Windows 10/64bit: Windows Defender meldet trojandownloader:win32/esaprof!rfn

frst.txt
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
durchgeführt von Beatrix (Administrator) auf CANDRA (12-03-2016 16:05:41)
Gestartet von C:\Users\Beatrix\Desktop
Geladene Profile: Beatrix (Verfügbare Profile: Beatrix)
Platform: Windows 10 Home Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

() C:\Program Files (x86)\PHotkey\AsLdrSrv.exe
() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.302.8200.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [MedionReminder] => C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe [443688 2011-05-26] (CyberLink)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3952800 2015-08-21] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-30] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-05] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [507744 2011-12-21] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [807392 2016-03-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-01-27] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2384618903-2837397961-1632789598-1000\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Beatrix\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-2384618903-2837397961-1632789598-1000\...\RunOnce: [Uninstall C:\Users\Beatrix\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Beatrix\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
HKU\S-1-5-21-2384618903-2837397961-1632789598-1000\...\RunOnce: [Uninstall C:\Users\Beatrix\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Beatrix\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-2384618903-2837397961-1632789598-1000\...\RunOnce: [Uninstall C:\Users\Beatrix\AppData\Local\Microsoft\OneDrive\17.3.6301.0127] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Beatrix\AppData\Local\Microsoft\OneDrive\17.3.6301.0127"
Startup: C:\Users\Beatrix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013-03-08]
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{7d39b7fa-2c9f-4a5b-9c9e-35ba3c14cb5d}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{9738b9b3-f3e9-409c-8fdb-b38774a7f903}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKU\S-1-5-21-2384618903-2837397961-1632789598-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-2384618903-2837397961-1632789598-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF
URLSearchHook: HKU\S-1-5-21-2384618903-2837397961-1632789598-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKU\S-1-5-21-2384618903-2837397961-1632789598-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-01-25] (Oracle Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2013-12-30] (DVDVideoSoft Ltd.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-01-25] (Oracle Corporation)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2013-12-30] (DVDVideoSoft Ltd.)
Toolbar: HKU\S-1-5-21-2384618903-2837397961-1632789598-1000 -> Kein Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  Keine Datei
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-02-25] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-25] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-02-25] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-25] (McAfee, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Beatrix\AppData\Roaming\Mozilla\Firefox\Profiles\1fclt1pj.default-1426021297044
FF Homepage: hxxps://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-10] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll [2012-01-25] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll [2012-01-25] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-09-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2384618903-2837397961-1632789598-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Beatrix\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\Beatrix\AppData\Roaming\Mozilla\Firefox\Profiles\1fclt1pj.default-1426021297044\searchplugins\McSiteAdvisor.xml [2016-03-11]
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-12-29]
FF Extension: Adblock Plus - C:\Users\Beatrix\AppData\Roaming\Mozilla\Firefox\Profiles\1fclt1pj.default-1426021297044\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-24]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKU\S-1-5-21-2384618903-2837397961-1632789598-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-02-03] [ist nicht signiert]

