Antivir meldet Verbindungsfehler - Überprüfen Sie Ihre Internetverbindung und Defender lässt sich nicht aktivieren.

cosinus · 21.02.2017, 09:45

Zitat:

Und das sagt mein Defender der sich gemeldet hat:
TrojanDownloader: Win32/Dofoil.T
Trojan: Win32/Matsnu.Q
TrojanDownloader: Win32/Dofoil.T

Diese Angaben sind, ohne die Fundorte zu nennen, sinnfrei...

OhSchreck! · 21.02.2017, 18:21

Der folgende Fehler ist aufgetreten: Fehlercode: 0x80508023. Auf dem Computer wurde keine Schadsoftware oder andere potenziell unerwünschte Software gefunden.

Kategorie: Downloadtrojaner

Beschreibung: Dieses Programm ist gefährlich. Es lädt andere Programme herunter.

Empfohlene Aktion: Entfernen Sie diese Software unverzüglich.

Elemente:
file:C:\Windows\Temp\tmp00002917\tmp000031ca->(UPX)
file:C:\Windows\Temp\tmp00002917\tmp00003252->(UPX)

Online weitere Informationen zu diesem Element abrufen

cosinus · 22.02.2017, 10:14

Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!

1. Schritt: adwCleaner

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

OhSchreck! · 22.02.2017, 12:00

Code:

ATTFilter

# AdwCleaner v6.043 - Bericht erstellt am 22/02/2017 um 11:35:19
# Aktualisiert am 27/01/2017 von Malwarebytes
# Datenbank : 2017-01-27.1 [Lokal]
# Betriebssystem : Windows 10 Home  (X64)
# Benutzername : Thomas Keune - THOMASKEUNE-PC
# Gestartet von : C:\Users\Thomas Keune\Desktop\AdwCleaner_6.043.exe
# Modus: Suchlauf
# Unterstützung : https://www.malwarebytes.com/support



***** [ Dienste ] *****

Keine schädlichen Dienste gefunden.


***** [ Ordner ] *****

Keine schädlichen Ordner gefunden.


***** [ Dateien ] *****

Keine schädlichen Dateien gefunden.


***** [ DLL ] *****

Keine infizierten DLLs gefunden.


***** [ WMI ] *****

Keine schädlichen Schlüssel gefunden.


***** [ Verknüpfungen ] *****

Keine infizierten Verknüpfungen gefunden.


***** [ Aufgabenplanung ] *****

Keine schädlichen Aufgaben gefunden.


***** [ Registrierungsdatenbank ] *****

Keine schädlichen Elemente in der Registrierungsdatenbank gefunden.


***** [ Internetbrowser ] *****

Keine schädlichen Elemente in Firefox basierten Browsern gefunden.
Keine schädlichen Elemente in Chrome basierten Browsern gefunden.

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [5955 Bytes] - [20/02/2017 16:50:21]
C:\AdwCleaner\AdwCleaner[S0].txt - [5700 Bytes] - [20/02/2017 16:46:13]
C:\AdwCleaner\AdwCleaner[S1].txt - [1352 Bytes] - [22/02/2017 11:35:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1425 Bytes] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Home x64 
Ran by Thomas Keune (Administrator) on 22.02.2017 at 11:45:13,24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 1 

Successfully deleted: C:\Users\Thomas Keune\AppData\Local\crashrpt (Folder) 



Registry: 0 





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.02.2017 at 11:50:47,58
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

cosinus · 22.02.2017, 12:08

Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Untersuchen klicken

OhSchreck! · 22.02.2017, 21:49

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 22-02-2017 01
durchgeführt von Thomas Keune (Administrator) auf THOMASKEUNE-PC (22-02-2017 21:40:10)
Gestartet von C:\Users\Thomas Keune\Desktop
Geladene Profile: Thomas Keune (Verfügbare Profile: Thomas Keune)
Platform: Windows 10 Home Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Realtek) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
(Microsoft) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWLan.exe
(REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\Program Files (x86)\TVG\OnlineUpdate\OnlineUpdateSvc.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
() C:\Program Files (x86)\Music Recorder\Music Recorder 2016\AudialsNotifier.exe
(Oracle Corporation) C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2start.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.693_none_42ff55c9655f38bf\TiWorker.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [8154184 2017-02-06] (Emsisoft Ltd)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-10-14] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [%RunKey%] => C:\Program Files (x86)\FRITZ!vox\FRITZ!vox.exe [1515520 2007-07-26] (AVM Berlin)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2014-03-18] (shbox.de)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4127488 2015-06-16] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\Run: [AudialsNotifier] => C:\Program Files (x86)\Music Recorder\Music Recorder 2016\AudialsNotifier.exe [4535192 2016-07-01] ()
HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-21] (Piriform Ltd)
HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\RunOnce: [Uninstall C:\Users\Thomas Keune\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Thomas Keune\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64"
HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\Policies\system: [DisableLockWorkstation] 0
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-12-13] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-12-13] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-12-13] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-12-13] (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Das Telefonbuch Browserlösung.lnk [2016-01-13]
ShortcutTarget: Das Telefonbuch Browserlösung.lnk -> C:\Program Files (x86)\TVG\DasTelefonbuch Deutschland\http_tfd.exe (TVG Telefon-und Verzeichnisverlag GmbH & Co. KG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FriFax32 - Verknüpfung.lnk [2012-04-15]
ShortcutTarget: FriFax32 - Verknüpfung.lnk -> C:\Program Files (x86)\FRITZ!\FriFax32.exe (AVM Berlin)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\JFritz.lnk [2017-01-04]
ShortcutTarget: JFritz.lnk -> C:\Program Files (x86)\JFritz2\jfritz.exe ()
Startup: C:\Users\Thomas Keune\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jfritz.jar - Verknüpfung.lnk [2017-01-17]
ShortcutTarget: jfritz.jar - Verknüpfung.lnk -> C:\Program Files (x86)\JFritz2\jfritz.jar ()

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

ProxyEnable: [S-1-5-21-4016997756-889063991-563976297-1000] => Proxy ist aktiviert.
ProxyServer: [S-1-5-21-4016997756-889063991-563976297-1000] => http=127.0.0.1:8082;https=127.0.0.1:8082
Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll => Keine Datei 
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{5d1d9579-e842-492c-88e3-58021255ae65}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{d7841ead-ff00-46b7-9c07-9808ea9293f2}: [DhcpNameServer] 192.168.178.1
ManualProxies: 1http=127.0.0.1:8082;https=127.0.0.1:8082

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\S-1-5-21-4016997756-889063991-563976297-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4016997756-889063991-563976297-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4016997756-889063991-563976297-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-4016997756-889063991-563976297-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-14] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-14] (Oracle Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2010-05-28] (Hewlett-Packard Co.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-14] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-14] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2010-05-28] (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Recorder Toolbar - {120A8821-2BEE-4C29-BCDA-62C577781992} - C:\Program Files (x86)\MedienTeam66\MP3 Recorder for YouTube\IEPlugin.dll [2011-12-29] (MedienTeam66)
Toolbar: HKLM-x32 - NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files (x86)\Xi\NetXfer\NXToolBar.dll [2010-11-07] (Xi)
Toolbar: HKU\S-1-5-21-4016997756-889063991-563976297-1000 -> Kein Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  Keine Datei
DPF: HKLM-x32 {39ED5386-A900-4D6C-B564-20BFDE5402CF} hxxp://www.medion.com/de/service/download/MEDION_Treibersuche.ocx
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF ProfilePath: C:\Users\Thomas Keune\AppData\Roaming\Mozilla\Firefox\Profiles\1t3lmzvm.default-1486818187624 [2017-02-22]
FF Homepage: Mozilla\Firefox\Profiles\1t3lmzvm.default-1486818187624 -> google.de/
FF NetworkProxy: Mozilla\Firefox\Profiles\1t3lmzvm.default-1486818187624 -> type", 4
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\Thomas Keune\AppData\Roaming\Mozilla\Firefox\Profiles\1t3lmzvm.default-1486818187624\features\{db31db75-02c4-4c1f-8046-7897fc843a9b}\disableSHA1rollout@mozilla.org.xpi [2017-02-19]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-03-09] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox
FF Extension: (Freemake Video Downloader Plugin) - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox [2014-03-13] [ist nicht signiert]
FF HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\Firefox\Extensions: [mail@shopping-preise.de] - C:\Users\Thomas Keune\AppData\Roaming\Mozilla\Firefox\Profiles\mic35z32.default\extensions\mail@shopping-preise.de => nicht gefunden
FF HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: (McAfee Security Scan Plus) - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] [ist nicht signiert]
FF HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Thomas Keune\AppData\Roaming\Mozilla\Firefox\Profiles\zxjx6lop.default-1409585167823\extensions\cliqz@cliqz.com => nicht gefunden
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-28] ()
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-14] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [Keine Datei]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [Keine Datei]
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [Keine Datei]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-28] ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Windows\system32\C2MP\npdivx32.dll [Keine Datei]
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-14] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-01-20] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-01-20] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [9483200 2017-02-06] (Emsisoft Ltd)
S2 chip1click; C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe [91136 2016-10-27] (Chip Digital GmbH) [Datei ist nicht signiert]
R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [514128 2012-03-19] (REINER SCT)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [41576 2016-10-24] (Dropbox, Inc.)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [8704 2011-11-17] (Microsoft) [Datei ist nicht signiert]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [Datei ist nicht signiert]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-02-08] (Hewlett-Packard) [Datei ist nicht signiert]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [464440 2017-01-20] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-12] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-01-20] (NVIDIA Corporation)
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1716264 2014-04-17] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-04-17] (pdfforge GmbH)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-02-08] (Hewlett-Packard) [Datei ist nicht signiert]
R2 Realtek11nSU; C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) [Datei ist nicht signiert]
R2 TVGOnlineUpdateSvc; C:\Program Files (x86)\TVG\OnlineUpdate\OnlineUpdateSvc.exe [401256 2015-02-09] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S2 DigitalWave.Update.Service; "C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe" [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 cjusb; C:\Windows\system32\DRIVERS\cjusb.sys [34672 2011-03-29] (REINER SCT)
R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [124552 2016-11-23] (Emsisoft Ltd)
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [39248 2012-06-09] (Paragon Software Group)
R1 HssDRV6; C:\Windows\system32\DRIVERS\hssdrv6.sys [46280 2013-02-22] (AnchorFree Inc.)
S3 IAMTVE; C:\Windows\system32\drivers\IAMTVE.sys [43416 2010-12-17] (Intel Corporation)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2017-02-22] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R1 MpKslbbc0000f; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{74504CD3-497A-413E-A67D-A4F5BFD4D598}\MpKslbbc0000f.sys [44928 2017-02-22] (Microsoft Corporation)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvmoi.inf_amd64_bab0214c8bd45ad2\nvlddmkm.sys [14427064 2017-01-21] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-01-20] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [46016 2017-01-20] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57792 2017-01-20] (NVIDIA Corporation)
R3 taphss6; C:\Windows\System32\drivers\taphss6.sys [42184 2013-01-20] (Anchorfree Inc.)
R1 UimBus; C:\Windows\System32\drivers\uimx64.sys [90960 2012-06-09] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633296 2012-06-09] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [389968 2012-06-09] (Paragon)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U3 aspnet_state; kein ImagePath
S3 cpuz139; \??\C:\Users\THOMAS~1\AppData\Local\Temp\cpuz139\cpuz139_x64.sys [X] <==== ACHTUNG
S3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-02-22 21:39 - 2017-02-22 21:39 - 02423296 _____ (Farbar) C:\Users\Thomas Keune\Desktop\FRST64.exe
2017-02-22 21:33 - 2017-02-22 21:33 - 00000000 ____D C:\Users\Thomas Keune\AppData\Local\CrashRpt
2017-02-22 11:07 - 2017-02-22 11:07 - 00000000 ____D C:\Users\Thomas Keune\Downloads\Notfall_DVD_10_Free
2017-02-22 08:32 - 2017-02-22 11:12 - 00000000 ____D C:\KVRT_Data
2017-02-22 08:25 - 2017-02-22 08:32 - 109283160 _____ (Kaspersky Lab ZAO) C:\Users\Thomas Keune\Downloads\KVRT.exe
2017-02-22 08:21 - 2017-02-22 08:40 - 1310308696 _____ C:\Users\Thomas Keune\Downloads\Notfall_DVD_10_Free.zip
2017-02-22 07:08 - 2017-02-22 07:08 - 00006046 _____ C:\Users\Thomas Keune\Documents\cc_20170222_070843.reg
2017-02-21 21:52 - 2017-02-21 21:53 - 106623920 _____ (Microsoft Corporation) C:\Users\Thomas Keune\Downloads\msoloc2010-kb2956076-fullfile-x86-glb.exe
2017-02-21 21:48 - 2017-02-21 21:49 - 01405520 _____ (Microsoft Corporation) C:\Users\Thomas Keune\Downloads\exppdf2010-kb3055047-fullfile-x86-glb.exe
2017-02-21 20:20 - 2017-02-21 20:21 - 00848064 _____ (IDG Magazine Media GmbH ) C:\Users\Thomas Keune\Downloads\pcwFixWindowsUpdate.exe
2017-02-21 06:17 - 2017-02-21 06:17 - 00000000 ____D C:\Users\Thomas Keune\Documents\Virensuche
2017-02-21 06:01 - 2017-02-21 06:15 - 00086974 _____ C:\TDSSKiller.3.1.0.12_21.02.2017_06.01.19_log.txt
2017-02-20 23:15 - 2017-02-20 23:21 - 00087644 _____ C:\TDSSKiller.3.1.0.12_20.02.2017_23.15.34_log.txt
2017-02-20 21:24 - 2017-02-21 06:30 - 148750096 _____ (Microsoft Corporation) C:\Users\Thomas Keune\Downloads\msert(1).exe
2017-02-20 18:12 - 2017-02-21 05:53 - 00000000 ____D C:\Users\Thomas Keune\AppData\Local\ESET
2017-02-20 18:11 - 2017-02-20 18:12 - 06776960 _____ (ESET spol. s r.o.) C:\Users\Thomas Keune\Downloads\ESETOnlineScanner_DEU.exe
2017-02-20 18:09 - 2017-02-20 18:09 - 00054620 _____ C:\Users\Thomas Keune\Documents\cc_20170220_180907.reg
2017-02-20 17:53 - 2017-02-20 17:53 - 00000000 ____D C:\Program Files (x86)\ESET
2017-02-20 17:32 - 2017-02-20 17:52 - 02870984 _____ (ESET) C:\Users\Thomas Keune\Downloads\esetsmartinstaller_deu.exe
2017-02-20 17:10 - 2017-02-22 11:50 - 00000632 _____ C:\Users\Thomas Keune\Desktop\JRT.txt
2017-02-20 17:01 - 2017-02-20 17:04 - 01663040 _____ (Malwarebytes) C:\Users\Thomas Keune\Downloads\JRT.exe
2017-02-20 16:41 - 2017-02-22 11:35 - 00000000 ____D C:\AdwCleaner
2017-02-20 16:40 - 2017-02-20 16:41 - 04015056 _____ C:\Users\Thomas Keune\Downloads\AdwCleaner_6.043.exe
2017-02-20 16:07 - 2017-02-20 16:07 - 00000000 ____D C:\Users\Thomas Keune\Desktop\FRST-OlderVersion
2017-02-20 09:23 - 2017-02-22 21:11 - 00000000 ____D C:\Windows\Microsoft Antimalware
2017-02-20 09:02 - 2017-02-20 09:04 - 47683808 _____ (Microsoft Corporation) C:\Users\Thomas Keune\Downloads\Windows-KB890830-x64-V5.44.exe
2017-02-16 08:33 - 2017-02-16 08:49 - 00087426 _____ C:\TDSSKiller.3.1.0.12_16.02.2017_08.33.24_log.txt
2017-02-15 16:36 - 2017-02-15 16:41 - 00087434 _____ C:\TDSSKiller.3.1.0.12_15.02.2017_16.36.49_log.txt
2017-02-15 16:32 - 2017-02-15 16:35 - 00010384 _____ C:\TDSSKiller.3.1.0.12_15.02.2017_16.32.33_log.txt
2017-02-15 15:12 - 2017-02-15 16:32 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Thomas Keune\Desktop\tdsskiller.exe
2017-02-15 15:12 - 2017-02-15 15:13 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Thomas Keune\Desktop\mbar-1.09.3.1001.exe
2017-02-15 09:25 - 2017-02-15 09:25 - 00000000 ____D C:\Users\Thomas Keune\AppData\Local\Chromium
2017-02-15 09:23 - 2017-01-20 19:39 - 00156608 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2017-02-15 09:23 - 2017-01-20 19:39 - 00124352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-02-15 09:23 - 2017-01-20 19:39 - 00057792 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2017-02-15 09:23 - 2017-01-20 14:36 - 00001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2017-02-15 08:36 - 2017-02-15 10:52 - 253966464 _____ C:\Users\Thomas Keune\Downloads\avira_antivirus_de-de.exe
2017-02-15 08:34 - 2017-02-15 08:34 - 02983904 _____ (Avira Operations GmbH & Co. KG) C:\Users\Thomas Keune\Downloads\avira_registry_cleaner_de(2).exe
2017-02-15 08:33 - 2017-02-15 12:24 - 02983904 _____ (Avira Operations GmbH & Co. KG) C:\Users\Thomas Keune\Downloads\avira_registry_cleaner_de(1).exe
2017-02-14 22:24 - 2017-02-14 22:24 - 00681536 _____ (O&O Software GmbH) C:\Users\Thomas Keune\Downloads\OOSU10.exe
2017-02-14 21:02 - 2017-02-20 16:13 - 00084452 _____ C:\Users\Thomas Keune\Desktop\Addition.txt
2017-02-14 20:59 - 2017-02-22 21:42 - 00028141 _____ C:\Users\Thomas Keune\Desktop\FRST.txt
2017-02-14 20:58 - 2017-02-22 21:40 - 00000000 ____D C:\FRST
2017-02-14 17:49 - 2017-02-14 18:16 - 00000000 ____D C:\ProgramData\Emsisoft
2017-02-14 17:49 - 2017-02-14 17:49 - 00000901 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2017-02-14 17:48 - 2017-02-22 21:33 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2017-02-14 17:45 - 2017-02-14 17:48 - 242868632 _____ (Emsisoft Ltd. ) C:\Users\Thomas Keune\Downloads\EmsisoftAntiMalwareSetup(1).exe
2017-02-14 17:32 - 2017-02-14 17:32 - 00108673 _____ C:\Users\Thomas Keune\Desktop\EmsiClean_2017.02.14_17.32.26.txt
2017-02-14 17:31 - 2017-02-14 17:31 - 00641240 _____ (Emsisoft Ltd) C:\Users\Thomas Keune\Desktop\emsiclean.exe
2017-02-14 16:51 - 2017-02-14 16:51 - 00000000 __SHD C:\found.001
2017-02-14 15:38 - 2017-02-14 16:00 - 242868632 _____ (Emsisoft Ltd. ) C:\Users\Thomas Keune\Downloads\EmsisoftAntiMalwareSetup.exe
2017-02-14 10:31 - 2017-02-14 10:31 - 04713984 _____ (Geza Kovacs) C:\Users\Thomas Keune\Downloads\unetbootin-windows-625.exe
2017-02-14 10:07 - 2017-02-20 16:49 - 00000000 ____D C:\ProgramData\Lavasoft
2017-02-14 10:07 - 2017-02-14 10:15 - 702468096 _____ C:\Users\Thomas Keune\Downloads\rescue916-system.iso
2017-02-14 09:35 - 2017-02-14 09:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2017-02-14 09:31 - 2017-02-14 09:31 - 00000000 __RHD C:\MSOCache
2017-02-14 08:55 - 2017-02-15 09:24 - 00003884 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-14 08:55 - 2017-02-15 09:23 - 00003894 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-14 08:55 - 2017-02-15 09:23 - 00003866 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-14 08:55 - 2017-02-15 09:23 - 00003858 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-14 08:55 - 2017-02-15 09:23 - 00003696 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-14 08:55 - 2017-02-15 09:23 - 00003654 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-14 08:54 - 2017-02-14 08:54 - 00002170 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2017-02-14 08:54 - 2017-01-20 15:07 - 00134080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-02-14 08:53 - 2017-02-14 08:53 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-14 08:53 - 2017-01-20 17:38 - 00514616 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2017-02-14 08:53 - 2017-01-20 17:38 - 00420408 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2017-02-14 08:53 - 2017-01-20 16:13 - 00548800 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2017-02-14 08:53 - 2017-01-20 16:13 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2017-02-14 08:53 - 2017-01-20 15:07 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2017-02-14 08:53 - 2016-12-16 01:33 - 00273696 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-02-14 08:53 - 2016-12-16 01:33 - 00266528 _____ C:\Windows\system32\vulkan-1.dll
2017-02-14 08:53 - 2016-12-16 01:33 - 00111392 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-02-14 08:53 - 2016-12-16 01:32 - 00125728 _____ C:\Windows\system32\vulkaninfo.exe
2017-02-14 08:50 - 2017-01-24 01:00 - 00047664 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 40192056 _____ C:\Windows\system32\nvcompiler.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 35272760 _____ C:\Windows\SysWOW64\nvcompiler.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 34974656 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 28239928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 19008576 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 14677272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 11123936 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 11019192 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 09308896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 08990584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 04079032 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 03597640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 03167288 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 02715072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 01985080 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437849.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 01591352 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437849.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 01051584 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 00988608 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 00960568 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 00909760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 00687224 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 00576192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2017-02-14 08:50 - 2017-01-20 17:38 - 00000669 _____ C:\Windows\system32\nv-vk64.json
2017-02-14 08:46 - 2017-02-14 09:01 - 04581024 _____ (Avira Operations GmbH & Co. KG) C:\Users\Thomas Keune\Downloads\avira_de_isec0_58a2b5e13e36d__wsd.exe
2017-02-14 08:34 - 2017-02-14 08:34 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-02-14 08:33 - 2017-02-14 08:46 - 398382600 _____ (NVIDIA Corporation) C:\Users\Thomas Keune\Downloads\378.49-desktop-win10-64bit-international-whql.exe
2017-02-14 08:27 - 2017-02-14 08:28 - 00739392 _____ (Oracle Corporation) C:\Users\Thomas Keune\Downloads\JavaSetup8u121.exe
2017-02-14 08:24 - 2017-02-14 08:23 - 00110144 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll
2017-02-14 08:21 - 2017-02-14 08:21 - 01181390 _____ C:\Users\Thomas Keune\Documents\cc_20170214_082136.reg
2017-02-13 22:43 - 2017-02-14 08:54 - 00000000 ____D C:\Windows\LastGood
2017-02-13 21:53 - 2017-02-13 21:53 - 01201256 _____ (Adobe Systems Incorporated) C:\Users\Thomas Keune\Downloads\flashplayer24au_ha_install(1).exe
2017-02-13 21:52 - 2017-02-13 22:11 - 00000000 ____D C:\Windows\LastGood.Tmp
2017-02-13 21:19 - 2017-02-13 21:27 - 00000000 ____D C:\Users\Thomas Keune\Downloads\CHIP_Update_Pack_Windows_10_64_Bit_Jan
2017-02-13 20:21 - 2017-02-13 21:19 - 160718565 _____ C:\Users\Thomas Keune\Downloads\CHIP_Update_Pack_Windows_10_64_Bit_Jan.zip
2017-02-13 16:14 - 2017-02-13 16:14 - 00000000 ____D C:\$WINDOWS.~BT
2017-02-13 13:33 - 2017-02-13 13:33 - 00000000 ___HD C:\$SysReset
2017-02-10 08:41 - 2017-02-15 09:23 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-03 18:55 - 2017-02-03 19:24 - 63184896 _____ C:\Users\Thomas Keune\Downloads\calibre-2.78.0.msi
2017-02-03 14:58 - 2017-02-03 14:58 - 00035784 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2017-02-03 09:06 - 2017-02-03 09:06 - 00000000 ____D C:\Users\Thomas Keune\Downloads\MediathekView-13.0.1
2017-02-03 09:05 - 2017-02-03 09:05 - 27674457 _____ C:\Users\Thomas Keune\Downloads\MediathekView-13.0.1.zip
2017-01-31 21:15 - 2017-01-31 21:15 - 00082348 _____ C:\Users\Thomas Keune\Downloads\CheapTickets.de - E-ticket CDE-3125487.zip
2017-01-31 21:15 - 2017-01-31 21:15 - 00042295 _____ C:\Users\Thomas Keune\Downloads\CheapTickets.de - Bestätigung Ihrer Reservierung CDE-3125487.zip
2017-01-31 21:11 - 2017-01-31 21:11 - 00050990 _____ C:\Users\Thomas Keune\Downloads\JP793, FRA-TIA, 17NOV16, 08_55, GTB59, S13A, Mobile Boarding Pass.zip
2017-01-28 11:16 - 2016-12-21 08:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2017-01-28 11:16 - 2016-12-21 05:44 - 00120320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2017-01-26 11:31 - 2017-01-26 11:31 - 01995824 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437667.dll
2017-01-26 11:31 - 2017-01-26 11:31 - 01600048 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437667.dll

