA.job
2016-05-19 12:12 - 2012-01-14 05:28 - 00001140 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-19 10:54 - 2016-02-13 19:37 - 00001110 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2644038190-2686571229-67561758-500Core1d16685343da637.job
2016-05-19 10:13 - 2012-09-17 22:06 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Dropbox
2016-05-19 10:10 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2016-05-19 10:09 - 2015-09-10 22:24 - 00004160 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{90A90AAA-6423-4099-9395-1F329D06981B}
2016-05-18 21:35 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-05-18 21:35 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-05-17 10:00 - 2016-02-13 19:25 - 00002499 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-17 10:00 - 2016-02-13 19:25 - 00002491 _____ C:\Users\Administrator\Desktop\Google Chrome.lnk
2016-05-17 09:27 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-17 09:22 - 2014-03-07 17:50 - 00000000 ____D C:\ProgramData\Oracle
2016-05-17 09:22 - 2014-03-07 17:49 - 00000000 ____D C:\Program Files (x86)\Java
2016-05-17 09:21 - 2015-11-24 19:07 - 00000000 ____D C:\Users\Administrator\.oracle_jre_usage
2016-05-17 09:21 - 2014-09-05 14:32 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-05-17 09:21 - 2014-09-05 14:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-05-12 15:03 - 2015-09-10 18:08 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-05-12 03:03 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-05-12 03:03 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-12 03:02 - 2015-10-30 20:47 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-12 03:02 - 2015-10-30 09:24 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-05-12 03:02 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-05-12 03:02 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-05-11 21:57 - 2015-12-15 04:36 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-05-11 21:57 - 2015-12-15 04:36 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-11 12:02 - 2013-08-06 18:10 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-11 11:51 - 2013-04-02 13:02 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-11 11:26 - 2015-09-10 18:08 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
2016-05-11 11:07 - 2012-01-14 05:28 - 00004198 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-11 11:07 - 2012-01-14 05:28 - 00003966 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-04-22 09:57 - 2012-12-17 21:50 - 00453288 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-04-20 21:24 - 2014-08-06 09:06 - 00000000 ____D C:\ProgramData\Package Cache
2016-04-20 21:24 - 2012-12-17 21:55 - 00000000 ____D C:\ProgramData\Avira
2016-04-20 21:24 - 2012-12-17 21:55 - 00000000 ____D C:\Program Files (x86)\Avira
2016-04-20 21:18 - 2012-12-17 22:00 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Avira
2016-04-20 12:54 - 2015-12-05 06:14 - 00337344 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-20 12:32 - 2013-04-01 09:40 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-04-20 12:28 - 2012-01-14 05:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-04-20 12:27 - 2015-12-05 06:00 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-04-20 12:27 - 2015-10-30 20:47 - 00000000 ____D C:\WINDOWS\ShellNew
2016-04-20 12:24 - 2009-07-14 04:34 - 00000387 _____ C:\WINDOWS\win.ini
2016-04-20 12:23 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-04-20 12:20 - 2014-12-27 15:59 - 00000000 ____D C:\Program Files\Adobe
2016-04-19 10:34 - 2014-09-30 20:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\TeamViewer
2016-04-19 10:31 - 2015-06-16 20:03 - 00000000 ____D C:\Users\Administrator\AppData\Local\Dropbox

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2013-04-01 09:29 - 2006-06-02 14:27 - 0017542 _____ () C:\Program Files\Common Files\Net4Switch.ico
2007-06-12 10:34 - 2007-06-12 10:34 - 0035822 _____ () C:\Program Files (x86)\Common Files\ASPG_icon.ico
2008-05-22 09:35 - 2008-05-22 09:35 - 0051962 _____ () C:\Program Files (x86)\Common Files\banner.jpg
2009-04-08 11:31 - 2009-04-08 11:31 - 0106496 _____ () C:\Program Files (x86)\Common Files\CPInstallAction.dll
2008-08-11 22:45 - 2008-08-11 22:45 - 0155648 _____ (ASUS) C:\Program Files (x86)\Common Files\MSIactionall.dll
2013-04-01 09:29 - 2006-06-02 14:27 - 0017542 _____ () C:\Program Files (x86)\Common Files\Net4Switch.ico
2016-02-16 16:58 - 2016-02-16 16:58 - 0004096 ____H () C:\Users\Administrator\AppData\Local\keyfile3.drm
2012-09-18 13:12 - 2012-09-18 13:12 - 0007606 _____ () C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2014-01-05 17:48 - 2014-01-05 17:48 - 0000088 ____H () C:\ProgramData\aspg.dat
2012-01-14 05:40 - 2010-07-07 02:10 - 0131472 _____ () C:\ProgramData\FullRemove.exe
2012-01-14 05:26 - 2012-01-14 05:27 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2012-01-14 05:26 - 2012-01-14 05:26 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\ProgramData\aspg.dat