Chrome: 
=======
CHR Profile: C:\Users\Beatrix\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-03-02]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2384618903-2837397961-1632789598-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2014-02-03]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-03-02]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [955736 2016-03-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [466504 2016-03-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [466504 2016-03-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1424880 2016-03-12] (Avira Operations GmbH & Co. KG)
R2 ASLDRService; C:\Program Files (x86)\PHotkey\ASLDRSrv.exe [104968 2009-12-19] ()
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [260456 2016-01-27] (Avira Operations GmbH & Co. KG)
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [156672 2011-10-13] () [Datei ist nicht signiert]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [163592 2016-02-25] (McAfee, Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [247968 2015-08-21] (Synaptics Incorporated)
S2 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [70144 2012-01-31] () [Datei ist nicht signiert]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128664 2016-03-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [137952 2016-03-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [68936 2016-03-12] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [36968 2016-01-19] (McAfee, Inc.)
R3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3343872 2015-10-30] (Intel Corporation)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44192 2015-08-21] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-03-12 16:05 - 2016-03-12 16:06 - 00018816 _____ C:\Users\Beatrix\Desktop\FRST.txt
2016-03-12 16:05 - 2016-03-12 16:05 - 00000000 ____D C:\FRST
2016-03-12 16:04 - 2016-03-12 16:05 - 02374144 _____ (Farbar) C:\Users\Beatrix\Desktop\FRST64.exe
2016-03-12 07:28 - 2016-03-12 07:29 - 00000000 ____D C:\Users\Beatrix\AppData\Local\{A7C596B7-CFC5-49A1-9E63-BBE9EB356C95}
2016-03-11 18:32 - 2016-03-11 18:32 - 05404312 _____ (Avira Operations GmbH & Co. KG) C:\Users\Beatrix\Downloads\avira_de_aapd0_48230367_kv7dhsl7t9ifmw2jybzc_wd.exe
2016-03-11 13:53 - 2016-03-11 13:54 - 00000000 ____D C:\Users\Beatrix\AppData\Local\{5D88D746-412F-40B2-892B-44BFC37B4E37}
2016-03-10 18:48 - 2016-03-10 18:48 - 00000054 _____ C:\Users\Beatrix\Desktop\downloadtrojaner.txt
2016-03-10 10:07 - 2016-03-10 10:07 - 00000000 ____D C:\Users\Beatrix\AppData\Local\{0F39F9D0-19CE-4D13-96F4-E4F3BBC3A38A}
2016-03-09 20:23 - 2016-03-09 20:23 - 00000000 ____D C:\Users\Beatrix\AppData\Local\{178B916D-FD87-4842-9C6F-1BB2F504BA5E}
2016-03-09 10:17 - 2016-02-24 10:51 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-03-09 10:17 - 2016-02-24 10:28 - 03449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2016-03-09 10:17 - 2016-02-24 09:46 - 06607080 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-03-09 10:17 - 2016-02-24 09:06 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-03-09 10:17 - 2016-02-24 07:43 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2016-03-09 10:17 - 2016-02-24 07:40 - 01224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2016-03-09 10:17 - 2016-02-24 07:11 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-03-09 10:17 - 2016-02-24 07:09 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2016-03-09 10:17 - 2016-02-24 07:07 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2016-03-09 10:17 - 2016-02-24 07:00 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-03-09 10:17 - 2016-02-24 06:55 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-03-09 10:17 - 2016-02-24 06:34 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-03-09 10:17 - 2016-02-24 06:20 - 22376960 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-03-09 10:17 - 2016-02-24 06:18 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-03-09 10:17 - 2016-02-24 06:12 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-03-09 10:17 - 2016-02-24 06:12 - 05321728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-03-09 10:17 - 2016-02-24 06:10 - 24600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-03-09 10:17 - 2016-02-24 06:09 - 06972416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-03-09 10:17 - 2016-02-24 06:05 - 12586496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-03-09 10:17 - 2016-02-24 06:03 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-03-09 10:17 - 2016-02-24 05:59 - 05661696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-03-09 10:17 - 2016-02-24 05:55 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-03-09 10:16 - 2016-03-01 06:31 - 00848168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-03-09 10:16 - 2016-03-01 06:22 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-03-09 10:16 - 2016-02-24 10:52 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-03-09 10:16 - 2016-02-24 10:48 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-03-09 10:16 - 2016-02-24 10:47 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-03-09 10:16 - 2016-02-24 10:40 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-03-09 10:16 - 2016-02-24 10:34 - 01613664 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-03-09 10:16 - 2016-02-24 10:15 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-03-09 10:16 - 2016-02-24 09:58 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-03-09 10:16 - 2016-02-24 09:54 - 00127840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2016-03-09 10:16 - 2016-02-24 09:51 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-03-09 10:16 - 2016-02-24 09:50 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-03-09 10:16 - 2016-02-24 09:43 - 00625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2016-03-09 10:16 - 2016-02-24 09:39 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-03-09 10:16 - 2016-02-24 09:39 - 00141560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2016-03-09 10:16 - 2016-02-24 09:19 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-03-09 10:16 - 2016-02-24 09:14 - 00216416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-03-09 10:16 - 2016-02-24 09:11 - 01997152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-03-09 10:16 - 2016-02-24 09:11 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-03-09 10:16 - 2016-02-24 09:11 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-03-09 10:16 - 2016-02-24 09:11 - 00652392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-03-09 10:16 - 2016-02-24 09:11 - 00394080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-03-09 10:16 - 2016-02-24 09:11 - 00258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll
2016-03-09 10:16 - 2016-02-24 09:10 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-03-09 10:16 - 2016-02-24 09:10 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-03-09 10:16 - 2016-02-24 09:09 - 00640472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-03-09 10:16 - 2016-02-24 09:09 - 00147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2016-03-09 10:16 - 2016-02-24 08:59 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-03-09 10:16 - 2016-02-24 08:39 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll
2016-03-09 10:16 - 2016-02-24 08:39 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll
2016-03-09 10:16 - 2016-02-24 08:38 - 00187744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-03-09 10:16 - 2016-02-24 08:38 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2016-03-09 10:16 - 2016-02-24 08:37 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll
2016-03-09 10:16 - 2016-02-24 08:36 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll
2016-03-09 10:16 - 2016-02-24 08:35 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-03-09 10:16 - 2016-02-24 08:35 - 00523752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-03-09 10:16 - 2016-02-24 08:35 - 00220064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll
2016-03-09 10:16 - 2016-02-24 08:35 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-03-09 10:16 - 2016-02-24 08:33 - 00538736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-03-09 10:16 - 2016-02-24 08:33 - 00141664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2016-03-09 10:16 - 2016-02-24 08:31 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-03-09 10:16 - 2016-02-24 08:30 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll
2016-03-09 10:16 - 2016-02-24 08:28 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll
2016-03-09 10:16 - 2016-02-24 08:23 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-03-09 10:16 - 2016-02-24 08:23 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll
2016-03-09 10:16 - 2016-02-24 08:22 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2016-03-09 10:16 - 2016-02-24 08:20 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2016-03-09 10:16 - 2016-02-24 08:20 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-03-09 10:16 - 2016-02-24 08:20 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-03-09 10:16 - 2016-02-24 08:19 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2016-03-09 10:16 - 2016-02-24 08:19 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2016-03-09 10:16 - 2016-02-24 08:15 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-03-09 10:16 - 2016-02-24 08:14 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2016-03-09 10:16 - 2016-02-24 08:13 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2016-03-09 10:16 - 2016-02-24 08:12 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\cemapi.dll
2016-03-09 10:16 - 2016-02-24 08:12 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2016-03-09 10:16 - 2016-02-24 08:10 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2016-03-09 10:16 - 2016-02-24 08:09 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2016-03-09 10:16 - 2016-02-24 08:09 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
2016-03-09 10:16 - 2016-02-24 08:07 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2016-03-09 10:16 - 2016-02-24 08:05 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-03-09 10:16 - 2016-02-24 08:03 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-03-09 10:16 - 2016-02-24 08:02 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2016-03-09 10:16 - 2016-02-24 08:01 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-03-09 10:16 - 2016-02-24 08:01 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2016-03-09 10:16 - 2016-02-24 08:01 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2016-03-09 10:16 - 2016-02-24 08:00 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2016-03-09 10:16 - 2016-02-24 07:59 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2016-03-09 10:16 - 2016-02-24 07:59 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2016-03-09 10:16 - 2016-02-24 07:59 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-03-09 10:16 - 2016-02-24 07:58 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll
2016-03-09 10:16 - 2016-02-24 07:55 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2016-03-09 10:16 - 2016-02-24 07:55 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2016-03-09 10:16 - 2016-02-24 07:55 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll
2016-03-09 10:16 - 2016-02-24 07:54 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2016-03-09 10:16 - 2016-02-24 07:54 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2016-03-09 10:16 - 2016-02-24 07:54 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2016-03-09 10:16 - 2016-02-24 07:54 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll
2016-03-09 10:16 - 2016-02-24 07:53 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2016-03-09 10:16 - 2016-02-24 07:53 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll
2016-03-09 10:16 - 2016-02-24 07:52 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2016-03-09 10:16 - 2016-02-24 07:52 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll
2016-03-09 10:16 - 2016-02-24 07:51 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-03-09 10:16 - 2016-02-24 07:49 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2016-03-09 10:16 - 2016-02-24 07:47 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-03-09 10:16 - 2016-02-24 07:46 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll
2016-03-09 10:16 - 2016-02-24 07:44 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-03-09 10:16 - 2016-02-24 07:44 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll
2016-03-09 10:16 - 2016-02-24 07:44 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2016-03-09 10:16 - 2016-02-24 07:44 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSyncServices.dll
2016-03-09 10:16 - 2016-02-24 07:43 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-03-09 10:16 - 2016-02-24 07:42 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-03-09 10:16 - 2016-02-24 07:42 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-03-09 10:16 - 2016-02-24 07:41 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-03-09 10:16 - 2016-02-24 07:41 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-03-09 10:16 - 2016-02-24 07:40 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-03-09 10:16 - 2016-02-24 07:40 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll
2016-03-09 10:16 - 2016-02-24 07:39 - 01390592 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-03-09 10:16 - 2016-02-24 07:39 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2016-03-09 10:16 - 2016-02-24 07:38 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2016-03-09 10:16 - 2016-02-24 07:36 - 01847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-03-09 10:16 - 2016-02-24 07:34 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2016-03-09 10:16 - 2016-02-24 07:34 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-03-09 10:16 - 2016-02-24 07:32 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2016-03-09 10:16 - 2016-02-24 07:32 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2016-03-09 10:16 - 2016-02-24 07:31 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cemapi.dll
2016-03-09 10:16 - 2016-02-24 07:31 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2016-03-09 10:16 - 2016-02-24 07:28 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-03-09 10:16 - 2016-02-24 07:28 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2016-03-09 10:16 - 2016-02-24 07:28 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll
2016-03-09 10:16 - 2016-02-24 07:25 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
2016-03-09 10:16 - 2016-02-24 07:23 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2016-03-09 10:16 - 2016-02-24 07:22 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2016-03-09 10:16 - 2016-02-24 07:21 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2016-03-09 10:16 - 2016-02-24 07:21 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2016-03-09 10:16 - 2016-02-24 07:18 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2016-03-09 10:16 - 2016-02-24 07:18 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2016-03-09 10:16 - 2016-02-24 07:18 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2016-03-09 10:16 - 2016-02-24 07:17 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2016-03-09 10:16 - 2016-02-24 07:16 - 00394752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2016-03-09 10:16 - 2016-02-24 07:13 - 00540160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2016-03-09 10:16 - 2016-02-24 07:09 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-03-09 10:16 - 2016-02-24 07:09 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-03-09 10:16 - 2016-02-24 07:09 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2016-03-09 10:16 - 2016-02-24 07:07 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-03-09 10:16 - 2016-02-24 07:07 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-03-09 10:16 - 2016-02-24 07:04 - 01497088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2016-03-09 10:16 - 2016-02-24 07:03 - 00769536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2016-03-09 10:16 - 2016-02-24 07:01 - 01831936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-03-09 10:16 - 2016-02-24 07:00 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-03-09 10:16 - 2016-02-24 06:57 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-03-09 10:16 - 2016-02-24 06:43 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwbase.dll
2016-03-09 10:16 - 2016-02-24 06:22 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwbase.dll
2016-03-09 08:23 - 2016-03-09 08:23 - 00000000 ____D C:\Users\Beatrix\AppData\Local\{F813122E-F8A0-40C7-B112-D3A06CE322F9}
2016-03-08 13:37 - 2016-03-08 13:37 - 00000000 ____D C:\Users\Beatrix\AppData\Local\{874F3B82-C705-438B-9CD4-C6A4FE643210}
2016-03-07 19:55 - 2016-03-07 19:55 - 00000000 ____D C:\Users\Beatrix\AppData\Local\{0BABA8BB-6B7B-483D-B86A-C90B9DA5E3C7}
2016-03-07 07:55 - 2016-03-07 07:55 - 00000000 ____D C:\Users\Beatrix\AppData\Local\{B624DC56-265C-422F-B069-8DD580EF448C}
2016-03-06 13:01 - 2016-03-06 13:02 - 00000000 ____D C:\Users\Beatrix\AppData\Local\{0C5F82E3-074D-44EE-B1F3-91672A0758BB}
2016-03-06 10:20 - 2016-03-06 10:23 - 00000000 ____D C:\Users\Beatrix\Desktop\Thema Krankheit
2016-03-05 18:20 - 2016-03-05 18:20 - 00000000 ____D C:\Users\Beatrix\AppData\Local\{1D59F6C8-D714-44FE-A319-DB75F44E0AB8}
2016-03-04 19:44 - 2016-03-04 19:45 - 00000000 ____D C:\Users\Beatrix\AppData\Local\{D1816772-3CE7-4D99-B452-5095A0E44921}
2016-03-04 07:45 - 2016-03-04 07:45 - 05404312 _____ (Avira Operations GmbH & Co. KG) C:\Users\Beatrix\Downloads\avira_de_aapd0_48230367_nx7de4b0zlmruccxjdzb_wd.exe
2016-03-04 07:44 - 2016-03-04 07:44 - 00000000 ____D C:\Users\Beatrix\AppData\Local\{BFBFC8CA-CA2B-4E7F-A26A-E2B5C9E78498}
2016-03-03 14:09 - 2016-03-03 14:09 - 00000000 ____D C:\Users\Beatrix\AppData\Local\{57EDA35C-2621-463D-B5A3-8DE9B6CFEFC6}
2016-03-02 20:34 - 2016-03-02 20:34 - 00000000 ____D C:\Users\Beatrix\AppData\Local\{582E39A0-75FF-4E2D-989E-FEB39A7FA011}
2016-03-02 07:40 - 2016-03-02 07:40 - 00000000 ____D C:\Users\Beatrix\AppData\Local\{CAC6792F-B7E0-414B-B4B8-59715CDDC44D}
2016-03-02 07:27 - 2016-02-23 12:25 - 01818696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-03-02 07:27 - 2016-02-23 11:34 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-03-02 07:27 - 2016-02-23 11:32 - 08705672 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-03-02 07:27 - 2016-02-23 11:32 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-03-02 07:27 - 2016-02-23 11:31 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-03-02 07:27 - 2016-02-23 10:38 - 06952088 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-03-02 07:27 - 2016-02-23 10:27 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-03-02 07:27 - 2016-02-23 09:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-03-02 07:27 - 2016-02-23 09:28 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-03-02 07:27 - 2016-02-23 09:09 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-03-02 07:27 - 2016-02-23 09:06 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-03-02 07:27 - 2016-02-23 09:06 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-03-02 07:27 - 2016-02-23 09:00 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-03-02 07:27 - 2016-02-23 08:58 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-03-02 07:27 - 2016-02-23 08:30 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-03-02 07:27 - 2016-02-23 08:24 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-03-02 07:27 - 2016-02-23 08:22 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-03-02 07:27 - 2016-02-23 08:21 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-03-02 07:27 - 2016-02-23 07:59 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-03-02 07:27 - 2016-02-23 07:55 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-03-02 07:27 - 2016-02-23 07:55 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-03-02 07:27 - 2016-02-23 07:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-03-02 07:27 - 2016-02-23 07:50 - 09919488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-03-02 07:27 - 2016-02-23 07:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-03-02 07:27 - 2016-02-23 07:36 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-03-02 07:27 - 2016-02-23 07:36 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-03-02 07:27 - 2016-02-09 04:24 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-03-02 07:27 - 2016-02-09 04:07 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-03-02 07:27 - 2016-02-09 04:04 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-03-02 07:26 - 2016-02-23 11:21 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-03-02 07:26 - 2016-02-23 09:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-03-02 07:26 - 2016-02-23 08:52 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-03-02 07:25 - 2016-02-23 10:45 - 02773096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-03-02 07:25 - 2016-02-23 10:30 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-03-02 07:25 - 2016-02-23 09:02 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-03-02 07:25 - 2016-02-23 07:39 - 02581504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-03-02 07:25 - 2016-02-23 07:30 - 02061312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-03-02 07:24 - 2016-02-23 12:27 - 02654872 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-02 07:24 - 2016-02-23 12:25 - 02152288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-03-02 07:24 - 2016-02-23 11:34 - 01859960 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-03-02 07:24 - 2016-02-23 11:32 - 02544264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-03-02 07:24 - 2016-02-23 11:32 - 01152328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2016-03-02 07:24 - 2016-02-23 11:32 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-03-02 07:24 - 2016-02-23 11:31 - 01017032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2016-03-02 07:24 - 2016-02-23 11:31 - 00819648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2016-03-02 07:24 - 2016-02-23 11:31 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-03-02 07:24 - 2016-02-23 11:25 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-03-02 07:24 - 2016-02-23 10:38 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-03-02 07:24 - 2016-02-23 10:38 - 00980352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2016-03-02 07:24 - 2016-02-23 10:38 - 00895080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2016-03-02 07:24 - 2016-02-23 10:38 - 00882720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-03-02 07:24 - 2016-02-23 10:37 - 00713824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2016-03-02 07:24 - 2016-02-23 09:56 - 02186864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-03-02 07:24 - 2016-02-23 09:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-03-02 07:24 - 2016-02-23 09:29 - 00591872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-03-02 07:24 - 2016-02-23 09:12 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-03-02 07:24 - 2016-02-23 09:06 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-03-02 07:24 - 2016-02-23 09:04 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2016-03-02 07:24 - 2016-02-23 08:24 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2016-03-02 07:24 - 2016-02-23 08:17 - 02635264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-03-02 07:24 - 2016-02-23 07:41 - 02912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2016-03-02 07:23 - 2016-02-23 11:33 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-03-02 07:23 - 2016-02-23 11:32 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-03-02 07:23 - 2016-02-23 10:38 - 00450912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-03-02 07:23 - 2016-02-23 10:20 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSave.dll