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-02-22 21:40 - 2016-10-14 03:32 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-22 21:37 - 2016-11-07 11:48 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-22 21:36 - 2016-11-22 15:29 - 00000000 ____D C:\Users\Thomas Keune\AppData\LocalLow\Mozilla
2017-02-22 21:33 - 2012-04-15 16:43 - 00000000 ____D C:\Users\Thomas Keune\AppData\Roaming\JFritz
2017-02-22 21:33 - 2011-12-29 14:27 - 00000000 ____D C:\Users\Thomas Keune\AppData\Local\FreePDF_XP
2017-02-22 21:32 - 2014-10-25 13:22 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-22 21:29 - 2016-10-14 04:07 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-22 21:29 - 2016-10-14 03:29 - 00000000 ____D C:\Windows\system32\SleepStudy
2017-02-22 21:15 - 2016-07-16 12:45 - 00000000 ____D C:\Windows\INF
2017-02-22 12:02 - 2016-07-16 07:04 - 01310720 _____ C:\Windows\system32\config\BBI
2017-02-22 07:04 - 2016-10-21 15:11 - 00000000 ____D C:\Windows\Minidump
2017-02-22 07:04 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\LiveKernelReports
2017-02-21 20:54 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\system32\NDF
2017-02-21 18:37 - 2011-12-24 10:35 - 00000000 ____D C:\Users\Thomas Keune\AppData\Local\FRITZ!
2017-02-21 06:53 - 2015-02-14 12:52 - 00000000 ____D C:\Users\Thomas Keune\Documents\Visaanträge
2017-02-21 05:59 - 2014-01-14 06:59 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-02-21 05:55 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\AppReadiness
2017-02-21 05:52 - 2014-05-30 08:36 - 00000000 ____D C:\Windows\PixArt
2017-02-20 23:05 - 2011-12-27 09:00 - 00000000 ____D C:\Users\Thomas Keune\AppData\Roaming\DVDVideoSoft
2017-02-20 22:27 - 2011-12-25 13:19 - 00000000 ____D C:\Users\Thomas Keune\Documents\Calibre Library
2017-02-20 19:49 - 2016-09-20 20:02 - 00000000 ____D C:\Users\Thomas Keune\Documents\Scheidung-Alida
2017-02-20 18:03 - 2013-04-07 09:21 - 00000000 ____D C:\Users\Thomas Keune\AppData\Local\CrashDumps
2017-02-20 16:33 - 2014-01-14 06:58 - 00000000 ____D C:\Users\Thomas Keune\Desktop\mbar
2017-02-20 09:38 - 2011-03-14 15:08 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-19 21:24 - 2016-12-13 20:18 - 00000000 ____D C:\Users\Thomas Keune\Documents\Sicherung VR-Networld
2017-02-19 21:24 - 2011-12-23 20:07 - 00000000 ____D C:\Users\Public\Documents\VR-NetWorld
2017-02-19 20:00 - 2016-01-02 06:52 - 00000000 ____D C:\Users\Thomas Keune\Documents\Bestellungen
2017-02-19 19:10 - 2016-11-09 01:17 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-15 13:44 - 2016-11-06 18:29 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2017-02-15 13:34 - 2016-03-13 16:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-02-15 13:34 - 2015-12-30 11:31 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-15 13:34 - 2014-11-01 17:24 - 00000000 ____D C:\Users\Thomas Keune\AppData\Roaming\Avira
2017-02-15 11:59 - 2016-07-16 07:04 - 00032768 _____ C:\Windows\system32\config\ELAM
2017-02-15 11:58 - 2014-01-13 06:43 - 00000000 ____D C:\Windows\pss
2017-02-15 09:27 - 2016-07-16 23:51 - 01275756 _____ C:\Windows\system32\perfh007.dat
2017-02-15 09:27 - 2016-07-16 23:51 - 00321052 _____ C:\Windows\system32\perfc007.dat
2017-02-15 09:27 - 2016-01-06 20:25 - 02965156 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-15 09:26 - 2015-03-22 15:30 - 00000000 ____D C:\Users\Thomas Keune\AppData\Local\NVIDIA
2017-02-15 09:25 - 2016-10-14 03:31 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-15 09:25 - 2015-03-22 15:31 - 00000000 ____D C:\Users\Thomas Keune\AppData\Local\NVIDIA Corporation
2017-02-15 09:25 - 2015-03-22 15:30 - 00001449 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-02-15 09:23 - 2016-10-14 03:31 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-15 07:49 - 2016-03-22 11:41 - 00000424 _____ C:\Users\Thomas Keune\Desktop\Dieser PC - Verknüpfung.lnk
2017-02-15 07:20 - 2012-10-06 15:01 - 00000000 ____D C:\Users\Thomas Keune\MEDION NAS TOOL
2017-02-14 17:49 - 2013-08-19 14:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2017-02-14 17:16 - 2016-10-14 03:38 - 00000000 ____D C:\Users\Thomas Keune
2017-02-14 14:33 - 2016-07-14 20:03 - 00000000 ____D C:\Users\Thomas Keune\Documents\alida@keune.info
2017-02-14 09:45 - 2016-10-14 03:29 - 00399824 _____ C:\Windows\system32\FNTCACHE.DAT
2017-02-14 08:54 - 2015-03-22 15:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-14 08:43 - 2016-04-09 17:44 - 04734128 _____ (Avira Operations GmbH & Co. KG) C:\Users\Thomas Keune\Downloads\avira_de_avpn0_570931d1a801d__ws.exe
2017-02-14 08:42 - 2016-04-15 07:21 - 04734128 _____ (Avira Operations GmbH & Co. KG) C:\Users\Thomas Keune\Downloads\avira_de_ispm0_3017605605_6e4tda59yy4v1w5mn34a_wd.exe
2017-02-14 08:42 - 2014-10-23 14:38 - 168004048 _____ C:\Users\Thomas Keune\Downloads\avira_antivirus_pro_de.exe
2017-02-14 08:37 - 2013-12-18 09:58 - 00000000 ____D C:\ProgramData\Oracle
2017-02-14 08:34 - 2013-12-18 09:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-02-14 08:33 - 2011-12-25 22:15 - 00000000 ____D C:\Program Files (x86)\Java
2017-02-14 08:23 - 2016-11-06 20:55 - 00000000 ____D C:\Program Files\Java
2017-02-14 08:23 - 2016-02-04 16:09 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2017-02-13 23:02 - 2016-11-06 16:44 - 04479640 _____ (Avira Operations GmbH & Co. KG) C:\Users\Thomas Keune\Downloads\avira_de_asu60_581f4fd2262c1__ws.exe
2017-02-13 23:01 - 2016-11-06 19:19 - 04479640 _____ (Avira Operations GmbH & Co. KG) C:\Users\Thomas Keune\Downloads\avira_de_issudl_581f4fd2262c1__wsd.exe
2017-02-13 22:40 - 2016-04-15 07:29 - 00000000 ____D C:\Users\Thomas Keune\AppData\Local\Avira
2017-02-13 21:30 - 2011-12-26 10:12 - 00000000 ____D C:\Users\Thomas Keune\AppData\Local\ElevatedDiagnostics
2017-02-13 21:29 - 2016-11-08 20:35 - 00000006 _____ C:\ScrubRetValFile.txt
2017-02-13 21:16 - 2015-10-30 19:44 - 00000000 ____D C:\Windows\ShellNew
2017-02-13 16:14 - 2016-10-14 04:26 - 00000000 ___DC C:\Windows\Panther
2017-02-13 16:08 - 2016-10-14 04:09 - 00001908 _____ C:\Windows\diagwrn.xml
2017-02-13 16:08 - 2016-10-14 04:09 - 00001908 _____ C:\Windows\diagerr.xml
2017-02-13 16:04 - 2016-07-16 12:36 - 00000000 ____D C:\Windows\CbsTemp
2017-02-13 13:46 - 2016-11-22 17:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-02-13 13:46 - 2012-05-04 03:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-12 19:56 - 2016-10-14 03:38 - 00000000 ____D C:\Users\DefaultAppPool
2017-02-12 19:51 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\registration
2017-02-12 18:28 - 2011-12-26 13:36 - 00000000 ____D C:\Users\Thomas Keune\Desktop\Briefe
2017-02-11 14:32 - 2016-12-01 08:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-11 14:03 - 2013-05-19 13:08 - 00000000 ____D C:\Users\Thomas Keune\Desktop\Alte Firefox-Daten
2017-02-10 18:42 - 2016-11-06 10:53 - 00000000 ____D C:\Users\Thomas Keune\Downloads\Musik
2017-02-03 19:59 - 2012-01-21 12:20 - 00000000 ____D C:\Users\Thomas Keune\Documents\Briefe
2017-02-03 19:26 - 2016-11-14 08:37 - 00000000 ____D C:\Program Files (x86)\Calibre2
2017-02-03 19:26 - 2015-07-03 06:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2017-02-03 19:26 - 2014-01-18 10:33 - 00000993 _____ C:\Users\Public\Desktop\calibre - E-book management.lnk
2017-02-03 09:07 - 2014-02-17 09:42 - 00000000 ____D C:\Users\Thomas Keune\.mediathek3
2017-01-31 20:02 - 2016-11-06 10:44 - 00000935 _____ C:\Users\Thomas Keune\Desktop\Video Downloader Ultimate.lnk
2017-01-31 20:02 - 2016-11-06 10:44 - 00000000 _____ C:\Users\Thomas Keune\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video Downloader Ultimate.lnk
2017-01-24 01:00 - 2015-04-16 19:03 - 00217528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2017-01-24 01:00 - 2015-04-16 07:19 - 01600056 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-01-26 19:41 - 2015-12-30 11:29 - 0000000 _____ () C:\Users\Thomas Keune\AppData\Roaming\Basic Synth
2012-04-15 16:43 - 2013-01-14 10:51 - 0000000 _____ () C:\Users\Thomas Keune\AppData\Roaming\JFritz.lock
2012-01-26 12:08 - 2012-01-26 12:08 - 0033134 _____ () C:\Users\Thomas Keune\AppData\Roaming\UserTile.png
2014-10-26 17:51 - 2017-01-02 14:58 - 0003584 _____ () C:\Users\Thomas Keune\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-22 13:03 - 2015-11-22 13:03 - 0000036 _____ () C:\Users\Thomas Keune\AppData\Local\housecall.guid.cache
2017-01-02 23:01 - 2017-01-02 23:01 - 0000600 _____ () C:\Users\Thomas Keune\AppData\Local\PUTTY.RND
2015-04-27 12:44 - 2015-04-27 12:44 - 0002065 _____ () C:\Users\Thomas Keune\AppData\Local\recently-used.xbel
2012-10-11 08:33 - 2016-05-10 05:58 - 0000040 ___SH () C:\ProgramData\.zreglib
2013-02-25 18:01 - 2013-02-25 18:01 - 0000057 _____ () C:\ProgramData\Ament.ini
2016-10-14 03:32 - 2016-10-14 03:32 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2012-01-22 12:40 - 2016-11-07 07:42 - 0006058 _____ () C:\ProgramData\hpzinstall.log
2014-01-26 19:41 - 2015-12-30 11:29 - 0000000 ____H () C:\ProgramData\PKP_DLeo.DAT
2014-01-26 19:42 - 2015-12-30 11:28 - 0000000 ____H () C:\ProgramData\PKP_DLes.DAT
2014-01-26 19:42 - 2016-11-08 19:52 - 0000000 ____H () C:\ProgramData\PKP_DLet.DAT
2014-01-26 19:42 - 2016-11-08 19:52 - 0000000 ____H () C:\ProgramData\PKP_DLev.DAT