Einige Dateien in TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\avgnt.exe
C:\Users\Administrator\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpg921ym.dll
C:\Users\Administrator\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\Administrator\AppData\Local\Temp\jre-8u77-windows-au.exe
C:\Users\Administrator\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\Administrator\AppData\Local\Temp\libeay32.dll
C:\Users\Administrator\AppData\Local\Temp\msvcr120.dll
C:\Users\Administrator\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-05-11 11:46

==================== Ende von FRST.txt ============================

cosinus 19.05.2016 11:49
Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    Amazon 1Button App

    Amazon Assistant

  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 

jobi2122 19.05.2016 12:07
okay. amazon assistant wurde deinstalliert.
Amazon 1Button App ist im Uninstallerfeld nicht aufgelistet.

wurde denn bisher außer Adware, schädliche programme/viren/trojaner gefunen?

LG

cosinus 19.05.2016 14:17
Was entfernt wurde kannst du doch selbst in den Fixlogs von adwcleaner, JRT etc alles selbst nachlesen - oder soll ich dir das vorlesen? :wtf: :rofl:


FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2644038190-2686571229-67561758-500\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [4515256 2016-04-23] (Microsoft Corporation) <==== ACHTUNG
C:\ProgramData\aspg.dat
emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


jobi2122 19.05.2016 14:35
okay hier die Fixlog

Code:
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:18-04-2016
durchgeführt von Gerhard (2016-05-19 15:23:48) Run:1
Gestartet von C:\Users\Administrator\Desktop
Geladene Profile: Gerhard (Verfügbare Profile: Gerhard)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2644038190-2686571229-67561758-500\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [4515256 2016-04-23] (Microsoft Corporation) <==== ACHTUNG
C:\ProgramData\aspg.dat
emptytemp:
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Wert erfolgreich entfernt
HKU\S-1-5-21-2644038190-2686571229-67561758-500\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Wert erfolgreich entfernt
C:\ProgramData\aspg.dat => erfolgreich verschoben
EmptyTemp: => 2.9 GB temporäre Dateien entfernt.


Das System musste neu gestartet werden.

==== Ende von Fixlog 15:25:39 ====
LG

cosinus 19.05.2016 14:36
Okay, dann Kontrollscans mit (1) MBAM, (2) ESET und (3) SecurityCheck bitte:


1. Schritt: MBAM

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




2. Schritt: ESET

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




3. Schritt: SecurityCheck

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

jobi2122 19.05.2016 21:35
so scan ist abgeschlossen

checkup:

Code:
Results of screen317's Security Check version 1.009 
  x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Windows Defender 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 91 
 Java version 32-bit out of Date!
 Adobe Flash Player 10 Flash Player out of Date!
 Google Chrome (50.0.2661.102)
 Google Chrome (50.0.2661.94)
 Google Chrome (SetupMetrics.pma..)
````````Process Check: objlist.exe by Laurent```````` 
 Windows Defender MSMpEng.exe
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe 
 Windows Defender MpCmdRun.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
mbam:

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlaufdatum: 19.05.2016
Suchlaufzeit: 18:13
Protokolldatei: mbam.txt
Administrator: Ja

Version: 2.2.1.1043
Malware-Datenbank: v2016.05.19.04
Rootkit-Datenbank: v2016.05.06.01
Lizenz: Testversion
Malware-Schutz: Aktiviert
Schutz vor bösartigen Websites: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 10
CPU: x64
Dateisystem: NTFS
Benutzer: Gerhard

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 336444
Abgelaufene Zeit: 21 Min., 15 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 0
(keine bösartigen Elemente erkannt)

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
ESET:
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=bfe5a79615f70c44afded46826d35ace
# end=init
# utc_time=2016-05-19 04:40:07
# local_time=2016-05-19 06:40:07 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 29525
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=bfe5a79615f70c44afded46826d35ace
# end=updated
# utc_time=2016-05-19 04:43:29
# local_time=2016-05-19 06:43:29 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=bfe5a79615f70c44afded46826d35ace
# engine=29525
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-05-19 08:03:09
# local_time=2016-05-19 10:03:09 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 16325 17502332 0 0
# scanned=367844
# found=13
# cleaned=12
# scan_time=11979
sh=0D238F4EE27A950CDC969D0C2474C5EA1616FD30 ft=1 fh=26c34432dacb0a05 vn="Variante von Win32/Kryptik.EVEO Trojaner" ac=I fn="C:\Users\All Users\snubber-9\snubber-7.exe"
sh=0D238F4EE27A950CDC969D0C2474C5EA1616FD30 ft=1 fh=26c34432dacb0a05 vn="Variante von Win32/Kryptik.EVEO Trojaner (Gesäubert durch Löschen)" ac=C fn="C:\ProgramData\snubber-9\snubber-7.exe"
sh=A423BABEC72D0D1C6B86F12ECFBB4F4E25022E46 ft=1 fh=c19e43806b0ca485 vn="Variante von Win32/Systweak.H evtl. unerwünschte Anwendung (gelöscht)" ac=C fn="C:\Users\Administrator\Downloads\supereasy_driver_updater_1.1.1_7870.exe"
sh=84646799913CD4405311AD3FDA71846DD23F2BB9 ft=1 fh=d6bab377f18d1027 vn="Variante von Win32/Systweak.H evtl. unerwünschte Anwendung (gelöscht)" ac=C fn="C:\Users\Administrator\Downloads\supereasy_driver_updater_1.1.1_8159 (1).exe"
sh=84646799913CD4405311AD3FDA71846DD23F2BB9 ft=1 fh=d6bab377f18d1027 vn="Variante von Win32/Systweak.H evtl. unerwünschte Anwendung (gelöscht)" ac=C fn="C:\Users\Administrator\Downloads\supereasy_driver_updater_1.1.1_8159.exe"
sh=ECB794D1B00E561FC3007C5F725E1E6728C7DA7E ft=0 fh=0000000000000000 vn="Variante von Win32/Kryptik.EUUC Trojaner (gelöscht)" ac=C fn="D:\$RECYCLE.BIN\S-1-5-21-2644038190-2686571229-67561758-500\$RVH73V6.zip"
sh=A423BABEC72D0D1C6B86F12ECFBB4F4E25022E46 ft=1 fh=c19e43806b0ca485 vn="Variante von Win32/Systweak.H evtl. unerwünschte Anwendung (gelöscht)" ac=C fn="G:\Sicherung 09.2015\Administrator(ohne app data)\Downloads\supereasy_driver_updater_1.1.1_7870.exe"