2016-03-02 07:23 - 2016-02-23 09:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-03-02 07:23 - 2016-02-23 09:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-03-02 07:23 - 2016-02-23 09:19 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-03-02 07:23 - 2016-02-23 09:14 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2016-03-02 07:23 - 2016-02-23 09:10 - 00997376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2016-03-02 07:23 - 2016-02-23 09:09 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-03-02 07:23 - 2016-02-23 09:04 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-03-02 07:23 - 2016-02-23 08:58 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-03-02 07:23 - 2016-02-23 08:49 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-03-02 07:23 - 2016-02-23 08:30 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-03-02 07:23 - 2016-02-23 08:24 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-03-02 07:23 - 2016-02-23 08:11 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-03-02 07:23 - 2016-02-23 07:53 - 01799168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-03-02 07:23 - 2016-02-23 07:42 - 03425792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-03-02 07:23 - 2016-02-23 07:35 - 07533568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-03-02 07:23 - 2016-02-23 07:28 - 06740992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-03-02 07:22 - 2016-02-23 12:29 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-03-02 07:22 - 2016-02-23 12:29 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-03-02 07:22 - 2016-02-23 12:27 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-03-02 07:22 - 2016-02-23 12:27 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-03-02 07:22 - 2016-02-23 10:39 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-03-02 07:22 - 2016-02-23 10:32 - 00791744 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-03-02 07:22 - 2016-02-23 10:27 - 00376536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2016-03-02 07:22 - 2016-02-23 10:17 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-03-02 07:22 - 2016-02-23 09:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-03-02 07:22 - 2016-02-23 09:53 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-03-02 07:22 - 2016-02-23 09:40 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-03-02 07:22 - 2016-02-23 09:38 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2016-03-02 07:22 - 2016-02-23 09:37 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-03-02 07:22 - 2016-02-23 09:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuickActionsDataModel.dll
2016-03-02 07:22 - 2016-02-23 09:27 - 00307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2016-03-02 07:22 - 2016-02-23 09:26 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2016-03-02 07:22 - 2016-02-23 09:20 - 00493568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-03-02 07:22 - 2016-02-23 09:19 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2016-03-02 07:22 - 2016-02-23 09:10 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-03-02 07:22 - 2016-02-23 09:09 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-03-02 07:22 - 2016-02-23 09:05 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-03-02 07:22 - 2016-02-23 08:58 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll
2016-03-02 07:22 - 2016-02-23 08:50 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2016-03-02 07:22 - 2016-02-23 08:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-03-02 07:22 - 2016-02-23 08:36 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-03-02 07:22 - 2016-02-23 08:35 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2016-03-02 07:22 - 2016-02-23 08:31 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2016-03-02 07:22 - 2016-02-23 08:24 - 04827136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-03-02 07:22 - 2016-02-23 08:21 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-03-02 07:22 - 2016-02-23 08:14 - 00990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-03-02 07:22 - 2016-02-23 08:01 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2016-03-02 07:22 - 2016-02-23 07:56 - 04412928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-03-02 07:22 - 2016-02-23 07:33 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2016-03-02 07:22 - 2016-02-23 07:32 - 02793472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-03-02 07:22 - 2016-02-09 05:28 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-03-02 07:22 - 2016-02-09 04:07 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-03-02 07:21 - 2016-02-23 12:25 - 00563552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2016-03-02 07:21 - 2016-02-23 12:15 - 00779384 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2016-03-02 07:21 - 2016-02-23 12:08 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-03-02 07:21 - 2016-02-23 11:33 - 00389992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-03-02 07:21 - 2016-02-23 11:31 - 00476728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2016-03-02 07:21 - 2016-02-23 11:22 - 00572272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2016-03-02 07:21 - 2016-02-23 11:17 - 00146272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2016-03-02 07:21 - 2016-02-23 10:40 - 00430944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-03-02 07:21 - 2016-02-23 10:38 - 00420928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2016-03-02 07:21 - 2016-02-23 10:20 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-03-02 07:21 - 2016-02-23 10:19 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-03-02 07:21 - 2016-02-23 10:06 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2016-03-02 07:21 - 2016-02-23 09:55 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2016-03-02 07:21 - 2016-02-23 09:52 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-03-02 07:21 - 2016-02-23 09:50 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-03-02 07:21 - 2016-02-23 09:38 - 00287712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2016-03-02 07:21 - 2016-02-23 09:34 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2016-03-02 07:21 - 2016-02-23 09:34 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2016-03-02 07:21 - 2016-02-23 09:22 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-03-02 07:21 - 2016-02-23 09:20 - 00847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2016-03-02 07:21 - 2016-02-23 09:18 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-03-02 07:21 - 2016-02-23 09:11 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-03-02 07:21 - 2016-02-23 09:04 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-03-02 07:21 - 2016-02-23 09:02 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2016-03-02 07:21 - 2016-02-23 08:48 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2016-03-02 07:21 - 2016-02-23 08:47 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2016-03-02 07:21 - 2016-02-23 08:38 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2016-03-02 07:21 - 2016-02-23 08:37 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-03-02 07:21 - 2016-02-23 08:36 - 00713728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2016-03-02 07:21 - 2016-02-23 08:29 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-03-02 07:21 - 2016-02-23 08:28 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-03-02 07:21 - 2016-02-23 08:05 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-03-02 07:21 - 2016-02-23 07:58 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-03-02 07:21 - 2016-02-23 07:51 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-03-02 07:21 - 2016-02-09 05:13 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-03-02 07:21 - 2016-02-09 04:18 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2016-03-02 07:21 - 2016-02-09 04:18 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2016-03-02 07:20 - 2016-02-23 10:25 - 00534368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-03-02 07:20 - 2016-02-23 10:12 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\provpackageapidll.dll
2016-03-02 07:20 - 2016-02-23 10:10 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2016-03-02 07:20 - 2016-02-23 10:07 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-03-02 07:20 - 2016-02-23 10:07 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2016-03-02 07:20 - 2016-02-23 10:01 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-03-02 07:20 - 2016-02-23 10:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-03-02 07:20 - 2016-02-23 10:00 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2016-03-02 07:20 - 2016-02-23 09:58 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\irmon.dll
2016-03-02 07:20 - 2016-02-23 09:53 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2016-03-02 07:20 - 2016-02-23 09:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-03-02 07:20 - 2016-02-23 09:48 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerClient.dll
2016-03-02 07:20 - 2016-02-23 09:39 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2016-03-02 07:20 - 2016-02-23 09:33 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-03-02 07:20 - 2016-02-23 09:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-03-02 07:20 - 2016-02-23 09:31 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2016-03-02 07:20 - 2016-02-23 09:23 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2016-03-02 07:20 - 2016-02-23 09:20 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-03-02 07:20 - 2016-02-23 09:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-03-02 07:20 - 2016-02-23 09:02 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-03-02 07:20 - 2016-02-23 08:58 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-03-02 07:20 - 2016-02-23 08:57 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TimeBrokerClient.dll
2016-03-02 07:20 - 2016-02-23 08:36 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-03-02 07:20 - 2016-02-23 08:28 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-03-02 07:20 - 2016-02-23 08:20 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-03-02 06:51 - 2016-03-02 06:57 - 00285292 _____ C:\WINDOWS\Minidump\030216-56125-01.dmp
2016-03-02 06:51 - 2016-03-02 06:51 - 00000000 ____D C:\WINDOWS\Minidump
2016-03-01 10:03 - 2016-03-07 18:40 - 00000000 ____D C:\Users\Beatrix\Documents\Geburtstag2016
2016-03-01 07:44 - 2016-03-01 07:45 - 00000000 ____D C:\Users\Beatrix\Documents\Osteoporose
2016-03-01 07:38 - 2016-03-01 07:38 - 00000000 ____D C:\Users\Beatrix\AppData\Local\{DC38E437-742D-42B1-9547-856B45C05BFC}
2016-02-28 08:28 - 2016-02-28 08:29 - 00000000 ____D C:\Users\Beatrix\AppData\Local\{AEF8D42A-9454-4A38-B23F-518496B1ADA1}
2016-02-27 16:37 - 2016-03-11 07:25 - 00034816 ___SH C:\Users\Beatrix\Desktop\Thumbs.db
2016-02-27 12:56 - 2016-02-27 12:56 - 00000000 ____D C:\Users\Beatrix\AppData\Roaming\CyberLink
2016-02-27 11:14 - 2016-02-27 11:14 - 00000000 ____D C:\Users\Beatrix\AppData\Local\{7DB0FAFA-8073-4334-ACE4-FC82533D20CE}
2016-02-26 20:03 - 2016-02-26 20:03 - 00000000 ____D C:\Users\Beatrix\AppData\Local\{FA78EA90-6666-49AD-9ED0-FB030128CA46}
2016-02-26 08:03 - 2016-02-26 08:03 - 00000000 ____D C:\Users\Beatrix\AppData\Local\{C60AD3C7-8906-4C40-BFC9-5A848FDC51C6}
2016-02-25 07:13 - 2016-02-25 07:13 - 00000000 ____D C:\Users\Beatrix\AppData\Local\{5BA4475D-A1C4-41C5-9E07-CD2C3D23AF6C}
2016-02-24 15:07 - 2016-02-24 15:08 - 00000000 ____D C:\Users\Beatrix\AppData\Local\{F983C8C2-00CC-491B-AFB0-C877DD66EF06}
2016-02-23 09:08 - 2016-02-23 09:08 - 00000000 ____D C:\Users\Beatrix\AppData\Local\{B82D2161-BFC6-430E-AC36-F0E9ACDF7376}
2016-02-22 11:57 - 2016-02-22 11:57 - 00000000 ____D C:\Users\Beatrix\AppData\Local\{87DBE1E2-5404-46C6-8C33-911E28F89BF1}
2016-02-20 12:28 - 2016-03-05 12:50 - 00000000 ____D C:\Users\Beatrix\Documents\Irmgard Walkman
2016-02-19 19:34 - 2016-02-19 19:34 - 00000000 ____D C:\Users\Beatrix\AppData\Local\{83F64F10-19EC-43E7-8568-8BBB86E65F76}
2016-02-18 16:21 - 2016-02-18 16:21 - 00000000 ____D C:\Users\Beatrix\AppData\Local\{52A2B875-A1FE-48C2-ACD6-E94976C18395}
2016-02-16 09:46 - 2016-02-16 09:46 - 00000000 ____D C:\Users\Beatrix\AppData\Local\{F4DFD0E0-D7EF-4792-8A5E-C1330305BE0E}
2016-02-15 14:54 - 2016-02-15 14:54 - 00000000 ____D C:\Users\Beatrix\AppData\Local\{DF0ABD1D-A558-4497-B90C-F1E4B1954E2A}
2016-02-13 21:49 - 2016-02-13 21:49 - 00000000 ____D C:\Users\Beatrix\AppData\Local\{C373C95E-3C43-4113-8133-05F625491910}
2016-02-13 15:57 - 2016-02-27 16:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-11 12:54 - 2016-02-11 12:54 - 00000000 ____D C:\Users\Beatrix\AppData\Local\{F2BF8ABA-393F-4CC8-90E3-689F24CF27D9}
2016-02-11 10:26 - 2016-02-11 10:26 - 00000000 ____D C:\Users\Beatrix\AppData\Local\{683C4BD7-70E1-4F47-9F8E-1CA69EAE6981}