ZeroAccess:
C:\Users\Thomas Keune\AppData\Local\13d278f4

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\Thomas Keune\fritzDummy.reg


==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-02-15 08:07

==================== Ende von FRST.txt ============================

OhSchreck! · 22.02.2017, 21:55

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 22-02-2017 01
durchgeführt von Thomas Keune (22-02-2017 21:43:11)
Gestartet von C:\Users\Thomas Keune\Desktop
Windows 10 Home Version 1607 (X64) (2016-10-14 03:12:07)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-4016997756-889063991-563976297-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4016997756-889063991-563976297-503 - Limited - Disabled)
Gast (S-1-5-21-4016997756-889063991-563976297-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4016997756-889063991-563976297-1002 - Limited - Enabled)
Thomas Keune (S-1-5-21-4016997756-889063991-563976297-1000 - Administrator - Enabled) => C:\Users\Thomas Keune

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Emsisoft Anti-Malware (Enabled - Up to date) {701CB209-EBBC-AADC-11E6-DE73E7AF4C9D}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {CB7D53ED-CD86-A552-2B56-E5019C280620}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
8000A809 (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
8000A809_eDocs (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
8000A809_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
AKVIS Magnifier (HKLM-x32\...\{9FDD51C9-F7AA-40AF-A4FF-0500E45E4A06}) (Version: 5.5.967.8527 - AKVIS)
Ansel (Version: 378.49 - NVIDIA Corporation) Hidden
Apple Application Support (32-Bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version:  - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version:  - AVM Berlin)
AVM FRITZ!Box Monitor (HKLM-x32\...\AVMFBoxMonitor) (Version:  - AVM Berlin)
AVM FRITZ!fax für FRITZ!Box (HKLM-x32\...\FRITZ! 2.0) (Version:  - AVM Berlin)
AVM FRITZ!vox (HKLM-x32\...\AVMFBoxAnswerMachine) (Version:  - AVM Berlin)
AVM ISDN TAPI Services for CAPI (HKLM-x32\...\AVM ISDN TAPI Services) (Version:  - )
BMWi-Businessplaner Gründung (HKLM-x32\...\BMWiBusinessplanerGruenden) (Version: 1.0.1 - UNKNOWN)
BMWi-Businessplaner Gründung (x32 Version: 1.0.1 - UNKNOWN) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
calibre (HKLM-x32\...\{BDE6D02A-86B7-4D4C-8248-7705C1C0CC79}) (Version: 2.78.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform)
chip 1-click download service (HKLM-x32\...\{503CA94E-0834-4CEE-AD92-BA17AF4E809A}) (Version: 3.6.9.0 - Chip Digital GmbH)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
COMPUTER BILD Spionage-Stopper 2017 für Windows 10 (HKLM-x32\...\{F9565211-5480-408D-BC7C-1FE7B8366ACE}_is1) (Version: 2.0.0.1 - pXc-coding.com)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
CoreAAC Audio Decoder (remove only) (HKLM-x32\...\CoreAAC Audio Decoder) (Version:  - )
cyberJack Base Components (HKLM-x32\...\{FC338210-F594-11D3-BA24-00001C3AB4DF}) (Version: 6.10.0 - REINER SCT)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3418 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.)
CyberLink PowerDVD Copy (HKLM-x32\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.3726 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Das Telefonbuch Deutschland (HKLM-x32\...\DasTelefonbuch Deutschland) (Version:  - TVG Telefonbuch- und Verzeichnisverlag GmbH & Co. KG)
DeviceDiscovery (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Dropbox Update Helper (x32 Version: 1.3.51.1 - Dropbox, Inc.) Hidden
Duden-Rechtschreibprüfung (HKLM-x32\...\{BF420B0C-DD5B-4ACD-AD7A-CB8F25CA0D2F}) (Version: 8.0 - Bibliographisches Institut GmbH)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 14.4.20130909 - Landesfinanzdirektion Thüringen)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 2017.1 - Emsisoft Ltd.)
Erinnerung 2.1.0  (HKLM-x32\...\Erinnerung) (Version: 2.1.0 - Paul Finkler)
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
FileZilla Client 3.23.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.23.0.2 - Tim Kosse)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version:  - )
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Gelbe Seiten Deutschland (HKLM-x32\...\Gelbe Seiten Deutschland) (Version:  - )
Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.02) (Version: 9.02 - Artifex Software Inc.)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet Pro 8000 A809 Series (HKLM\...\{A9E695CB-A6AA-4B4C-9754-BA3CFF1C3B00}) (Version: 14.0 - HP)
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{D2D05FDB-4EDA-462D-8DB6-E0B9AD4FA25F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Hilfe (HKLM-x32\...\{FDE820DD-CC88-4395-AD5C-801365B8F316}) (Version: 28.0.0 - Hewlett Packard)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iBackupBot for iTunes 3.6.5 (HKLM-x32\...\iBackupBot for iTunes) (Version: 3.6.5 - VOWSoft, Ltd.)
iCloud (HKLM\...\{29AAC3D3-23FC-496D-8266-0E3833686758}) (Version: 6.0.2.10 - Apple Inc.)
InfoPrint AFP Workbench Viewer (HKLM-x32\...\{EE899171-9FBD-4650-A1C2-A937342B57A9}) (Version: 2.05.04.01 - InfoPrint Solutions Company)
InfoPrint AFP Workbench Viewer (x32 Version: 2.05.04.01 - InfoPrint Solutions Company) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Network Connections 17.4.95.0 (HKLM\...\PROSetDX) (Version: 17.4.95.0 - Intel)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
iTunes (HKLM\...\{2C49F336-2E86-4407-83E2-16AC65598EF4}) (Version: 12.5.3.16 - Apple Inc.)
Java 2 SDK Standard Edition v1.2.2_017 (HKLM-x32\...\Java 2 SDK Standard Edition v1.2.2_017) (Version:  - )
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java SE Development Kit 8 Update 71 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180710}) (Version: 8.0.710.15 - Oracle Corporation)
Java(TM) SE Development Kit 7 Update 2 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170020}) (Version: 1.7.0.20 - Oracle)
JavaFX 2.0.2 (64-bit) (HKLM\...\{1111706F-666A-4037-7777-202648764D10}) (Version: 2.0.2 - Oracle Corporation)
JavaFX 2.0.2 SDK (64-bit) (HKLM\...\{2222706F-666A-4037-7777-202648764D10}) (Version: 2.0.2 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JFritz 0.7.5 Rev. 23 (HKLM-x32\...\{AF5B3ED5-70D3-48CF-A00F-FC29F5261A37}_is1) (Version:  - JFritz Team)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarketResearch (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Medion Home Cinema (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.)
Medion Home Cinema (x32 Version: 8.0.2227 - CyberLink Corp.) Hidden
MEDION NAS TOOL (HKLM-x32\...\MEDION NAS TOOL) (Version:  - MEDION)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Micrografx Picture Publisher 10 (HKLM-x32\...\{04AABF6D-55C5-4779-ABF9-992016E913A2}) (Version: 1.0.0.0 - Micrografx, Inc.)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU  (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU  (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 48.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 de)) (Version: 48.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
Mozilla Thunderbird 45.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.2.0 (x86 de)) (Version: 45.2.0 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSYS2 64bit (HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\{495974d3-70a1-4ee2-8469-589be4831f36}) (Version: 20161025 - The MSYS2 Developers)
Music Recorder (HKLM-x32\...\{DFC20C50-021D-49CA-9790-D608B12722DB}) (Version: 14.1.7200.0 - Audials AG)
Nero CoverDesigner 2017 (HKLM-x32\...\{29102D23-A61D-48BC-876D-449BF9937B62}) (Version: 18.0.00900 - Nero AG)
NetObjects Fusion 12.0 (HKLM-x32\...\{4D15B53C-DACF-4548-929D-137F7FA1B39B}) (Version: 12 German - NetObjects)
NetObjects Fusion 12.0 (x32 Version: 12.00.5000.5041 - NetObjects) Hidden
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
NirSoft VideoCacheView (HKLM-x32\...\NirSoft VideoCacheView) (Version:  - )
Nur Entfernen der CopyTrans Suite möglich (HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\CopyTrans Suite) (Version: 4.002 - WindSolutions)
NVIDIA 3D Vision Controller-Treiber 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 378.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.49 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.3.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.3.0.95 - NVIDIA Corporation)
NVIDIA Grafiktreiber 378.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.49 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.21 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.5.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
Paragon Festplatten Manager™ 2012 Kompakt (HKLM-x32\...\{29258311-EA49-11DE-967C-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDF Architect 2 View Module (HKLM-x32\...\{3DA20A12-AD9F-4A75-8A6F-5204EEB94359}) (Version: 2.0.5.16319 - pdfforge GmbH)
PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio)
PhotoFiltre 7 (HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\PhotoFiltre 7) (Version:  - )
Pinnacle Instant DVD Recorder (HKLM-x32\...\{C1212AE3-DBB9-4365-8473-F8ABC7B06BBB}) (Version: 2.5.0.092 - Pinnacle Systems)
Pinnacle Video Treiber (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.029 - Pinnacle Systems)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polaroid Dust and Scratch Removal v1.0.0.15.2e (HKLM-x32\...\{7B03B4E6-E3F9-11D5-B9D9-00D0B75C082C}) (Version: Polaroid Polaroid Dust and Scratch Removal v1.0.0.15.2e - Polaroid Corporation)
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Prerequisite installer (x32 Version: 18.0.0003 - Nero AG) Hidden
ProductContext (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Readiris Pro 15 (HKLM-x32\...\{04C206EA-E327-4291-B54F-65EF89D94B3A}) (Version: 15.01.6224 - I.R.I.S.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.65.1025.2012 - Realtek)
REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}) (Version: 1.00.0187 - REALTEK Semiconductor Corp.)
Recover Keys (HKLM-x32\...\Recover Keys_is1) (Version: 9.0.3.168 - Recover Keys)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.28.1 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.28.1 - Renesas Electronics Corporation) Hidden
Rx Compensator (HKLM-x32\...\ST6UNST #1) (Version:  - )
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
ScanSoft PaperPort Viewer 7.0 (HKLM-x32\...\ScanSoft PaperPort Viewer 7.0) (Version:  - )
Security-Plugins-Chipcard (HKLM-x32\...\SecurityPluginsChipcard) (Version: 2.6.4.0 - PPI AG, Hamburg, Germany)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
SmartDraw 2013 (HKLM-x32\...\SmartDraw 2013) (Version:  - SmartDraw, LLC)
SmartWebPrinting (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
Studie zur Verbesserung von HP Officejet Pro 8600 Produkten (HKLM\...\{B9824225-2055-4700-BCD4-64B25EC88264}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.86.105304 - SugarSync, Inc.)
SUPER (C) v2016.Build.70+3D+Recorder Version released on (2016/ (HKLM-x32\...\{FF00DB05-B936-4B9A-B41B-1780A23D6050}_is1) (Version: released on (2016/12/15), - eRightSoft)
SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
System Requirements Lab for Intel (HKLM-x32\...\{63B7AC7E-0178-4F4F-A79B-08D97ADD02D7}) (Version: 4.5.11.0 - Husdawg, LLC)
Telescope Driver (HKLM-x32\...\{B2920232-19DA-44FC-835F-68E427EAE2CE}) (Version: 10.30.09 - PixArt)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.01 - Ghisler Software GmbH)
TrayApp (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (HKLM-x32\...\{241E7104-937A-4366-AD57-8FDDDB003939}) (Version: 15.4.5722.2 - Microsoft Corporation)
Versandhelfer (HKLM-x32\...\dpdhl.versandhelfer.medionpc.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1) (Version: 0.9.511 - Deutsche Post AG)
Versandhelfer (x32 Version: 0.9.511 - Deutsche Post AG) Hidden
Video DVD Maker v3.32.0.80 (HKLM-x32\...\{1A3E23D7-7A1E-43EC-B35D-EB2A31BED943}) (Version:  - )
VideoDownloaderUltimate (HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\VideoDownloaderUltimateWinApp) (Version: 1.0.1.98 - Link64)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VR-NetWorld (HKLM-x32\...\{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}) (Version:  - )
Vulkan Run Time Libraries 1.0.37.0 (HKLM\...\VulkanRT1.0.37.0) (Version: 1.0.37.0 - LunarG, Inc.)
WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
WinAVI iPhone Data Recovery (HKLM-x32\...\WinAVI iPhone Data Recovery) (Version: 1.2.0.1085 - WinAVI Software Ltd.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation)
Winmail Opener 1.4 (HKLM-x32\...\Winmail Opener) (Version: 1.4 - Eolsoft)
zebNet® Backup for Thunderbird® Free Edition 1.0.1.0 (HKLM\...\{9286F0E0-0A38-4B3C-AB46-5DCC49A2E997}) (Version: 1.0.1.0 - zebNet® Ltd)
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0093112F-88E6-45ED-BCAD-AF7548316A28} - System32\Tasks\{30F47FBD-E9AA-4830-82E7-A91F8A356A47} => C:\Users\Thomas Keune\Downloads\AdobeDownloadAssistant.exe 
Task: {0387743C-AF26-4336-88C9-BC4BBAB2116C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-02-20] (Microsoft Corporation)
Task: {04539A0F-7FB5-4F42-A848-8F192EB28D7B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {09450F48-8AAF-4ACD-A50F-D653784E7DA4} - System32\Tasks\{D642B5D6-EA45-4700-922F-E23876D3FB65} => pcalua.exe -a E:\FSetup.exe -d E:\
Task: {0C603520-E6AD-4055-996E-0CF570DF31BD} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe 
Task: {0D09DC82-F70F-419F-9BC2-03F6032DAFA3} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-20] (NVIDIA Corporation)
Task: {0DCB9430-19AE-4A3D-8CE8-BA5E643E92F6} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {0F973C20-8635-4934-A736-5FEBCB8A2CB6} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-20] (NVIDIA Corporation)
Task: {13F1A64F-86BF-4734-AA03-E99DD16E3D88} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {1747F6FA-A083-4959-B97D-876863E794B2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {182A9598-E490-412D-A219-AA2F3FC3C11A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {189877C2-B588-49E0-A7C8-41D10F0EDE8D} - System32\Tasks\{FDDA34B2-8198-4284-9B20-F7BAF40CFEDB} => pcalua.exe -a "C:\Users\Thomas Keune\Downloads\PinnacleInstantDVDRecorderSetup_2.6.1.127.exe" -d "C:\Program Files (x86)\Mozilla Thunderbird"
Task: {19895852-25E1-412D-9DE9-BAED34BFBBCF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {19C81672-4514-45F8-8774-0E0E7C195871} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {1FA05CAE-505C-4156-9F8E-784B02CFF4C6} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {22A79C0A-5A05-48A6-8DA0-37E118EA352E} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Keine Datei <==== ACHTUNG
Task: {2D44F6A2-874F-4D7A-AFB5-CB43B0685B17} - System32\Tasks\{DAB1E480-3AD5-4504-87BC-FF354AD1C780} => pcalua.exe -a "C:\Users\Thomas Keune\Downloads\TAPI_Services_for_CAPI_02.03.01_Deutsch(2).exe" -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {2DECBEC1-4174-4022-A7B5-3B002C60F230} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-21] (Piriform Ltd)
Task: {3098B355-30B4-43C8-8A3B-5365B996B33E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {32393DCB-3FBA-4600-8FDE-6B8EBB4FDEF8} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe 