sh=84646799913CD4405311AD3FDA71846DD23F2BB9 ft=1 fh=d6bab377f18d1027 vn="Variante von Win32/Systweak.H evtl. unerwünschte Anwendung (gelöscht)" ac=C fn="G:\Sicherung 09.2015\Administrator(ohne app data)\Downloads\supereasy_driver_updater_1.1.1_8159 (1).exe"
sh=84646799913CD4405311AD3FDA71846DD23F2BB9 ft=1 fh=d6bab377f18d1027 vn="Variante von Win32/Systweak.H evtl. unerwünschte Anwendung (gelöscht)" ac=C fn="G:\Sicherung 09.2015\Administrator(ohne app data)\Downloads\supereasy_driver_updater_1.1.1_8159.exe"
sh=ECB794D1B00E561FC3007C5F725E1E6728C7DA7E ft=0 fh=0000000000000000 vn="Variante von Win32/Kryptik.EUUC Trojaner (gelöscht)" ac=C fn="G:\FileHistory\Gerhard\GERHARD-PC\Data\D\Gerhard\Eigene Dokumente\18.04.2016 Gerhard Gutekunst Stellvertretender Sachbearbeiter Mail & Media AG (2016_04_19 09_10_08 UTC).zip"
sh=84646799913CD4405311AD3FDA71846DD23F2BB9 ft=1 fh=d6bab377f18d1027 vn="Variante von Win32/Systweak.H evtl. unerwünschte Anwendung (gelöscht)" ac=C fn="G:\FileHistory\Gerhard\GERHARD-PC\Data\C\Users\Administrator\Downloads\supereasy_driver_updater_1.1.1_8159 (2015_09_15 18_11_50 UTC).exe"
sh=84646799913CD4405311AD3FDA71846DD23F2BB9 ft=1 fh=d6bab377f18d1027 vn="Variante von Win32/Systweak.H evtl. unerwünschte Anwendung (gelöscht)" ac=C fn="G:\FileHistory\Gerhard\GERHARD-PC\Data\C\Users\Administrator\Downloads\supereasy_driver_updater_1.1.1_8159 (1) (2015_09_15 18_11_50 UTC).exe"
sh=A423BABEC72D0D1C6B86F12ECFBB4F4E25022E46 ft=1 fh=c19e43806b0ca485 vn="Variante von Win32/Systweak.H evtl. unerwünschte Anwendung (gelöscht)" ac=C fn="G:\FileHistory\Gerhard\GERHARD-PC\Data\C\Users\Administrator\Downloads\supereasy_driver_updater_1.1.1_7870 (2015_09_15 18_11_50 UTC).exe"

LG

cosinus 20.05.2016 15:07
da müssen wir nochmal ran:

FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\S-1-5-21-2644038190-2686571229-67561758-500\...\Run: [snubber-91] => C:\ProgramData\snubber-9\snubber-7.exe [799296 2016-04-21] ()
HKU\S-1-5-21-2644038190-2686571229-67561758-500\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [4515256 2016-04-23] (Microsoft Corporation) <==== ACHTUNG
C:\ProgramData\snubber-9
C:\Users\Administrator\Downloads\supereasy_driver_updater_1.1.1_7870.exe
C:\Users\Administrator\Downloads\supereasy_driver_updater_1.1.1_8159 (1).exe
C:\Users\Administrator\Downloads\supereasy_driver_updater_1.1.1_8159.exe
G:\Sicherung 09.2015\Administrator(ohne app data)\Downloads\supereasy_driver_updater_1.1.1_7870.exe
G:\Sicherung 09.2015\Administrator(ohne app data)\Downloads\supereasy_driver_updater_1.1.1_8159 (1).exe
G:\Sicherung 09.2015\Administrator(ohne app data)\Downloads\supereasy_driver_updater_1.1.1_8159.exe
G:\FileHistory\Gerhard\GERHARD-PC\Data\D\Gerhard\Eigene Dokumente\18.04.2016 Gerhard Gutekunst Stellvertretender Sachbearbeiter Mail & Media AG (2016_04_19 09_10_08 UTC).zip
G:\FileHistory\Gerhard\GERHARD-PC\Data\C\Users\Administrator\Downloads\supereasy_driver_updater_1.1.1_8159 (2015_09_15 18_11_50 UTC).exe
G:\FileHistory\Gerhard\GERHARD-PC\Data\C\Users\Administrator\Downloads\supereasy_driver_updater_1.1.1_8159 (1) (2015_09_15 18_11_50 UTC).exe
G:\FileHistory\Gerhard\GERHARD-PC\Data\C\Users\Administrator\Downloads\supereasy_driver_updater_1.1.1_7870 (2015_09_15 18_11_50 UTC).exe
cmd: dir /oge-d %APPDATA%
cmd: dir /oge-d "%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup"
cmd: dir /oge-d %PROGRAMDATA%
emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Alle Zeitangaben in WEZ +1. Es ist jetzt 08:44 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22