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-03-12 11:14 - 2013-05-26 18:22 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-03-12 11:09 - 2013-03-08 16:55 - 00001132 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-12 09:06 - 2015-08-31 08:16 - 00001291 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2016-03-12 09:05 - 2015-03-10 19:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-03-12 07:58 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-03-12 07:55 - 2015-03-10 19:13 - 00137952 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2016-03-12 07:55 - 2015-03-10 19:13 - 00128664 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2016-03-12 07:55 - 2015-03-10 19:13 - 00068936 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2016-03-12 07:42 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-11 19:09 - 2013-03-08 16:55 - 00001128 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-11 18:43 - 2016-01-08 04:14 - 02086168 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-11 18:43 - 2015-10-30 19:35 - 00889250 _____ C:\WINDOWS\system32\perfh007.dat
2016-03-11 18:43 - 2015-10-30 19:35 - 00197298 _____ C:\WINDOWS\system32\perfc007.dat
2016-03-11 18:43 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2016-03-11 18:41 - 2013-03-08 17:04 - 00000000 ____D C:\Users\Beatrix\Documents\Youcam
2016-03-11 18:40 - 2015-10-10 15:49 - 00002433 _____ C:\Users\Beatrix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-03-11 18:40 - 2015-10-10 15:49 - 00000000 ___RD C:\Users\Beatrix\OneDrive
2016-03-11 18:36 - 2016-01-08 04:33 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-11 18:36 - 2015-10-30 07:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-03-11 07:30 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-10 08:56 - 2016-01-08 04:15 - 00000000 ____D C:\Users\Beatrix
2016-03-10 08:53 - 2016-01-08 04:05 - 00226160 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-03-10 08:50 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-03-10 08:50 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-03-10 08:50 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-03-10 08:50 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-03-08 08:12 - 2015-10-30 08:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-03-08 08:12 - 2015-10-30 08:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-05 15:56 - 2013-10-15 10:24 - 00000000 ____D C:\Users\Beatrix\AppData\Roaming\vlc
2016-03-04 07:46 - 2015-03-10 19:08 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-03 13:54 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\rescache
2016-03-02 21:00 - 2015-09-10 06:37 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-03-02 20:57 - 2013-04-27 09:35 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-03-02 20:41 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-03-02 20:41 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-03-02 20:41 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-03-02 20:41 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-03-02 20:41 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-03-02 20:40 - 2015-10-30 19:44 - 00000000 ____D C:\Program Files\Windows Journal
2016-03-02 20:40 - 2015-10-30 08:24 - 00000000 __RSD C:\WINDOWS\Media
2016-03-02 20:40 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-03-02 20:40 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-03-02 06:51 - 2015-08-19 21:13 - 829565502 _____ C:\WINDOWS\MEMORY.DMP
2016-02-27 16:35 - 2015-10-30 07:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-02-27 16:26 - 2013-03-10 06:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-27 12:56 - 2012-03-05 11:33 - 00000000 ____D C:\Users\Public\CyberLink
2016-02-27 12:56 - 2012-03-05 11:27 - 00000000 ____D C:\ProgramData\CyberLink
2016-02-22 14:51 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-02-20 13:12 - 2013-03-08 16:56 - 00002268 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-19 14:49 - 2013-09-19 20:33 - 00000000 ____D C:\Users\Beatrix\Documents\My Digital Editions
2016-02-11 14:33 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2013-06-04 17:25 - 2015-11-08 18:55 - 0014848 _____ () C:\Users\Beatrix\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Einige Dateien in TEMP:
====================
C:\Users\Beatrix\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-03-07 09:06