Task: {32AAD558-1F1F-485B-BC7E-8A13025209D2} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {35DB159B-E719-4F8F-985E-3BFDC4F09474} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {3B905FB9-A4C0-4A37-9811-7181F380B671} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> Keine Datei <==== ACHTUNG
Task: {3E563C68-3A90-46C5-9894-075027184440} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {40AE0875-6A3A-4187-A791-4A516200E8F6} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe 
Task: {433E3C53-9AA2-4D67-8F3F-DEB070589A33} - System32\Tasks\{329A0C86-ED7D-4E05-976B-6F2749FECAB9} => pcalua.exe -a "C:\Users\Thomas Keune\Downloads\ipsafpwb.exe" -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {47C5A85C-370A-4159-B991-CF8B1C126060} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {51F93248-2E61-4D5B-840C-B5BEE104930A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe 
Task: {5579EFB0-AF64-41DC-9CD2-2F996E5BD3BF} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {58D8B644-6E26-4F1F-9230-E9B75F8E6CEB} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {5930BCBE-C3A4-443F-BE59-A83F6BC676F5} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-20] (NVIDIA Corporation)
Task: {5CCB5A8B-D7AA-42DA-8CA7-325542EF34DD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {5E97DC8F-37A7-458F-B904-651ABB5F351E} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {66F7007C-23BB-41D5-88FE-CF9A316CB5EC} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {6766C32A-9A74-439E-9304-B0C1C15BED4F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {67CB22B4-F086-4383-B13D-E94C730B2103} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe 
Task: {7266853E-A3EF-459A-A0A6-1C6D22458251} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe 
Task: {72B5E694-FF35-4EAC-A046-0255788C68A4} - System32\Tasks\hpUrlLauncher.exe_{7E5FE76F-C2EE-43C4-8219-B358A2EE7A7D} => C:\Program Files\HP\HP Officejet Pro 8600\Bin\utils\hpUrlLauncher.exe 
Task: {7874B0A5-0BA3-426C-B6EB-1856A0E0B290} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {7BB6079C-046C-4BC4-81A1-08C7348655ED} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {7FD2BD48-7BA5-403E-97DF-74B6F95114F0} - kein Dateipfad
Task: {7FF5F145-A3F7-45FF-962E-CE306A7B6AE2} - System32\Tasks\{7BCECF0B-5759-4206-8FD1-B99820F1F36B} => pcalua.exe -a "C:\Users\Thomas Keune\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FEMJGEKP\avira_antivirus_premium_de.exe" -d "C:\Users\Thomas Keune\Desktop"
Task: {802CE256-8C02-420C-89E8-2668DC9A7500} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-01-20] (NVIDIA Corporation)
Task: {8153B878-09A6-462E-8799-1982C9CA672C} - System32\Tasks\{3DADCE68-CE29-4E5D-832B-82476A712850} => pcalua.exe -a "C:\Users\Thomas Keune\Downloads\Install_CopyTrans_Suite.exe" -d "C:\Users\Thomas Keune\Downloads"
Task: {83958D56-FCA1-4A3C-B097-8D2C9AE2D185} - System32\Tasks\{54B05DA1-AEBC-4B06-9313-2976C9FFDBF2} => C:\Users\Thomas Keune\Downloads\AdobeDownloadAssistant.exe 
Task: {85DE3961-A449-47F3-A07D-CC0C7581A457} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {8673C3EC-74BC-4BB0-8D80-A9CCB81579A0} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {9084FBAE-B621-470F-94BB-C41175A8BE60} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe 
Task: {9F157C3B-30B9-4B3D-8491-D4B139839E80} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-20] (NVIDIA Corporation)
Task: {A0A7E08F-1B02-40AA-A725-93FA18344624} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {A33913F9-8774-4BD8-8AB2-4DEDF30616B7} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe 
Task: {A3600956-51E6-4A6C-AA75-791CEB3003C6} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {ADB74AA7-7A4F-4807-B8ED-ABF3153BB0D4} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe 
Task: {AEC12B02-FE0F-4D2B-B3DB-2FADBE21D255} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {AEF9CE6F-450B-4B31-BA3C-49A01002501E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {B34F94EC-19DD-45E9-A521-C0CFA01CA7D1} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Keine Datei <==== ACHTUNG
Task: {B591A7EF-4CF8-4531-8FDB-2C18CB39ECDF} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe 
Task: {B5B16780-1FFC-4563-855D-FD8E4E4D78FF} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe 
Task: {B9DE770B-4E29-4D63-AFD1-7459E91B5FF4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {BC3F5B30-E1CD-4F47-B936-E977AFD41F11} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {BDB65469-DA1B-46BD-971C-13392055ADD5} - System32\Tasks\{2E82D357-A251-4790-899F-47464FEFD543} => pcalua.exe -a "C:\Program Files (x86)\REINER SCT\cyberJack\SetupZkaSig.exe" -c /d
Task: {C1A5909A-2597-467A-8A2E-B7E05E6C7139} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-01-20] (NVIDIA Corporation)
Task: {D1289271-4823-4891-853D-858DDE75E444} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {D955AFC3-9C15-4CAD-9EDB-3E510FCED431} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-28] (Adobe Systems Incorporated)
Task: {DC2A1FE1-85B4-4163-B1E6-740AF21B4BA3} - System32\Tasks\{0DCEE5B7-A88F-4328-8395-2C19EAF6E9E7} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {DF9251A9-DED0-459C-B5B5-FE1C13B56D91} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {EB5FF3C0-223F-4C93-8021-536FC6CCB006} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {EBCA6BE0-93D7-4BB1-A692-3A5C12C807D2} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {ECD598FA-804D-4DC8-9EC7-245939254043} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {EE96219E-0F3D-46B3-98E0-04C79F77CC7A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {EF6381FD-6139-4481-AE36-A7A6DB4D3029} - System32\Tasks\{4D10A259-15B0-45A4-BF14-755D0970BDA6} => pcalua.exe -a "C:\Program Files (x86)\JAR2EXE Converter\JAR2EXE Converter.exe"
Task: {FBB20570-BF1E-407B-8E8F-681182187B47} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {FBDAD67B-1BEE-4212-BE2A-1E877C1FA30E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {FF816E96-1B9D-42E4-A663-934AADE5F6C3} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-12-14 22:08 - 2016-12-09 11:29 - 02681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2017-02-14 08:53 - 2017-01-20 16:13 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-12-24 10:33 - 2006-02-23 11:35 - 00020480 _____ () C:\Windows\System32\FritzColorPort64.dll
2011-12-24 10:33 - 2006-02-22 10:39 - 00020480 _____ () C:\Windows\System32\FritzPort64.dll
2011-12-29 14:22 - 2010-06-17 21:56 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2017-02-14 08:55 - 2017-01-20 19:39 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2017-02-14 08:55 - 2017-01-20 19:39 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-12-14 22:08 - 2016-12-09 11:29 - 02681200 _____ () C:\Windows\SYSTEM32\CoreUIComponents.dll
2016-10-14 15:37 - 2016-10-14 15:37 - 00959168 _____ () C:\Users\Thomas Keune\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-10-14 04:18 - 2016-10-14 04:18 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-17 16:14 - 2016-12-21 08:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-17 16:14 - 2016-12-21 08:08 - 00693248 _____ () C:\Windows\ShellExperiences\MtcUvc.dll
2017-01-17 16:13 - 2016-12-21 07:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-17 16:13 - 2016-12-21 07:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-17 16:13 - 2016-12-21 07:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-17 16:13 - 2016-12-21 07:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-17 16:13 - 2016-12-21 07:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-17 16:14 - 2016-12-21 07:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-01-13 11:40 - 2015-02-09 12:36 - 00401256 _____ () C:\Program Files (x86)\TVG\OnlineUpdate\OnlineUpdateSvc.exe
2016-07-01 03:39 - 2016-07-01 03:39 - 04535192 _____ () C:\Program Files (x86)\Music Recorder\Music Recorder 2016\AudialsNotifier.exe
2015-04-02 08:47 - 2017-01-20 19:39 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-02-14 08:55 - 2017-01-20 19:39 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2017-02-14 08:55 - 2017-01-20 19:39 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2012-12-17 22:48 - 2009-12-09 21:20 - 00126976 _____ () C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\EnumDevLib.dll
2016-07-01 03:40 - 2016-07-01 03:40 - 00049424 _____ () C:\Program Files (x86)\Music Recorder\Music Recorder 2016\boost_thread-vc90-mt-1_39.dll
2016-07-01 03:40 - 2016-07-01 03:40 - 00048400 _____ () C:\Program Files (x86)\Music Recorder\Music Recorder 2016\boost_date_time-vc90-mt-1_39.dll
2016-07-01 03:40 - 2016-07-01 03:40 - 00068504 _____ () C:\Program Files (x86)\Music Recorder\Music Recorder 2016\CrashRpt.dll
2016-07-01 03:40 - 2016-07-01 03:40 - 00618256 _____ () C:\Program Files (x86)\Music Recorder\Music Recorder 2016\boost_regex-vc90-mt-1_39.dll
2016-07-01 03:40 - 2016-07-01 03:40 - 00544152 _____ () C:\Program Files (x86)\Music Recorder\Music Recorder 2016\StreamingClient.dll
2016-07-01 03:40 - 2016-07-01 03:40 - 00016144 _____ () C:\Program Files (x86)\Music Recorder\Music Recorder 2016\boost_system-vc90-mt-1_39.dll
2016-11-23 06:58 - 2016-11-23 06:58 - 00340992 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Utils\68fc17d6e5e7d2bad7b18b8d60806540\Utils.ni.dll
2016-11-23 06:58 - 2016-11-23 06:58 - 00549888 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\ManagedInterfaces\9806b0667678a0d6f857efbcafc11565\ManagedInterfaces.ni.dll
2016-12-03 07:57 - 2016-12-03 07:57 - 04722176 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\AudialsComponents\79ddd0a4f5f325c9e61636c71a93758a\AudialsComponents.ni.dll
2016-11-23 06:58 - 2016-11-23 06:58 - 00774144 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\RSControls\2e161c2bf58a80553d92547040617e0d\RSControls.ni.dll
2016-12-16 07:10 - 2016-12-16 07:10 - 00177664 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\fastJSON\8d604d7d5af9a724226a7eda8729d695\fastJSON.ni.dll
2016-11-23 06:58 - 2016-11-23 06:58 - 00062464 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\CrashHandlerNET\a68af5e6e5d69b9e255d6b41d82c7688\CrashHandlerNET.ni.dll
2016-07-01 03:40 - 2016-07-01 03:40 - 00040856 _____ () C:\Program Files (x86)\Music Recorder\Music Recorder 2016\CrashHandlerNET.dll
2016-01-06 21:02 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-01-06 21:02 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-01-06 21:02 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2017-02-14 08:55 - 2017-01-20 14:36 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2017-02-14 08:55 - 2017-01-20 14:36 - 00254008 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2017-02-14 08:55 - 2017-01-20 14:36 - 02808888 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2017-02-14 08:55 - 2017-01-20 14:36 - 00384568 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2017-02-14 08:55 - 2017-01-20 14:36 - 00537656 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2017-02-14 08:55 - 2017-01-20 14:36 - 00468024 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2017-02-14 08:55 - 2017-01-20 14:36 - 01066552 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2017-02-15 09:24 - 2017-01-20 14:36 - 01014840 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node
2016-10-14 15:37 - 2016-10-14 15:37 - 00679624 _____ () C:\Users\Thomas Keune\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData\Temp:31D9EFCC [286]
AlternateDataStreams: C:\ProgramData\Temp:58DD92AC [133]
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1 [112]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-16 17.20.45.jpg:com.dropbox.attributes [1242]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-16 17.21.00.jpg:com.dropbox.attributes [1230]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-16 18.00.08.jpg:com.dropbox.attributes [1236]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-16 18.00.15.jpg:com.dropbox.attributes [1240]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-16 18.00.39.jpg:com.dropbox.attributes [1242]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-16 18.00.45.jpg:com.dropbox.attributes [1238]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 20.29.06.jpg:com.dropbox.attributes [1238]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 20.29.21.jpg:com.dropbox.attributes [1242]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 20.29.23.jpg:com.dropbox.attributes [1238]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 20.41.48.jpg:com.dropbox.attributes [621]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 20.41.55.jpg:com.dropbox.attributes [1236]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 20.45.38.jpg:com.dropbox.attributes [1244]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 22.03.10.jpg:com.dropbox.attributes [1240]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 22.03.12.jpg:com.dropbox.attributes [1242]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 22.15.47.jpg:com.dropbox.attributes [619]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 22.16.02.jpg:com.dropbox.attributes [1240]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 22.16.17.jpg:com.dropbox.attributes [1236]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 22.27.22.jpg:com.dropbox.attributes [1232]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 22.27.29.jpg:com.dropbox.attributes [1240]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 22.27.32.jpg:com.dropbox.attributes [1230]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 22.27.35.jpg:com.dropbox.attributes [1238]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 22.28.07.jpg:com.dropbox.attributes [1234]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 22.31.26.jpg:com.dropbox.attributes [1238]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 22.31.37.jpg:com.dropbox.attributes [1234]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 22.31.47.jpg:com.dropbox.attributes [1244]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 22.31.54.jpg:com.dropbox.attributes [1238]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 22.36.15.jpg:com.dropbox.attributes [1238]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 22.36.21.jpg:com.dropbox.attributes [1242]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 22.40.31.mov:com.dropbox.attributes [1190]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 23.05.08.jpg:com.dropbox.attributes [1242]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-20 21.07.42.jpg:com.dropbox.attributes [1238]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-20 21.19.45.jpg:com.dropbox.attributes [1194]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-20 21.19.47.jpg:com.dropbox.attributes [1196]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-21 14.42.37.jpg:com.dropbox.attributes [1246]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-21 14.48.20.jpg:com.dropbox.attributes [1246]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-22 14.29.15.png:com.dropbox.attributes [1198]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-22 14.30.28.png:com.dropbox.attributes [1192]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-24 21.32.51.jpg:com.dropbox.attributes [1248]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-26 21.16.14.jpg:com.dropbox.attributes [1244]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