==================== Ende von FRST.txt ============================
         

additions.txt
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
durchgeführt von Beatrix (2016-03-12 16:08:02)
Gestartet von C:\Users\Beatrix\Desktop
Windows 10 Home Version 1511 (X64) (2016-01-08 03:38:08)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2384618903-2837397961-1632789598-500 - Administrator - Disabled)
Beatrix (S-1-5-21-2384618903-2837397961-1632789598-1000 - Administrator - Enabled) => C:\Users\Beatrix
DefaultAccount (S-1-5-21-2384618903-2837397961-1632789598-503 - Limited - Disabled)
Gast (S-1-5-21-2384618903-2837397961-1632789598-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2384618903-2837397961-1632789598-1002 - Limited - Enabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Albelli Fotobücher (HKU\S-1-5-21-2384618903-2837397961-1632789598-1000\...\{EE20E438-B675-4421-AB07-928F0EC9FB22}_is1) (Version:  - Albelli)
Amazon MP3-Downloader 1.0.18 (HKU\S-1-5-21-2384618903-2837397961-1632789598-1000\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.16.282 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{3b87484e-d70b-4b4f-ad59-2ae89571e2cf}) (Version: 1.1.56.9119 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.56.9119 - Avira Operations GmbH & Co. KG) Hidden
Caesar 3 (HKLM-x32\...\Caesar 3) (Version:  - )
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1327 - CyberLink Corp.)
CyberLink PowerDVD Copy (HKLM-x32\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.4125 - CyberLink Corp.)
CyberLink YouCam 5 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.1313 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
dm-Fotowelt (HKLM-x32\...\dm-Fotowelt) (Version: 6.1.1 - CEWE Stiftung u Co. KGaA)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.11 - Dolby Laboratories Inc)
foobar2000 v1.2.5 (HKLM-x32\...\foobar2000) (Version: 1.2.5 - Peter Pawlowski)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Free YouTube to MP3 Converter version 3.12.20.1230 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.20.1230 - DVDVideoSoft Ltd.)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Garmin BaseCamp (HKLM-x32\...\{B27D272F-2860-4363-9803-956C0A9FAFB9}) (Version: 4.1.2 - Garmin Ltd or its subsidiaries)
Garmin MapSource (HKLM-x32\...\{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}) (Version: 6.16.3 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
GPSBabel 1.4.4 (HKLM-x32\...\{1B8FE958-A304-4902-BF7A-4E2F0F5B7017}_is1) (Version:  - GPSBabel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2618 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{F0932859-AA60-459E-B843-0BDECA34E2C7}) (Version: 2.0.0.0086 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation)
Intel(R) WiDi (HKLM-x32\...\{93F34C5C-ACAA-48F3-9B26-70359A117F12}) (Version: 3.0.12.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® PROSet/Wireless WiFi Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0708 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
Java(TM) 7 Update 2 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417002FF}) (Version: 7.0.20 - Oracle)
Java(TM) 7 Update 2 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217002FF}) (Version: 7.0.20 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.173 - McAfee, Inc.)
Medion Home Cinema (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.3216 - CyberLink Corp.)
Medion Home Cinema (x32 Version: 8.0.3216 - CyberLink Corp.) Hidden
Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7943 - Memeo Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 44.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 de)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
Mp3tag v2.55 (HKLM-x32\...\Mp3tag) (Version: v2.55 - Florian Heidenreich)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PHotkey (HKLM-x32\...\{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}) (Version: 1.00.0055 - Pegatron Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6559 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
Sierra-Dienstprogramme (HKLM-x32\...\Sierra-Dienstprogramme) (Version:  - )
Smart View 2.0 (HKLM-x32\...\{FBAAAFAE-08A8-4C63-87EA-4AEA9DEE53E1}) (Version: 1.0.0.0 - Samsung)
Spelling Dictionaries Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-A00000000004}) (Version: 10.0.0 - Adobe Systems Incorporated)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.1 - Synaptics Incorporated)
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (HKLM-x32\...\{241E7104-937A-4366-AD57-8FDDDB003939}) (Version: 15.4.5722.2 - Microsoft Corporation)
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
watchmi (HKLM-x32\...\{F0559C5E-7912-4391-B1A0-6B975F0E5064}) (Version: 3.0.0 - Axel Springer Digital TV Guide GmbH)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation)
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-2384618903-2837397961-1632789598-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Beatrix\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {097C36B8-81DC-4BEA-919A-FD1C4C233811} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {0C222B2C-DC64-486B-9583-6E6125F05032} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {198D9B8F-48BC-49CA-8AF6-55C76A2C5BCD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {2355C731-6C76-4C92-B3DC-F639B5F3D1B4} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {2EEDF5C1-D242-4A99-B355-0192A079090D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {35E0BC33-9A72-43FA-ACEB-6CB93B0A21B0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {3B6A2309-D4C0-4A87-B670-CF5B8479F344} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {3CD156C6-DFBA-4CB7-BF1B-DAC033CC0EC8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {42A5C358-5BB4-4334-BD4C-D6E5FFB25E85} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {45B409AD-034D-4F23-A99B-072DEF830C85} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {518A8FF8-3A69-4617-A81E-E3BC74AD360A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {582CE772-BC1A-4AAE-95A9-612E3F71F407} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {72BBEF92-3230-482B-BB2E-2D66919CAE87} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {77F5B80E-AF17-4BD9-8454-0BDC371A11CE} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {7B633E8E-FD12-41D5-90E4-6553C9824650} - System32\Tasks\{7704A5E5-F5BA-4F6B-B907-D3175679062F} => pcalua.exe -a C:\dell\drivers\R153052\Setup.exe -d C:\dell\drivers\R153052
Task: {803D698F-2E53-48EF-875C-2278DF667F47} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {81C9863B-7FA7-4B5B-8724-6D0B80E88929} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {847254FD-28E2-4448-8057-B552E5D0D78B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-10] (Microsoft Corporation)
Task: {8B06F82D-A2F9-4620-B1CD-9FE4061DC117} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {8DE30295-826F-4168-AD47-4F9D52839639} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2012-01-13] (CyberLink Corp.)
Task: {9194065C-75CF-4E5D-90ED-6636D4121B42} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {9648AF3A-DADE-4097-B339-9C443048B6BB} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {98B90AFC-90ED-4693-963E-105AEAA957E8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\WINDOWS\system32\MRT.exe [2016-02-10] (Microsoft Corporation)
Task: {A6D99E90-19F8-4BD5-BD23-06C801D52651} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {AD7FAB58-15DC-4E7D-A4E1-60EE5974B9B7} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {AF420AC6-CA29-4854-8452-097F3807D77A} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {AF6968CB-3E21-41FA-B1A8-61C69C218954} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {B5F353CE-6293-49C1-8158-8E7C22EB387F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {BD2B3A81-5556-404C-80F1-DD22E14AB662} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {BDBDC914-38F2-46FF-BD95-416907B1EE4B} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {C563629E-5497-4215-BC3B-DD04C07296C4} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {CCD1963F-9C59-4686-AC1B-2DCDF36F512C} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {D24F4A6C-D68F-4228-A0D3-396DBF5E0385} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {D6BDD73A-E61D-4BC5-A3B1-DDEA50ADEDA0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {E02CD7CB-CDFE-4697-ADD4-F994838C1CC7} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {E0A2C520-6FE9-4E4E-95C8-33B4BE9805D0} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {E322C6CD-9F57-4B26-8521-F41673C27A8A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {E6127866-8945-4453-B377-341872E47C62} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {EDCBC82A-6F80-4802-BADA-9E31595766CC} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {F0A4E3D5-172A-4BF0-9BCB-F05BD39E75F2} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {F0BD0592-FDCA-4385-84FC-E0BD7AFC8AA7} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {F1DA1220-BB63-44EE-A193-2C8D31E83878} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-10] (Adobe Systems Incorporated)
Task: {F956FB20-C403-42FA-BE07-3C0854BE2176} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2012-03-05 18:17 - 2009-12-19 00:40 - 00104968 _____ () C:\Program Files (x86)\PHotkey\ASLDRSrv.exe
2012-03-05 18:17 - 2011-10-13 23:38 - 00156672 _____ () C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
2016-03-02 07:24 - 2016-02-23 12:27 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-02 07:24 - 2016-02-23 12:27 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2012-03-05 18:17 - 2010-01-13 02:36 - 00117256 _____ () C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
2012-03-05 18:17 - 2010-01-13 02:36 - 00121864 _____ () C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
2016-01-13 13:19 - 2016-01-05 02:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-13 13:19 - 2016-01-05 02:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-02-04 18:15 - 2016-01-16 06:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-02-04 18:15 - 2016-01-16 06:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-01-13 13:19 - 2016-01-05 02:24 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2015-06-01 20:00 - 2015-06-01 20:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-02-08 07:43 - 2016-02-08 07:44 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-03-04 07:17 - 2016-03-04 07:18 - 00016384 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.302.8200.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-03-04 07:17 - 2016-03-04 07:18 - 16062976 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.302.8200.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-03-04 07:17 - 2016-03-04 07:18 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.302.8200.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-01-08 03:58 - 2016-01-08 03:58 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-03-02 07:22 - 2016-02-23 09:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2010-08-04 00:39 - 2010-08-04 00:39 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-04 00:39 - 2010-08-04 00:39 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2012-03-05 17:55 - 2011-11-30 05:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2012-03-05 17:47 - 2011-12-16 10:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2016-02-08 07:43 - 2016-02-08 07:44 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-02-08 07:43 - 2016-02-08 07:44 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2384618903-2837397961-1632789598-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Beatrix\Pictures\hintergruende\LumaLight.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2384618903-2837397961-1632789598-1000\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.4.1.lnk"
HKU\S-1-5-21-2384618903-2837397961-1632789598-1000\...\StartupApproved\Run: => "AmazonMP3DownloaderHelper"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{03C5EEED-4A83-410F-AE45-3C35E60C351B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7F74D0B7-6772-4D01-A8CD-FD6997ECF4F9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4513AD9E-F60E-45D7-A568-DEC901FA5E59}] => (Allow) C:\Program Files (x86)\SmartView2\Smart View 2.0.exe
FirewallRules: [{42AF4F2B-2ABD-44ED-86F1-C704A25E4C10}] => (Allow) C:\Program Files (x86)\SmartView2\Smart View 2.0.exe
FirewallRules: [{FBCCCDA4-FC9C-44C4-A634-034AF4316ED0}] => (Allow) C:\Program Files (x86)\SmartView2\Smart View 2.0.exe
FirewallRules: [{53276A64-6F87-4B60-BC52-81EB20708AAA}] => (Allow) C:\Program Files (x86)\SmartView2\Smart View 2.0.exe
FirewallRules: [{85832019-5E10-4687-9BE8-ECC6260C4DFB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{3F0CB73A-4640-4B7B-A0AC-524E66E23823}] => (Allow) LPort=2869
FirewallRules: [{D63C74F5-9DCE-4F49-A501-D838905BB8A3}] => (Allow) LPort=1900
FirewallRules: [{CB2332EA-77AC-41DE-AD54-8B1B22BDC0F9}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{C0B4056E-B896-435C-BBE5-FF8029F17959}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{69200C4F-D42A-47A4-B6D5-E7A8B40E6C07}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{832F7398-70F5-41E4-9D12-62D9F0A1559E}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{EBCC7445-8549-471F-9ECE-05D4B23676C6}] => (Allow) C:\Windows\SysWOW64\dlbfcoms.exe
FirewallRules: [{89B341A4-5F7A-4DDE-BB17-4FAD68A08E64}] => (Allow) C:\Windows\SysWOW64\dlbfcoms.exe
FirewallRules: [{7D9BD1A5-890F-43FE-B817-A8B608A870BF}] => (Allow) C:\Windows\System32\dlbfcoms.exe
FirewallRules: [{573715A5-3FFE-411A-94DC-9E89EA26BD3C}] => (Allow) C:\Windows\System32\dlbfcoms.exe
FirewallRules: [{7A8D01C4-CF6D-4923-801A-A0DEC8C27745}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{534C661D-09FC-4FAA-91CB-D011A954A93A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{23B1ACE9-F455-442E-9B22-DD2E44AFC7E4}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{02E53CE3-7901-420B-B006-BF3EEE589C3E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{01D2B674-F04C-4CB9-940D-1AFF8A046C30}C:\users\beatrix\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light] => (Block) C:\users\beatrix\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light
FirewallRules: [UDP Query User{8EC7E8E3-24A4-4A9D-9FEB-CEA4CFC1EC44}C:\users\beatrix\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light] => (Block) C:\users\beatrix\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light
FirewallRules: [{93DC9C3F-99AB-483C-AAB4-0EFEDEB841F7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Wiederherstellungspunkte =========================