Da befinden sich 7916 mehr Seiten.

IE restricted site: HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\123simsen.com -> www.123simsen.com

Da befinden sich 7917 mehr Seiten.


==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2016-11-06 20:33 - 00452679 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1	localhost127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com
127.0.0.1	www.123moviedownload.com

Da befinden sich 15559 zusätzliche Einträge.


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-4016997756-889063991-563976297-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

MSCONFIG\Services: NAUpdate => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Erinnerung.lnk => C:\Windows\pss\Erinnerung.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^t@x aktuell.lnk => C:\Windows\pss\t@x aktuell.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VR-NetWorld Auftragsprüfung.lnk => C:\Windows\pss\VR-NetWorld Auftragsprüfung.lnk.CommonStartup
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AVMFBoxMonitor => "C:\Program Files (x86)\FRITZ!Box Monitor\FRITZBoxMonitor.exe"
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: daCAPI => "C:\Program Files (x86)\daCAPI\daCAPI.exe" /auto
MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: Duden Korrektor SysTray => C:\Program Files (x86)\Duden\Duden-Rechtschreibprüfung\DKTray.exe
MSCONFIG\startupreg: FreePDF Assistant => "C:\Program Files (x86)\FreePDF_XP\fpassist.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: InstallManager => E:\st.exe /CONT
MSCONFIG\startupreg: iSkysoft Helper Compact.exe => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: PAC7302_Monitor => C:\Windows\PixArt\PAC7302\Monitor.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
MSCONFIG\startupreg: SAOB Monitor => C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: SmartCallMonitor => C:\Program Files (x86)\JAM Software\SmartCallMonitor\SmartCallMonitor.exe
MSCONFIG\startupreg: SugarSync => "C:\Program Files (x86)\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true
MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
HKLM\...\StartupApproved\StartupFolder: => "FriFax32 - Verknüpfung.lnk"
HKLM\...\StartupApproved\StartupFolder: => "JFritz.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Das Telefonbuch Browserlösung.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "%RunKey%"
HKLM\...\StartupApproved\Run32: => "Nikon Message Center 2"
HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\StartupApproved\Run: => "OneDrive"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{0552A074-95A6-47FD-93DB-AB44431A4D33}C:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe] => (Allow) C:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe
FirewallRules: [TCP Query User{4B20D3EA-56D2-408F-B2ED-46F4F0669EF2}C:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe] => (Allow) C:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe
FirewallRules: [UDP Query User{12414602-D1BA-4CF8-9AFC-89DB3FB9E2EC}C:\program files (x86)\fritz!\friver32.exe] => (Allow) C:\program files (x86)\fritz!\friver32.exe
FirewallRules: [TCP Query User{BE79240E-911B-4C91-8E3F-515CD7C5E024}C:\program files (x86)\fritz!\friver32.exe] => (Allow) C:\program files (x86)\fritz!\friver32.exe
FirewallRules: [{210729ED-99B3-4C90-8567-2B75CF337CA8}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E407A13E-D977-413C-81D4-3F3E776DDEC4}] => (Allow) LPort=2869
FirewallRules: [{8204DEB6-CCBD-43D4-8BD2-29407734ABCB}] => (Allow) LPort=1900
FirewallRules: [{BEEF6954-2D8E-4FEA-8399-8DDA2BF376D9}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{D96192B3-5EC4-4A94-92EB-7284B635724C}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{0CAC57E3-D2EC-4A1B-A10B-6126858B047C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{802328A3-C5C6-4C5A-A624-CAA584D9B00A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{C05C195A-3B3D-4498-B7DD-1705A1EBCFFE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{6B27F1D1-1CE4-42B6-A11F-6FD9193821C3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{272E7C97-E477-4AD7-85BC-9B13839FBEFB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{B80BD926-62EB-457A-9A61-9EB6A3F906A4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{2212748C-092D-49EB-9691-94AFEF7E4B1A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{69A0757C-178D-43D6-940D-1C8AE9F9C84F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{FE016203-2EE2-43BA-A1EF-C35DD9E845D5}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{42DDCF1E-0861-45AB-939C-224C2A3B7FDB}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [TCP Query User{2A934D67-CC63-4E99-8918-0CEC71005391}C:\program files (x86)\fritz!\frifax32.exe] => (Allow) C:\program files (x86)\fritz!\frifax32.exe
FirewallRules: [UDP Query User{1056B8D7-9419-4FBB-BF2B-96553CD7F05F}C:\program files (x86)\fritz!\frifax32.exe] => (Allow) C:\program files (x86)\fritz!\frifax32.exe
FirewallRules: [TCP Query User{2DD32AF0-1802-4DE4-9672-266FCDB58D43}C:\program files (x86)\fritz!\frifax32.exe] => (Allow) C:\program files (x86)\fritz!\frifax32.exe
FirewallRules: [UDP Query User{F4C119E6-5B66-45CD-9B89-B9B40880DBA7}C:\program files (x86)\fritz!\frifax32.exe] => (Allow) C:\program files (x86)\fritz!\frifax32.exe
FirewallRules: [{F9AC49DD-3E25-47C9-86D7-98A9B2ECA668}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5FB97470-5AF2-452A-A990-562D9946DF2D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{90A396C5-3F74-4CC2-94CE-3FD577352531}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{BB337C31-DB05-483A-BBBE-C49B0C666E4E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{BACBBFF4-ECD1-4D02-B415-7147E04A9FD7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{7B307F34-DD67-4989-B5E1-F171AD5E54DC}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [TCP Query User{313BE467-03ED-4665-8B41-116CEAB27115}C:\program files (x86)\fritz!vox\fritz!vox.exe] => (Allow) C:\program files (x86)\fritz!vox\fritz!vox.exe
FirewallRules: [UDP Query User{B996EFF6-8C05-4BE8-80A4-A4B4BB993E58}C:\program files (x86)\fritz!vox\fritz!vox.exe] => (Allow) C:\program files (x86)\fritz!vox\fritz!vox.exe
FirewallRules: [{C55D4605-46B6-4E5A-84F2-5FAD8DA8C9F2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DBFB90B6-6F04-43D6-B010-BE6F07359244}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C05B2B38-910B-41D7-9067-AACE8430C136}] => (Allow) C:\Program Files (x86)\Music Recorder\Music Recorder 2016\Audials.exe
FirewallRules: [{ACC0478C-3F99-427E-AD0B-789EE107DB05}] => (Allow) LPort=12972
FirewallRules: [{88AA4E00-FF66-4222-B385-23822E05C8DB}] => (Allow) LPort=14714
FirewallRules: [{1E2FCD38-FB2E-4461-BA00-DA3A6E103D1E}] => (Allow) LPort=31931
FirewallRules: [TCP Query User{DF5E1045-28C1-4543-B43F-E6606DB3858A}C:\program files (x86)\medion\medion nas tool\medion nas tool.exe] => (Allow) C:\program files (x86)\medion\medion nas tool\medion nas tool.exe
FirewallRules: [UDP Query User{17556B1D-13FA-4B65-A8F2-37F1E220C6E3}C:\program files (x86)\medion\medion nas tool\medion nas tool.exe] => (Allow) C:\program files (x86)\medion\medion nas tool\medion nas tool.exe
FirewallRules: [{9B9999FB-DFD9-4C9B-8480-B59E8408A79A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{849E1D66-C46C-46BF-82E3-B48F836B2BA7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{56EB73CB-1588-4EFC-9D8B-D7539ADE2A9E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{A549D9F8-4F94-466F-8D05-F52742BB01BA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B9950044-453E-4F9C-A765-E0C789BCBF9F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{AA8A2C99-D58A-41E0-8EB5-692B0B285D62}] => (Allow) C:\Program Files\7-Zip\7zFM.exe
FirewallRules: [{7F1BB054-BBC3-4E25-BFED-195E98617235}] => (Allow) C:\Program Files\7-Zip\7zFM.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Wiederherstellungspunkte =========================

19-02-2017 19:18:09 Windows Update
20-02-2017 17:04:47 JRT Pre-Junkware Removal
22-02-2017 11:45:13 JRT Pre-Junkware Removal

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: 
Description: 
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet Pro 8600
Description: Officejet Pro 8600
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Realtek RTL8191SU Wireless LAN 802.11n USB 2.0 Network Adapter
Description: Realtek RTL8191SU Wireless LAN 802.11n USB 2.0-Netzwerkadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTL8192su
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (02/22/2017 09:44:50 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ThomasKeune-PC)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147024894. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (02/22/2017 09:43:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ThomasKeune-PC)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147024894. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (02/22/2017 09:42:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ThomasKeune-PC)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147024894. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (02/22/2017 09:41:08 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ThomasKeune-PC)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147024894. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (02/22/2017 09:39:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ThomasKeune-PC)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147024894. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (02/22/2017 09:38:44 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhostw (3032) WebCacheLocal: Der Versuch, die Datei "C:\Users\Thomas Keune\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error: (02/22/2017 09:38:23 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ThomasKeune-PC)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147024894. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (02/22/2017 09:37:15 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ThomasKeune-PC)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147024894. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (02/22/2017 09:36:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ThomasKeune-PC)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147024894. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (02/22/2017 09:35:07 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ThomasKeune-PC)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147024894. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.


Systemfehler:
=============
Error: (02/22/2017 09:44:50 PM) (Source: DCOM) (EventID: 10001) (User: ThomasKeune-PC)
Description: Ein DCOM-Server konnte nicht gestartet werden: microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca als Nicht verfügbar/Nicht verfügbar. Fehler:
"2"
Aufgetreten beim Start dieses Befehls:
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7903.40527.0_x64__8wekyb3d8bbwe\HxTsr.exe" -ServerName:Hx.IPC.Server

Error: (02/22/2017 09:43:47 PM) (Source: DCOM) (EventID: 10001) (User: ThomasKeune-PC)
Description: Ein DCOM-Server konnte nicht gestartet werden: microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca als Nicht verfügbar/Nicht verfügbar. Fehler:
"2"
Aufgetreten beim Start dieses Befehls:
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7903.40527.0_x64__8wekyb3d8bbwe\HxTsr.exe" -ServerName:Hx.IPC.Server

Error: (02/22/2017 09:42:11 PM) (Source: DCOM) (EventID: 10001) (User: ThomasKeune-PC)
Description: Ein DCOM-Server konnte nicht gestartet werden: microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca als Nicht verfügbar/Nicht verfügbar. Fehler:
"2"
Aufgetreten beim Start dieses Befehls:
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7903.40527.0_x64__8wekyb3d8bbwe\HxTsr.exe" -ServerName:Hx.IPC.Server

Error: (02/22/2017 09:41:08 PM) (Source: DCOM) (EventID: 10001) (User: ThomasKeune-PC)
Description: Ein DCOM-Server konnte nicht gestartet werden: microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca als Nicht verfügbar/Nicht verfügbar. Fehler:
"2"
Aufgetreten beim Start dieses Befehls:
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7903.40527.0_x64__8wekyb3d8bbwe\HxTsr.exe" -ServerName:Hx.IPC.Server

Error: (02/22/2017 09:39:26 PM) (Source: DCOM) (EventID: 10001) (User: ThomasKeune-PC)
Description: Ein DCOM-Server konnte nicht gestartet werden: microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca als Nicht verfügbar/Nicht verfügbar. Fehler:
"2"
Aufgetreten beim Start dieses Befehls:
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7903.40527.0_x64__8wekyb3d8bbwe\HxTsr.exe" -ServerName:Hx.IPC.Server

Error: (02/22/2017 09:38:23 PM) (Source: DCOM) (EventID: 10001) (User: ThomasKeune-PC)
Description: Ein DCOM-Server konnte nicht gestartet werden: microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca als Nicht verfügbar/Nicht verfügbar. Fehler:
"2"
Aufgetreten beim Start dieses Befehls:
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7903.40527.0_x64__8wekyb3d8bbwe\HxTsr.exe" -ServerName:Hx.IPC.Server

Error: (02/22/2017 09:37:15 PM) (Source: DCOM) (EventID: 10001) (User: ThomasKeune-PC)
Description: Ein DCOM-Server konnte nicht gestartet werden: microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca als Nicht verfügbar/Nicht verfügbar. Fehler:
"2"
Aufgetreten beim Start dieses Befehls:
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7903.40527.0_x64__8wekyb3d8bbwe\HxTsr.exe" -ServerName:Hx.IPC.Server

Error: (02/22/2017 09:36:12 PM) (Source: DCOM) (EventID: 10001) (User: ThomasKeune-PC)
Description: Ein DCOM-Server konnte nicht gestartet werden: microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca als Nicht verfügbar/Nicht verfügbar. Fehler:
"2"
Aufgetreten beim Start dieses Befehls:
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7903.40527.0_x64__8wekyb3d8bbwe\HxTsr.exe" -ServerName:Hx.IPC.Server

Error: (02/22/2017 09:35:07 PM) (Source: DCOM) (EventID: 10001) (User: ThomasKeune-PC)
Description: Ein DCOM-Server konnte nicht gestartet werden: microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca als Nicht verfügbar/Nicht verfügbar. Fehler:
"2"
Aufgetreten beim Start dieses Befehls:
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7903.40527.0_x64__8wekyb3d8bbwe\HxTsr.exe" -ServerName:Hx.IPC.Server

Error: (02/22/2017 09:34:05 PM) (Source: DCOM) (EventID: 10001) (User: ThomasKeune-PC)
Description: Ein DCOM-Server konnte nicht gestartet werden: microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca als Nicht verfügbar/Nicht verfügbar. Fehler:
"2"
Aufgetreten beim Start dieses Befehls:
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7903.40527.0_x64__8wekyb3d8bbwe\HxTsr.exe" -ServerName:Hx.IPC.Server


CodeIntegrity:
===================================
  Date: 2017-02-22 10:53:34.527
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-21 21:37:21.783
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-21 21:28:04.077
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-21 20:59:41.175
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-02-21 18:47:01.853
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-21 05:53:43.945
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-20 15:49:16.838
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-02-20 15:49:16.812
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-02-20 15:49:16.728
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-02-20 15:49:16.570
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll that did not meet the Microsoft signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i5-2300 CPU @ 2.80GHz
Prozentuale Nutzung des RAM: 70%
Installierter physikalischer RAM: 4077.64 MB
Verfügbarer physikalischer RAM: 1183.16 MB
Summe virtueller Speicher: 8173.64 MB
Verfügbarer virtueller Speicher: 4112.61 MB

==================== Laufwerke ================================

Drive c: (Boot) (Fixed) (Total:1831.92 GB) (Free:1564.17 GB) NTFS
Drive d: (Recover) (Fixed) (Total:30 GB) (Free:11.62 GB) NTFS
Drive f: (LessEfiBoot) (Removable) (Total:0.06 GB) (Free:0 GB) FAT
Drive k: (Backup) (Fixed) (Total:292.97 GB) (Free:225.31 GB) NTFS
Drive l: (Data) (Fixed) (Total:292.97 GB) (Free:91.9 GB) NTFS
Drive m: (Copy) (Fixed) (Total:292.97 GB) (Free:291.52 GB) NTFS
Drive n: (Siemens) (Fixed) (Total:292.97 GB) (Free:30.03 GB) NTFS
Drive o: () (Fixed) (Total:0.1 GB) (Free:0.02 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive p: (Schneider) (Fixed) (Total:225.39 GB) (Free:82.33 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 59ECDFB3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1831.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=30 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

========================================================
Disk: 4 (MBR Code: Windows XP) (Size: 1397.3 GB) (Disk ID: 27E9BFE8)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=OF Extended)

========================================================
Disk: 6 (Size: 3.8 GB) (Disk ID: 7C94265E)
Partition 1: (Active) - (Size=1.3 GB) - (Type=00)
Partition 2: (Not Active) - (Size=61 MB) - (Type=EF)

==================== Ende von Addition.txt ============================

Jetzt bin ich mal gespannt :-)

cosinus · 22.02.2017, 22:27

FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKLM-x32\...\Run: [] => [X]
Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll => Keine Datei
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\S-1-5-21-4016997756-889063991-563976297-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-4016997756-889063991-563976297-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-4016997756-889063991-563976297-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://search.avira.net/#web/result?source=art&q=
FF HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\Firefox\Extensions: [mail@shopping-preise.de] - C:\Users\Thomas Keune\AppData\Roaming\Mozilla\Firefox\Profiles\mic35z32.default\extensions\mail@shopping-preise.de => nicht gefunden
FF HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: (McAfee Security Scan Plus) - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] [ist nicht signiert]
FF HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Thomas Keune\AppData\Roaming\Mozilla\Firefox\Profiles\zxjx6lop.default-1409585167823\extensions\cliqz@cliqz.com => nicht gefunden
S2 chip1click; C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe
S3 cpuz139; \??\C:\Users\THOMAS~1\AppData\Local\Temp\cpuz139\cpuz139_x64.sys [X] <==== ACHTUNG
Task: {182A9598-E490-412D-A219-AA2F3FC3C11A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {1FA05CAE-505C-4156-9F8E-784B02CFF4C6} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {22A79C0A-5A05-48A6-8DA0-37E118EA352E} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Keine Datei <==== ACHTUNG
Task: {3B905FB9-A4C0-4A37-9811-7181F380B671} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> Keine Datei <==== ACHTUNG
Task: {5579EFB0-AF64-41DC-9CD2-2F996E5BD3BF} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {6766C32A-9A74-439E-9304-B0C1C15BED4F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {7BB6079C-046C-4BC4-81A1-08C7348655ED} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {AEC12B02-FE0F-4D2B-B3DB-2FADBE21D255} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {B34F94EC-19DD-45E9-A521-C0CFA01CA7D1} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Keine Datei <==== ACHTUNG
Task: {B9DE770B-4E29-4D63-AFD1-7459E91B5FF4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {D1289271-4823-4891-853D-858DDE75E444} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {EB5FF3C0-223F-4C93-8021-536FC6CCB006} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {FBDAD67B-1BEE-4212-BE2A-1E877C1FA30E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
AlternateDataStreams: C:\ProgramData\Temp:31D9EFCC [286]
AlternateDataStreams: C:\ProgramData\Temp:58DD92AC [133]
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1 [112]
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
C:\Program Files (x86)\Chip Digital GmbH
C:\ProgramData\McAfee Security Scan
C:\Program Files\Bonjour
C:\Program Files (x86)\Spybot - Search & Destroy 2
C:\Users\Thomas Keune\AppData\Local\13d278f4
hosts:
emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

OhSchreck! · 23.02.2017, 06:57

Code:

ATTFilter

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 22-02-2017 01
durchgeführt von Thomas Keune (23-02-2017 06:47:20) Run:1
Gestartet von C:\Users\Thomas Keune\Desktop
Geladene Profile: Thomas Keune (Verfügbare Profile: Thomas Keune)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
HKLM-x32\...\Run: [] => [X]
Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll => Keine Datei
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\S-1-5-21-4016997756-889063991-563976297-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-4016997756-889063991-563976297-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-4016997756-889063991-563976297-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://search.avira.net/#web/result?source=art&q=
FF HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\Firefox\Extensions: [mail@shopping-preise.de] - C:\Users\Thomas Keune\AppData\Roaming\Mozilla\Firefox\Profiles\mic35z32.default\extensions\mail@shopping-preise.de => nicht gefunden
FF HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: (McAfee Security Scan Plus) - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] [ist nicht signiert]
FF HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Thomas Keune\AppData\Roaming\Mozilla\Firefox\Profiles\zxjx6lop.default-1409585167823\extensions\cliqz@cliqz.com => nicht gefunden
S2 chip1click; C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe
S3 cpuz139; \??\C:\Users\THOMAS~1\AppData\Local\Temp\cpuz139\cpuz139_x64.sys [X] <==== ACHTUNG
Task: {182A9598-E490-412D-A219-AA2F3FC3C11A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {1FA05CAE-505C-4156-9F8E-784B02CFF4C6} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {22A79C0A-5A05-48A6-8DA0-37E118EA352E} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Keine Datei <==== ACHTUNG
Task: {3B905FB9-A4C0-4A37-9811-7181F380B671} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> Keine Datei <==== ACHTUNG
Task: {5579EFB0-AF64-41DC-9CD2-2F996E5BD3BF} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {6766C32A-9A74-439E-9304-B0C1C15BED4F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {7BB6079C-046C-4BC4-81A1-08C7348655ED} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {AEC12B02-FE0F-4D2B-B3DB-2FADBE21D255} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {B34F94EC-19DD-45E9-A521-C0CFA01CA7D1} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Keine Datei <==== ACHTUNG
Task: {B9DE770B-4E29-4D63-AFD1-7459E91B5FF4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {D1289271-4823-4891-853D-858DDE75E444} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {EB5FF3C0-223F-4C93-8021-536FC6CCB006} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {FBDAD67B-1BEE-4212-BE2A-1E877C1FA30E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
AlternateDataStreams: C:\ProgramData\Temp:31D9EFCC [286]
AlternateDataStreams: C:\ProgramData\Temp:58DD92AC [133]
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1 [112]
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
C:\Program Files (x86)\Chip Digital GmbH
C:\ProgramData\McAfee Security Scan
C:\Program Files\Bonjour
C:\Program Files (x86)\Spybot - Search & Destroy 2
C:\Users\Thomas Keune\AppData\Local\13d278f4
hosts:
emptytemp:
         
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Wert erfolgreich entfernt
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007 => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => Schlüssel erfolgreich entfernt
HKU\S-1-5-21-4016997756-889063991-563976297-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => Schlüssel erfolgreich entfernt
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Wert erfolgreich wiederhergestellt
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Wert erfolgreich wiederhergestellt
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wert erfolgreich wiederhergestellt
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wert erfolgreich wiederhergestellt
HKU\S-1-5-21-4016997756-889063991-563976297-1000\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wert erfolgreich wiederhergestellt
HKU\S-1-5-21-4016997756-889063991-563976297-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wert erfolgreich wiederhergestellt
HKU\S-1-5-21-4016997756-889063991-563976297-1000\Software\Mozilla\Firefox\Extensions\\mail@shopping-preise.de => Wert erfolgreich entfernt
HKU\S-1-5-21-4016997756-889063991-563976297-1000\Software\Mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8} => Wert erfolgreich entfernt
C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => erfolgreich verschoben
HKU\S-1-5-21-4016997756-889063991-563976297-1000\Software\Mozilla\Firefox\Extensions\\cliqz@cliqz.com => Wert erfolgreich entfernt
HKLM\System\CurrentControlSet\Services\chip1click => Schlüssel erfolgreich entfernt
chip1click => Dienst erfolgreich entfernt
HKLM\System\CurrentControlSet\Services\cpuz139 => Schlüssel erfolgreich entfernt
cpuz139 => Dienst erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{182A9598-E490-412D-A219-AA2F3FC3C11A} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{182A9598-E490-412D-A219-AA2F3FC3C11A} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1FA05CAE-505C-4156-9F8E-784B02CFF4C6} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1FA05CAE-505C-4156-9F8E-784B02CFF4C6} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{22A79C0A-5A05-48A6-8DA0-37E118EA352E} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{22A79C0A-5A05-48A6-8DA0-37E118EA352E} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3B905FB9-A4C0-4A37-9811-7181F380B671} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B905FB9-A4C0-4A37-9811-7181F380B671} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5579EFB0-AF64-41DC-9CD2-2F996E5BD3BF} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5579EFB0-AF64-41DC-9CD2-2F996E5BD3BF} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6766C32A-9A74-439E-9304-B0C1C15BED4F} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6766C32A-9A74-439E-9304-B0C1C15BED4F} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7BB6079C-046C-4BC4-81A1-08C7348655ED} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7BB6079C-046C-4BC4-81A1-08C7348655ED} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AEC12B02-FE0F-4D2B-B3DB-2FADBE21D255} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AEC12B02-FE0F-4D2B-B3DB-2FADBE21D255} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B34F94EC-19DD-45E9-A521-C0CFA01CA7D1} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B34F94EC-19DD-45E9-A521-C0CFA01CA7D1} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B9DE770B-4E29-4D63-AFD1-7459E91B5FF4} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9DE770B-4E29-4D63-AFD1-7459E91B5FF4} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D1289271-4823-4891-853D-858DDE75E444} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1289271-4823-4891-853D-858DDE75E444} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EB5FF3C0-223F-4C93-8021-536FC6CCB006} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB5FF3C0-223F-4C93-8021-536FC6CCB006} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FBDAD67B-1BEE-4212-BE2A-1E877C1FA30E} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FBDAD67B-1BEE-4212-BE2A-1E877C1FA30E} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Schlüssel erfolgreich entfernt
C:\ProgramData\Temp => ":31D9EFCC" ADS erfolgreich entfernt.
C:\ProgramData\Temp => ":58DD92AC" ADS erfolgreich entfernt.
C:\ProgramData\Temp => ":D1B5B4F1" ADS erfolgreich entfernt.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe => Wert erfolgreich entfernt
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe => Wert erfolgreich entfernt
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe => Wert erfolgreich entfernt
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe => Wert erfolgreich entfernt
C:\Program Files (x86)\Chip Digital GmbH => erfolgreich verschoben
C:\ProgramData\McAfee Security Scan => erfolgreich verschoben
"C:\Program Files\Bonjour" => nicht gefunden.

"C:\Program Files (x86)\Spybot - Search & Destroy 2" Ordner verschieben:

Konnte nicht verschoben werden "C:\Program Files (x86)\Spybot - Search & Destroy 2" => ist geplant bei Neustart verschoben zu werden.

C:\Users\Thomas Keune\AppData\Local\13d278f4 => erfolgreich verschoben
C:\Windows\System32\Drivers\etc\hosts => erfolgreich verschoben
Hosts erfolgreich wiederhergestellt.

=========== EmptyTemp: ==========

BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 28449579 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 341979 B
Edge => 587 B
Chrome => 0 B
Firefox => 109840884 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 16674 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 228211 B
NetworkService => 336372 B
Thomas Keune => 106727827 B
DefaultAppPool => 33058 B

RecycleBin => 8101224 B
EmptyTemp: => 242.3 MB temporäre Dateien entfernt.

================================

Ergebnis der geplanten Datei-Verschiebungen (Start-Modus: Normal) (Datum&Uhrzeit: 23-02-2017 06:52:58)

C:\Program Files (x86)\Spybot - Search & Destroy 2 => ist erfolgreich verschoben

==== Ende vom Fixlog 06:52:58 ====

zwischendurch Mal ein herzliches Danke!

cosinus · 23.02.2017, 09:42

schön

Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Untersuchen klicken

OhSchreck! · 23.02.2017, 22:10

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 23-02-2017 01
durchgeführt von Thomas Keune (Administrator) auf THOMASKEUNE-PC (23-02-2017 20:14:43)
Gestartet von C:\Users\Thomas Keune\Desktop
Geladene Profile: Thomas Keune (Verfügbare Profile: Thomas Keune)
Platform: Windows 10 Home Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Microsoft) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Realtek) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Program Files (x86)\TVG\OnlineUpdate\OnlineUpdateSvc.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWLan.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
() C:\Program Files (x86)\Music Recorder\Music Recorder 2016\AudialsNotifier.exe
(Oracle Corporation) C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2start.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [8154184 2017-02-06] (Emsisoft Ltd)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-10-14] (Microsoft Corporation)
HKLM-x32\...\Run: [%RunKey%] => C:\Program Files (x86)\FRITZ!vox\FRITZ!vox.exe [1515520 2007-07-26] (AVM Berlin)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2014-03-18] (shbox.de)
HKLM-x32\...\Run: [SDTray] => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\Run: [AudialsNotifier] => C:\Program Files (x86)\Music Recorder\Music Recorder 2016\AudialsNotifier.exe [4535192 2016-07-01] ()
HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-21] (Piriform Ltd)
HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\RunOnce: [Uninstall C:\Users\Thomas Keune\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Thomas Keune\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64"
HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\Policies\system: [DisableLockWorkstation] 0
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-12-13] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-12-13] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-12-13] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-12-13] (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Das Telefonbuch Browserlösung.lnk [2016-01-13]
ShortcutTarget: Das Telefonbuch Browserlösung.lnk -> C:\Program Files (x86)\TVG\DasTelefonbuch Deutschland\http_tfd.exe (TVG Telefon-und Verzeichnisverlag GmbH & Co. KG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FriFax32 - Verknüpfung.lnk [2012-04-15]
ShortcutTarget: FriFax32 - Verknüpfung.lnk -> C:\Program Files (x86)\FRITZ!\FriFax32.exe (AVM Berlin)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\JFritz.lnk [2017-01-04]
ShortcutTarget: JFritz.lnk -> C:\Program Files (x86)\JFritz2\jfritz.exe ()
Startup: C:\Users\Thomas Keune\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jfritz.jar - Verknüpfung.lnk [2017-01-17]
ShortcutTarget: jfritz.jar - Verknüpfung.lnk -> C:\Program Files (x86)\JFritz2\jfritz.jar ()