==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (03/12/2016 08:18:25 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (03/12/2016 07:41:17 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (03/11/2016 06:38:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PHotkey.exe, Version: 1.0.0.56, Zeitstempel: 0x4f2f9e86
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x117c
Startzeit der fehlerhaften Anwendung: 0xPHotkey.exe0
Pfad der fehlerhaften Anwendung: PHotkey.exe1
Pfad des fehlerhaften Moduls: PHotkey.exe2
Berichtskennung: PHotkey.exe3
Vollständiger Name des fehlerhaften Pakets: PHotkey.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: PHotkey.exe5

Error: (03/11/2016 06:37:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbamscheduler.exe, Version: 3.0.2.0, Zeitstempel: 0x5339cec3
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0xb0c
Startzeit der fehlerhaften Anwendung: 0xmbamscheduler.exe0
Pfad der fehlerhaften Anwendung: mbamscheduler.exe1
Pfad des fehlerhaften Moduls: mbamscheduler.exe2
Berichtskennung: mbamscheduler.exe3
Vollständiger Name des fehlerhaften Pakets: mbamscheduler.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mbamscheduler.exe5

Error: (03/11/2016 06:37:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbamservice.exe, Version: 3.0.2.0, Zeitstempel: 0x5318d363
Name des fehlerhaften Moduls: mbamservice.exe, Version: 3.0.2.0, Zeitstempel: 0x5318d363
Ausnahmecode: 0x40000015
Fehleroffset: 0x0007da8a
ID des fehlerhaften Prozesses: 0xc70
Startzeit der fehlerhaften Anwendung: 0xmbamservice.exe0
Pfad der fehlerhaften Anwendung: mbamservice.exe1
Pfad des fehlerhaften Moduls: mbamservice.exe2
Berichtskennung: mbamservice.exe3
Vollständiger Name des fehlerhaften Pakets: mbamservice.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mbamservice.exe5

Error: (03/10/2016 09:51:23 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (03/10/2016 08:56:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PHotkey.exe, Version: 1.0.0.56, Zeitstempel: 0x4f2f9e86
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x1088
Startzeit der fehlerhaften Anwendung: 0xPHotkey.exe0
Pfad der fehlerhaften Anwendung: PHotkey.exe1
Pfad des fehlerhaften Moduls: PHotkey.exe2
Berichtskennung: PHotkey.exe3
Vollständiger Name des fehlerhaften Pakets: PHotkey.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: PHotkey.exe5

Error: (03/10/2016 08:54:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbamservice.exe, Version: 3.0.2.0, Zeitstempel: 0x5318d363
Name des fehlerhaften Moduls: mbamservice.exe, Version: 3.0.2.0, Zeitstempel: 0x5318d363
Ausnahmecode: 0x40000015
Fehleroffset: 0x0007da8a
ID des fehlerhaften Prozesses: 0x9e0
Startzeit der fehlerhaften Anwendung: 0xmbamservice.exe0
Pfad der fehlerhaften Anwendung: mbamservice.exe1
Pfad des fehlerhaften Moduls: mbamservice.exe2
Berichtskennung: mbamservice.exe3
Vollständiger Name des fehlerhaften Pakets: mbamservice.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mbamservice.exe5

Error: (03/10/2016 08:54:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbamscheduler.exe, Version: 3.0.2.0, Zeitstempel: 0x5339cec3
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0xbac
Startzeit der fehlerhaften Anwendung: 0xmbamscheduler.exe0
Pfad der fehlerhaften Anwendung: mbamscheduler.exe1
Pfad des fehlerhaften Moduls: mbamscheduler.exe2
Berichtskennung: mbamscheduler.exe3
Vollständiger Name des fehlerhaften Pakets: mbamscheduler.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mbamscheduler.exe5

Error: (03/10/2016 08:48:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbamservice.exe, Version: 3.0.2.0, Zeitstempel: 0x5318d363
Name des fehlerhaften Moduls: mbamservice.exe, Version: 3.0.2.0, Zeitstempel: 0x5318d363
Ausnahmecode: 0x40000015
Fehleroffset: 0x0007da8a
ID des fehlerhaften Prozesses: 0xa90
Startzeit der fehlerhaften Anwendung: 0xmbamservice.exe0
Pfad der fehlerhaften Anwendung: mbamservice.exe1
Pfad des fehlerhaften Moduls: mbamservice.exe2
Berichtskennung: mbamservice.exe3
Vollständiger Name des fehlerhaften Pakets: mbamservice.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mbamservice.exe5


Systemfehler:
=============
Error: (03/12/2016 09:28:19 AM) (Source: iaStor) (EventID: 9) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.