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

ProxyEnable: [S-1-5-21-4016997756-889063991-563976297-1000] => Proxy ist aktiviert.
ProxyServer: [S-1-5-21-4016997756-889063991-563976297-1000] => http=127.0.0.1:8082;https=127.0.0.1:8082
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{5d1d9579-e842-492c-88e3-58021255ae65}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{d7841ead-ff00-46b7-9c07-9808ea9293f2}: [DhcpNameServer] 192.168.178.1
ManualProxies: 1http=127.0.0.1:8082;https=127.0.0.1:8082

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4016997756-889063991-563976297-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-14] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-14] (Oracle Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2010-05-28] (Hewlett-Packard Co.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-14] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-14] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2010-05-28] (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Recorder Toolbar - {120A8821-2BEE-4C29-BCDA-62C577781992} - C:\Program Files (x86)\MedienTeam66\MP3 Recorder for YouTube\IEPlugin.dll [2011-12-29] (MedienTeam66)
Toolbar: HKLM-x32 - NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files (x86)\Xi\NetXfer\NXToolBar.dll [2010-11-07] (Xi)
Toolbar: HKU\S-1-5-21-4016997756-889063991-563976297-1000 -> Kein Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  Keine Datei
DPF: HKLM-x32 {39ED5386-A900-4D6C-B564-20BFDE5402CF} hxxp://www.medion.com/de/service/download/MEDION_Treibersuche.ocx
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF ProfilePath: C:\Users\Thomas Keune\AppData\Roaming\Mozilla\Firefox\Profiles\1t3lmzvm.default-1486818187624 [2017-02-23]
FF Homepage: Mozilla\Firefox\Profiles\1t3lmzvm.default-1486818187624 -> google.de/
FF NetworkProxy: Mozilla\Firefox\Profiles\1t3lmzvm.default-1486818187624 -> type", 4
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\Thomas Keune\AppData\Roaming\Mozilla\Firefox\Profiles\1t3lmzvm.default-1486818187624\features\{db31db75-02c4-4c1f-8046-7897fc843a9b}\disableSHA1rollout@mozilla.org.xpi [2017-02-19]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-03-09] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox
FF Extension: (Freemake Video Downloader Plugin) - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox [2014-03-13] [ist nicht signiert]
FF HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-28] ()
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-14] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [Keine Datei]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [Keine Datei]
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [Keine Datei]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-28] ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Windows\system32\C2MP\npdivx32.dll [Keine Datei]
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-14] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-01-20] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-01-20] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [9483200 2017-02-06] (Emsisoft Ltd)
R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [514128 2012-03-19] (REINER SCT)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [41576 2016-10-24] (Dropbox, Inc.)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [8704 2011-11-17] (Microsoft) [Datei ist nicht signiert]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [Datei ist nicht signiert]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-02-08] (Hewlett-Packard) [Datei ist nicht signiert]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [464440 2017-01-20] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-12] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-01-20] (NVIDIA Corporation)
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1716264 2014-04-17] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-04-17] (pdfforge GmbH)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-02-08] (Hewlett-Packard) [Datei ist nicht signiert]
R2 Realtek11nSU; C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) [Datei ist nicht signiert]
R2 TVGOnlineUpdateSvc; C:\Program Files (x86)\TVG\OnlineUpdate\OnlineUpdateSvc.exe [401256 2015-02-09] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S2 DigitalWave.Update.Service; "C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe" [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 cjusb; C:\Windows\system32\DRIVERS\cjusb.sys [34672 2011-03-29] (REINER SCT)
R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [124552 2016-11-23] (Emsisoft Ltd)
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [39248 2012-06-09] (Paragon Software Group)
R1 HssDRV6; C:\Windows\system32\DRIVERS\hssdrv6.sys [46280 2013-02-22] (AnchorFree Inc.)
S3 IAMTVE; C:\Windows\system32\drivers\IAMTVE.sys [43416 2010-12-17] (Intel Corporation)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2017-02-23] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvmoi.inf_amd64_bab0214c8bd45ad2\nvlddmkm.sys [14427064 2017-01-21] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-01-20] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [46016 2017-01-20] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57792 2017-01-20] (NVIDIA Corporation)
R3 taphss6; C:\Windows\System32\drivers\taphss6.sys [42184 2013-01-20] (Anchorfree Inc.)
R1 UimBus; C:\Windows\System32\drivers\uimx64.sys [90960 2012-06-09] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633296 2012-06-09] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [389968 2012-06-09] (Paragon)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U3 aspnet_state; kein ImagePath
S3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-02-23 20:14 - 2017-02-23 20:16 - 00025153 _____ C:\Users\Thomas Keune\Desktop\FRST.txt
2017-02-23 20:12 - 2017-02-23 20:13 - 02423296 _____ (Farbar) C:\Users\Thomas Keune\Desktop\FRST64.exe
2017-02-23 20:01 - 2017-02-23 20:02 - 01312508 _____ C:\Windows\Minidump\022317-29546-01.dmp
2017-02-23 20:01 - 2017-02-23 20:01 - 535110658 _____ C:\Windows\MEMORY.DMP
2017-02-23 06:47 - 2017-02-23 06:52 - 00015687 _____ C:\Users\Thomas Keune\Desktop\Fixlog.txt
2017-02-22 21:33 - 2017-02-22 21:33 - 00000000 ____D C:\Users\Thomas Keune\AppData\Local\CrashRpt
2017-02-22 11:07 - 2017-02-22 11:07 - 00000000 ____D C:\Users\Thomas Keune\Downloads\Notfall_DVD_10_Free
2017-02-22 08:32 - 2017-02-22 11:12 - 00000000 ____D C:\KVRT_Data
2017-02-22 08:25 - 2017-02-22 08:32 - 109283160 _____ (Kaspersky Lab ZAO) C:\Users\Thomas Keune\Downloads\KVRT.exe
2017-02-22 08:21 - 2017-02-22 08:40 - 1310308696 _____ C:\Users\Thomas Keune\Downloads\Notfall_DVD_10_Free.zip
2017-02-22 07:08 - 2017-02-22 07:08 - 00006046 _____ C:\Users\Thomas Keune\Documents\cc_20170222_070843.reg
2017-02-21 21:52 - 2017-02-21 21:53 - 106623920 _____ (Microsoft Corporation) C:\Users\Thomas Keune\Downloads\msoloc2010-kb2956076-fullfile-x86-glb.exe
2017-02-21 21:48 - 2017-02-21 21:49 - 01405520 _____ (Microsoft Corporation) C:\Users\Thomas Keune\Downloads\exppdf2010-kb3055047-fullfile-x86-glb.exe
2017-02-21 20:20 - 2017-02-21 20:21 - 00848064 _____ (IDG Magazine Media GmbH ) C:\Users\Thomas Keune\Downloads\pcwFixWindowsUpdate.exe
2017-02-21 06:17 - 2017-02-21 06:17 - 00000000 ____D C:\Users\Thomas Keune\Documents\Virensuche
2017-02-21 06:01 - 2017-02-21 06:15 - 00086974 _____ C:\TDSSKiller.3.1.0.12_21.02.2017_06.01.19_log.txt
2017-02-20 23:15 - 2017-02-20 23:21 - 00087644 _____ C:\TDSSKiller.3.1.0.12_20.02.2017_23.15.34_log.txt
2017-02-20 21:24 - 2017-02-21 06:30 - 148750096 _____ (Microsoft Corporation) C:\Users\Thomas Keune\Downloads\msert(1).exe
2017-02-20 18:12 - 2017-02-21 05:53 - 00000000 ____D C:\Users\Thomas Keune\AppData\Local\ESET
2017-02-20 18:11 - 2017-02-20 18:12 - 06776960 _____ (ESET spol. s r.o.) C:\Users\Thomas Keune\Downloads\ESETOnlineScanner_DEU.exe
2017-02-20 18:09 - 2017-02-20 18:09 - 00054620 _____ C:\Users\Thomas Keune\Documents\cc_20170220_180907.reg
2017-02-20 17:53 - 2017-02-20 17:53 - 00000000 ____D C:\Program Files (x86)\ESET
2017-02-20 17:32 - 2017-02-20 17:52 - 02870984 _____ (ESET) C:\Users\Thomas Keune\Downloads\esetsmartinstaller_deu.exe
2017-02-20 17:10 - 2017-02-22 11:50 - 00000632 _____ C:\Users\Thomas Keune\Desktop\JRT.txt
2017-02-20 17:01 - 2017-02-20 17:04 - 01663040 _____ (Malwarebytes) C:\Users\Thomas Keune\Downloads\JRT.exe
2017-02-20 16:41 - 2017-02-22 11:35 - 00000000 ____D C:\AdwCleaner
2017-02-20 16:40 - 2017-02-20 16:41 - 04015056 _____ C:\Users\Thomas Keune\Downloads\AdwCleaner_6.043.exe
2017-02-20 09:23 - 2017-02-22 21:11 - 00000000 ____D C:\Windows\Microsoft Antimalware
2017-02-20 09:02 - 2017-02-20 09:04 - 47683808 _____ (Microsoft Corporation) C:\Users\Thomas Keune\Downloads\Windows-KB890830-x64-V5.44.exe
2017-02-16 08:33 - 2017-02-16 08:49 - 00087426 _____ C:\TDSSKiller.3.1.0.12_16.02.2017_08.33.24_log.txt
2017-02-15 16:36 - 2017-02-15 16:41 - 00087434 _____ C:\TDSSKiller.3.1.0.12_15.02.2017_16.36.49_log.txt
2017-02-15 16:32 - 2017-02-15 16:35 - 00010384 _____ C:\TDSSKiller.3.1.0.12_15.02.2017_16.32.33_log.txt
2017-02-15 15:12 - 2017-02-15 16:32 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Thomas Keune\Desktop\tdsskiller.exe
2017-02-15 15:12 - 2017-02-15 15:13 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Thomas Keune\Desktop\mbar-1.09.3.1001.exe
2017-02-15 09:25 - 2017-02-15 09:25 - 00000000 ____D C:\Users\Thomas Keune\AppData\Local\Chromium
2017-02-15 09:23 - 2017-01-20 19:39 - 00156608 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2017-02-15 09:23 - 2017-01-20 19:39 - 00124352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-02-15 09:23 - 2017-01-20 19:39 - 00057792 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2017-02-15 09:23 - 2017-01-20 14:36 - 00001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2017-02-15 08:36 - 2017-02-15 10:52 - 253966464 _____ C:\Users\Thomas Keune\Downloads\avira_antivirus_de-de.exe
2017-02-15 08:34 - 2017-02-15 08:34 - 02983904 _____ (Avira Operations GmbH & Co. KG) C:\Users\Thomas Keune\Downloads\avira_registry_cleaner_de(2).exe
2017-02-15 08:33 - 2017-02-15 12:24 - 02983904 _____ (Avira Operations GmbH & Co. KG) C:\Users\Thomas Keune\Downloads\avira_registry_cleaner_de(1).exe
2017-02-14 22:24 - 2017-02-14 22:24 - 00681536 _____ (O&O Software GmbH) C:\Users\Thomas Keune\Downloads\OOSU10.exe
2017-02-14 20:58 - 2017-02-23 20:14 - 00000000 ____D C:\FRST
2017-02-14 17:49 - 2017-02-14 18:16 - 00000000 ____D C:\ProgramData\Emsisoft
2017-02-14 17:49 - 2017-02-14 17:49 - 00000901 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2017-02-14 17:48 - 2017-02-23 20:08 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2017-02-14 17:45 - 2017-02-14 17:48 - 242868632 _____ (Emsisoft Ltd. ) C:\Users\Thomas Keune\Downloads\EmsisoftAntiMalwareSetup(1).exe
2017-02-14 17:32 - 2017-02-14 17:32 - 00108673 _____ C:\Users\Thomas Keune\Desktop\EmsiClean_2017.02.14_17.32.26.txt
2017-02-14 17:31 - 2017-02-14 17:31 - 00641240 _____ (Emsisoft Ltd) C:\Users\Thomas Keune\Desktop\emsiclean.exe
2017-02-14 16:51 - 2017-02-14 16:51 - 00000000 __SHD C:\found.001
2017-02-14 15:38 - 2017-02-14 16:00 - 242868632 _____ (Emsisoft Ltd. ) C:\Users\Thomas Keune\Downloads\EmsisoftAntiMalwareSetup.exe
2017-02-14 10:31 - 2017-02-14 10:31 - 04713984 _____ (Geza Kovacs) C:\Users\Thomas Keune\Downloads\unetbootin-windows-625.exe
2017-02-14 10:07 - 2017-02-20 16:49 - 00000000 ____D C:\ProgramData\Lavasoft
2017-02-14 10:07 - 2017-02-14 10:15 - 702468096 _____ C:\Users\Thomas Keune\Downloads\rescue916-system.iso
2017-02-14 09:35 - 2017-02-14 09:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2017-02-14 09:31 - 2017-02-14 09:31 - 00000000 __RHD C:\MSOCache
2017-02-14 08:55 - 2017-02-15 09:24 - 00003884 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-14 08:55 - 2017-02-15 09:23 - 00003894 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-14 08:55 - 2017-02-15 09:23 - 00003866 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-14 08:55 - 2017-02-15 09:23 - 00003858 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-14 08:55 - 2017-02-15 09:23 - 00003696 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-14 08:55 - 2017-02-15 09:23 - 00003654 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-14 08:54 - 2017-02-14 08:54 - 00002170 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2017-02-14 08:54 - 2017-01-20 15:07 - 00134080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-02-14 08:53 - 2017-02-14 08:53 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-14 08:53 - 2017-01-20 17:38 - 00514616 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2017-02-14 08:53 - 2017-01-20 17:38 - 00420408 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2017-02-14 08:53 - 2017-01-20 16:13 - 00548800 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2017-02-14 08:53 - 2017-01-20 16:13 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2017-02-14 08:53 - 2017-01-20 15:07 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2017-02-14 08:53 - 2016-12-16 01:33 - 00273696 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-02-14 08:53 - 2016-12-16 01:33 - 00266528 _____ C:\Windows\system32\vulkan-1.dll
2017-02-14 08:53 - 2016-12-16 01:33 - 00111392 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-02-14 08:53 - 2016-12-16 01:32 - 00125728 _____ C:\Windows\system32\vulkaninfo.exe
2017-02-14 08:50 - 2017-01-24 01:00 - 00047664 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 40192056 _____ C:\Windows\system32\nvcompiler.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 35272760 _____ C:\Windows\SysWOW64\nvcompiler.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 34974656 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 28239928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 19008576 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 14677272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 11123936 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 11019192 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 09308896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 08990584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 04079032 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 03597640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 03167288 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 02715072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 01985080 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437849.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 01591352 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437849.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 01051584 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 00988608 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 00960568 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 00909760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 00687224 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 00576192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2017-02-14 08:50 - 2017-01-20 17:38 - 00000669 _____ C:\Windows\system32\nv-vk64.json
2017-02-14 08:46 - 2017-02-14 09:01 - 04581024 _____ (Avira Operations GmbH & Co. KG) C:\Users\Thomas Keune\Downloads\avira_de_isec0_58a2b5e13e36d__wsd.exe
2017-02-14 08:34 - 2017-02-14 08:34 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-02-14 08:33 - 2017-02-14 08:46 - 398382600 _____ (NVIDIA Corporation) C:\Users\Thomas Keune\Downloads\378.49-desktop-win10-64bit-international-whql.exe
2017-02-14 08:27 - 2017-02-14 08:28 - 00739392 _____ (Oracle Corporation) C:\Users\Thomas Keune\Downloads\JavaSetup8u121.exe
2017-02-14 08:24 - 2017-02-14 08:23 - 00110144 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll
2017-02-14 08:21 - 2017-02-14 08:21 - 01181390 _____ C:\Users\Thomas Keune\Documents\cc_20170214_082136.reg
2017-02-13 21:53 - 2017-02-13 21:53 - 01201256 _____ (Adobe Systems Incorporated) C:\Users\Thomas Keune\Downloads\flashplayer24au_ha_install(1).exe
2017-02-13 21:19 - 2017-02-13 21:27 - 00000000 ____D C:\Users\Thomas Keune\Downloads\CHIP_Update_Pack_Windows_10_64_Bit_Jan
2017-02-13 20:21 - 2017-02-13 21:19 - 160718565 _____ C:\Users\Thomas Keune\Downloads\CHIP_Update_Pack_Windows_10_64_Bit_Jan.zip
2017-02-13 16:14 - 2017-02-13 16:14 - 00000000 ____D C:\$WINDOWS.~BT
2017-02-13 13:33 - 2017-02-13 13:33 - 00000000 ___HD C:\$SysReset
2017-02-10 08:41 - 2017-02-15 09:23 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-03 18:55 - 2017-02-03 19:24 - 63184896 _____ C:\Users\Thomas Keune\Downloads\calibre-2.78.0.msi
2017-02-03 14:58 - 2017-02-03 14:58 - 00035784 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2017-02-03 09:06 - 2017-02-03 09:06 - 00000000 ____D C:\Users\Thomas Keune\Downloads\MediathekView-13.0.1
2017-02-03 09:05 - 2017-02-03 09:05 - 27674457 _____ C:\Users\Thomas Keune\Downloads\MediathekView-13.0.1.zip
2017-01-31 21:15 - 2017-01-31 21:15 - 00082348 _____ C:\Users\Thomas Keune\Downloads\CheapTickets.de - E-ticket CDE-3125487.zip
2017-01-31 21:15 - 2017-01-31 21:15 - 00042295 _____ C:\Users\Thomas Keune\Downloads\CheapTickets.de - Bestätigung Ihrer Reservierung CDE-3125487.zip
2017-01-31 21:11 - 2017-01-31 21:11 - 00050990 _____ C:\Users\Thomas Keune\Downloads\JP793, FRA-TIA, 17NOV16, 08_55, GTB59, S13A, Mobile Boarding Pass.zip
2017-01-28 11:16 - 2016-12-21 08:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2017-01-28 11:16 - 2016-12-21 05:44 - 00120320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2017-01-26 11:31 - 2017-01-26 11:31 - 01995824 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437667.dll
2017-01-26 11:31 - 2017-01-26 11:31 - 01600048 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437667.dll