Error: (03/12/2016 09:28:19 AM) (Source: volsnap) (EventID: 14) (User: )
Description: Die Schattenkopien von Volume "C:" wurden aufgrund eines E/A-Fehlers auf Volume "C:" abgebrochen.

Error: (03/12/2016 09:27:18 AM) (Source: iaStor) (EventID: 9) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.

Error: (03/12/2016 09:27:16 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Dnscache erreicht.

Error: (03/12/2016 09:26:46 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Dnscache erreicht.

Error: (03/12/2016 09:26:17 AM) (Source: iaStor) (EventID: 9) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.

Error: (03/12/2016 09:26:16 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Dnscache erreicht.

Error: (03/12/2016 09:25:46 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Dnscache erreicht.

Error: (03/12/2016 09:25:16 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Dnscache erreicht.

Error: (03/12/2016 09:25:16 AM) (Source: iaStor) (EventID: 9) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.


CodeIntegrity:
===================================
  Date: 2016-03-12 09:15:42.516
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-11 16:00:07.304
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-11 16:00:07.290
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-11 16:00:07.275
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-11 16:00:01.820
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-11 16:00:01.802
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-11 16:00:01.762
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-11 15:59:35.053
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-11 15:59:34.916
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-11 15:53:37.351
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz
Prozentuale Nutzung des RAM: 61%
Installierter physikalischer RAM: 3990.46 MB
Verfügbarer physikalischer RAM: 1523.21 MB
Summe virtueller Speicher: 8086.46 MB
Verfügbarer virtueller Speicher: 4456.76 MB

==================== Laufwerke ================================

Drive c: (Boot) (Fixed) (Total:647.54 GB) (Free:361.31 GB) NTFS
Drive d: (Recover) (Fixed) (Total:50 GB) (Free:28.21 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 5248D358)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=647.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== Ende von Addition.txt ===========================
         

ANTIVIR

Type:	File
Source:	C:\Users\Beatrix\AppData\Local\Microsoft\Windows Live Mail\Gmx (b_adam)\Junk E-mail\283065F5-00000053.eml
Status:	Infected
Quarantine object:	4a61e8dd.qua
Restored:	NO
Uploaded to Avira:	NO
Operating system:	Windows XP/VISTA Workstation/Windows 7
Search engine:	8.03.36.44
Virus definition file:	8.12.67.122
Detection:	HEUR/Macro.Downloader
Date/Time:	11.03.2016, 07:27


Type:	File
Source:	C:\Users\Beatrix\AppData\Local\Microsoft\Windows Live Mail\Gmx (b_adam)\Junk E-mail\557070C5-00000062.eml
Status:	Infected
Quarantine object:	52fac765.qua
Restored:	NO
Uploaded to Avira:	NO
Operating system:	Windows XP/VISTA Workstation/Windows 7
Search engine:	8.03.36.44
Virus definition file:	8.12.67.122
Detection:	WM/Agent.acj
Date/Time:	11.03.2016, 07:27


Type:	File
Source:	C:\Users\Beatrix\AppData\Local\Microsoft\Windows Live Mail\Gmx (******)\Junk E-mail\1EE23BE5-00000056.eml
Status:	Infected
Quarantine object:	180cb23a.qua
Restored:	NO
Uploaded to Avira:	NO
Operating system:	Windows XP/VISTA Workstation/Windows 7
Search engine:	8.03.36.44
Virus definition file:	8.12.67.122
Detection:	TR/Crypt.ZPACK.Gen4
Date/Time:	11.03.2016, 07:27


Type:	File
Source:	C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe
Status:	Infected
Quarantine object:	7f2d563e.qua
Restored:	NO
Uploaded to Avira:	NO
Operating system:	Windows XP/VISTA Workstation/Windows 7
Search engine:	8.03.34.82
Virus definition file:	8.12.32.46
Detection:	PUA/OpenCandy
Date/Time:	28.11.2015, 15:59


Type:	File
Source:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Free YouTube to MP3 Converter.lnk
Status:	Infected
Quarantine object:	191a1ee8.qua
Restored:	NO
Uploaded to Avira:	NO
Operating system:	Windows XP/VISTA Workstation/Windows 7
Search engine:	8.03.34.82
Virus definition file:	8.12.32.46
Detection:	PUA/OpenCandy
Date/Time:	28.11.2015, 15:59


Type:	File
Source:	C:\WINDOWS\TEMP\0050821446866056mcinst.exe
Status:	Suspicious
Quarantine object:	53e25092.qua
Restored:	NO
Uploaded to Avira:	NO
Operating system:	Windows XP/VISTA Workstation/Windows 7
Search engine:	unknown
Virus definition file:	unknown
Detection:	Suspicious file
Date/Time:	28.11.2015, 15:59


Type:	File
Source:	C:\WINDOWS\TEMP\0222061447433224mcinst.exe
Status:	Suspicious
Quarantine object:	4b707f37.qua
Restored:	NO
Uploaded to Avira:	NO
Operating system:	Windows XP/VISTA Workstation/Windows 7
Search engine:	unknown
Virus definition file:	unknown
Detection:	Suspicious file
Date/Time:	28.11.2015, 15:59


Type:	File
Source:	C:\Users\Beatrix\AppData\Local\Temp\OCS\ocs_v71b.exe
Status:	Infected
Quarantine object:	5349c92c.qua
Restored:	NO
Uploaded to Avira:	NO
Operating system:	Windows XP/VISTA Workstation/Windows 7
Search engine:	8.03.30.00
Virus definition file:	8.11.215.244
Detection:	PUA/DownloadSponsor.Gen
Date/Time:	11.03.2015, 17:19


Type:	File
Source:	C:\Users\Beatrix\Downloads\MediathekView - CHIP-Installer.exe
Status:	Infected
Quarantine object:	536aaf2e.qua
Restored:	NO
Uploaded to Avira:	NO
Operating system:	Windows XP/VISTA Workstation/Windows 7
Search engine:	8.03.30.00
Virus definition file:	8.11.215.244
Detection:	PUA/DownloadSponsor.Gen
Date/Time:	11.03.2015, 13:47


Type:	File
Source:	C:\Users\Beatrix\Downloads\StreamTransport - CHIP-Downloader.exe
Status:	Infected
Quarantine object:	5347ad47.qua
Restored:	NO
Uploaded to Avira:	NO
Operating system:	Windows XP/VISTA Workstation/Windows 7
Search engine:	8.03.30.00
Virus definition file:	8.11.215.244
Detection:	PUA/DownloadSponsor.Gen
Date/Time:	11.03.2015, 13:46