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-02-23 20:14 - 2016-11-22 15:29 - 00000000 ____D C:\Users\Thomas Keune\AppData\LocalLow\Mozilla
2017-02-23 20:08 - 2016-10-14 03:32 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-23 20:06 - 2012-04-15 16:43 - 00000000 ____D C:\Users\Thomas Keune\AppData\Roaming\JFritz
2017-02-23 20:05 - 2011-12-29 14:27 - 00000000 ____D C:\Users\Thomas Keune\AppData\Local\FreePDF_XP
2017-02-23 20:04 - 2013-04-07 09:21 - 00000000 ____D C:\Users\Thomas Keune\AppData\Local\CrashDumps
2017-02-23 20:01 - 2016-10-21 15:11 - 00000000 ____D C:\Windows\Minidump
2017-02-23 20:01 - 2016-10-14 04:07 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-23 20:01 - 2016-10-14 03:29 - 00000000 ____D C:\Windows\system32\SleepStudy
2017-02-23 08:12 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\LiveKernelReports
2017-02-23 07:19 - 2016-09-20 20:02 - 00000000 ____D C:\Users\Thomas Keune\Documents\Scheidung-Alida
2017-02-23 07:18 - 2014-10-25 13:22 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-23 06:48 - 2016-07-16 07:04 - 01310720 _____ C:\Windows\system32\config\BBI
2017-02-23 06:47 - 2012-08-07 12:08 - 00000000 ____D C:\Users\Thomas Keune\AppData\LocalLow\Temp
2017-02-22 22:05 - 2016-07-16 12:36 - 00000000 ____D C:\Windows\CbsTemp
2017-02-22 21:37 - 2016-11-07 11:48 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-22 21:15 - 2016-07-16 12:45 - 00000000 ____D C:\Windows\INF
2017-02-21 20:54 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\system32\NDF
2017-02-21 18:37 - 2011-12-24 10:35 - 00000000 ____D C:\Users\Thomas Keune\AppData\Local\FRITZ!
2017-02-21 06:53 - 2015-02-14 12:52 - 00000000 ____D C:\Users\Thomas Keune\Documents\Visaanträge
2017-02-21 05:59 - 2014-01-14 06:59 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-02-21 05:55 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\AppReadiness
2017-02-21 05:52 - 2014-05-30 08:36 - 00000000 ____D C:\Windows\PixArt
2017-02-20 23:05 - 2011-12-27 09:00 - 00000000 ____D C:\Users\Thomas Keune\AppData\Roaming\DVDVideoSoft
2017-02-20 22:27 - 2011-12-25 13:19 - 00000000 ____D C:\Users\Thomas Keune\Documents\Calibre Library
2017-02-20 16:33 - 2014-01-14 06:58 - 00000000 ____D C:\Users\Thomas Keune\Desktop\mbar
2017-02-20 09:38 - 2011-03-14 15:08 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-19 21:24 - 2016-12-13 20:18 - 00000000 ____D C:\Users\Thomas Keune\Documents\Sicherung VR-Networld
2017-02-19 21:24 - 2011-12-23 20:07 - 00000000 ____D C:\Users\Public\Documents\VR-NetWorld
2017-02-19 20:00 - 2016-01-02 06:52 - 00000000 ____D C:\Users\Thomas Keune\Documents\Bestellungen
2017-02-19 19:10 - 2016-11-09 01:17 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-15 13:44 - 2016-11-06 18:29 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2017-02-15 13:34 - 2016-03-13 16:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-02-15 13:34 - 2015-12-30 11:31 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-15 13:34 - 2014-11-01 17:24 - 00000000 ____D C:\Users\Thomas Keune\AppData\Roaming\Avira
2017-02-15 11:59 - 2016-07-16 07:04 - 00032768 _____ C:\Windows\system32\config\ELAM
2017-02-15 11:58 - 2014-01-13 06:43 - 00000000 ____D C:\Windows\pss
2017-02-15 09:27 - 2016-07-16 23:51 - 01275756 _____ C:\Windows\system32\perfh007.dat
2017-02-15 09:27 - 2016-07-16 23:51 - 00321052 _____ C:\Windows\system32\perfc007.dat
2017-02-15 09:27 - 2016-01-06 20:25 - 02965156 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-15 09:26 - 2015-03-22 15:30 - 00000000 ____D C:\Users\Thomas Keune\AppData\Local\NVIDIA
2017-02-15 09:25 - 2016-10-14 03:31 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-15 09:25 - 2015-03-22 15:31 - 00000000 ____D C:\Users\Thomas Keune\AppData\Local\NVIDIA Corporation
2017-02-15 09:25 - 2015-03-22 15:30 - 00001449 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-02-15 09:23 - 2016-10-14 03:31 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-15 07:49 - 2016-03-22 11:41 - 00000424 _____ C:\Users\Thomas Keune\Desktop\Dieser PC - Verknüpfung.lnk
2017-02-15 07:20 - 2012-10-06 15:01 - 00000000 ____D C:\Users\Thomas Keune\MEDION NAS TOOL
2017-02-14 17:49 - 2013-08-19 14:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2017-02-14 17:16 - 2016-10-14 03:38 - 00000000 ____D C:\Users\Thomas Keune
2017-02-14 14:33 - 2016-07-14 20:03 - 00000000 ____D C:\Users\Thomas Keune\Documents\alida@keune.info
2017-02-14 09:45 - 2016-10-14 03:29 - 00399824 _____ C:\Windows\system32\FNTCACHE.DAT
2017-02-14 08:54 - 2015-03-22 15:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-14 08:43 - 2016-04-09 17:44 - 04734128 _____ (Avira Operations GmbH & Co. KG) C:\Users\Thomas Keune\Downloads\avira_de_avpn0_570931d1a801d__ws.exe
2017-02-14 08:42 - 2016-04-15 07:21 - 04734128 _____ (Avira Operations GmbH & Co. KG) C:\Users\Thomas Keune\Downloads\avira_de_ispm0_3017605605_6e4tda59yy4v1w5mn34a_wd.exe
2017-02-14 08:42 - 2014-10-23 14:38 - 168004048 _____ C:\Users\Thomas Keune\Downloads\avira_antivirus_pro_de.exe
2017-02-14 08:37 - 2013-12-18 09:58 - 00000000 ____D C:\ProgramData\Oracle
2017-02-14 08:34 - 2013-12-18 09:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-02-14 08:33 - 2011-12-25 22:15 - 00000000 ____D C:\Program Files (x86)\Java
2017-02-14 08:23 - 2016-11-06 20:55 - 00000000 ____D C:\Program Files\Java
2017-02-14 08:23 - 2016-02-04 16:09 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2017-02-13 23:02 - 2016-11-06 16:44 - 04479640 _____ (Avira Operations GmbH & Co. KG) C:\Users\Thomas Keune\Downloads\avira_de_asu60_581f4fd2262c1__ws.exe
2017-02-13 23:01 - 2016-11-06 19:19 - 04479640 _____ (Avira Operations GmbH & Co. KG) C:\Users\Thomas Keune\Downloads\avira_de_issudl_581f4fd2262c1__wsd.exe
2017-02-13 22:40 - 2016-04-15 07:29 - 00000000 ____D C:\Users\Thomas Keune\AppData\Local\Avira
2017-02-13 21:30 - 2011-12-26 10:12 - 00000000 ____D C:\Users\Thomas Keune\AppData\Local\ElevatedDiagnostics
2017-02-13 21:29 - 2016-11-08 20:35 - 00000006 _____ C:\ScrubRetValFile.txt
2017-02-13 21:16 - 2015-10-30 19:44 - 00000000 ____D C:\Windows\ShellNew
2017-02-13 16:14 - 2016-10-14 04:26 - 00000000 ___DC C:\Windows\Panther
2017-02-13 16:08 - 2016-10-14 04:09 - 00001908 _____ C:\Windows\diagwrn.xml
2017-02-13 16:08 - 2016-10-14 04:09 - 00001908 _____ C:\Windows\diagerr.xml
2017-02-13 13:46 - 2016-11-22 17:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-02-13 13:46 - 2012-05-04 03:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-12 19:56 - 2016-10-14 03:38 - 00000000 ____D C:\Users\DefaultAppPool
2017-02-12 19:51 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\registration
2017-02-12 18:28 - 2011-12-26 13:36 - 00000000 ____D C:\Users\Thomas Keune\Desktop\Briefe
2017-02-11 14:32 - 2016-12-01 08:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-11 14:03 - 2013-05-19 13:08 - 00000000 ____D C:\Users\Thomas Keune\Desktop\Alte Firefox-Daten
2017-02-10 18:42 - 2016-11-06 10:53 - 00000000 ____D C:\Users\Thomas Keune\Downloads\Musik
2017-02-06 20:48 - 2016-07-16 12:49 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-06 20:48 - 2016-07-16 12:49 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-03 19:59 - 2012-01-21 12:20 - 00000000 ____D C:\Users\Thomas Keune\Documents\Briefe
2017-02-03 19:26 - 2016-11-14 08:37 - 00000000 ____D C:\Program Files (x86)\Calibre2
2017-02-03 19:26 - 2015-07-03 06:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2017-02-03 19:26 - 2014-01-18 10:33 - 00000993 _____ C:\Users\Public\Desktop\calibre - E-book management.lnk
2017-02-03 09:07 - 2014-02-17 09:42 - 00000000 ____D C:\Users\Thomas Keune\.mediathek3
2017-01-31 20:02 - 2016-11-06 10:44 - 00000935 _____ C:\Users\Thomas Keune\Desktop\Video Downloader Ultimate.lnk
2017-01-31 20:02 - 2016-11-06 10:44 - 00000000 _____ C:\Users\Thomas Keune\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video Downloader Ultimate.lnk
2017-01-24 01:00 - 2015-04-16 19:03 - 00217528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2017-01-24 01:00 - 2015-04-16 07:19 - 01600056 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-01-26 19:41 - 2015-12-30 11:29 - 0000000 _____ () C:\Users\Thomas Keune\AppData\Roaming\Basic Synth
2012-04-15 16:43 - 2013-01-14 10:51 - 0000000 _____ () C:\Users\Thomas Keune\AppData\Roaming\JFritz.lock
2012-01-26 12:08 - 2012-01-26 12:08 - 0033134 _____ () C:\Users\Thomas Keune\AppData\Roaming\UserTile.png
2014-10-26 17:51 - 2017-01-02 14:58 - 0003584 _____ () C:\Users\Thomas Keune\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-22 13:03 - 2015-11-22 13:03 - 0000036 _____ () C:\Users\Thomas Keune\AppData\Local\housecall.guid.cache
2017-01-02 23:01 - 2017-01-02 23:01 - 0000600 _____ () C:\Users\Thomas Keune\AppData\Local\PUTTY.RND
2015-04-27 12:44 - 2015-04-27 12:44 - 0002065 _____ () C:\Users\Thomas Keune\AppData\Local\recently-used.xbel
2012-10-11 08:33 - 2016-05-10 05:58 - 0000040 ___SH () C:\ProgramData\.zreglib
2013-02-25 18:01 - 2013-02-25 18:01 - 0000057 _____ () C:\ProgramData\Ament.ini
2016-10-14 03:32 - 2016-10-14 03:32 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2012-01-22 12:40 - 2016-11-07 07:42 - 0006058 _____ () C:\ProgramData\hpzinstall.log
2014-01-26 19:41 - 2015-12-30 11:29 - 0000000 ____H () C:\ProgramData\PKP_DLeo.DAT
2014-01-26 19:42 - 2015-12-30 11:28 - 0000000 ____H () C:\ProgramData\PKP_DLes.DAT
2014-01-26 19:42 - 2016-11-08 19:52 - 0000000 ____H () C:\ProgramData\PKP_DLet.DAT
2014-01-26 19:42 - 2016-11-08 19:52 - 0000000 ____H () C:\ProgramData\PKP_DLev.DAT

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\Thomas Keune\fritzDummy.reg


==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-02-15 08:07

==================== Ende von FRST.txt ============================

OhSchreck! · 23.02.2017, 22:11

Voila

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 23-02-2017 01
durchgeführt von Thomas Keune (23-02-2017 20:17:47)
Gestartet von C:\Users\Thomas Keune\Desktop
Windows 10 Home Version 1607 (X64) (2016-10-14 03:12:07)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-4016997756-889063991-563976297-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4016997756-889063991-563976297-503 - Limited - Disabled)
Gast (S-1-5-21-4016997756-889063991-563976297-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4016997756-889063991-563976297-1002 - Limited - Enabled)
Thomas Keune (S-1-5-21-4016997756-889063991-563976297-1000 - Administrator - Enabled) => C:\Users\Thomas Keune

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Emsisoft Anti-Malware (Enabled - Up to date) {701CB209-EBBC-AADC-11E6-DE73E7AF4C9D}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {CB7D53ED-CD86-A552-2B56-E5019C280620}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
8000A809 (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
8000A809_eDocs (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
8000A809_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
AKVIS Magnifier (HKLM-x32\...\{9FDD51C9-F7AA-40AF-A4FF-0500E45E4A06}) (Version: 5.5.967.8527 - AKVIS)
Ansel (Version: 378.49 - NVIDIA Corporation) Hidden
Apple Application Support (32-Bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version:  - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version:  - AVM Berlin)
AVM FRITZ!Box Monitor (HKLM-x32\...\AVMFBoxMonitor) (Version:  - AVM Berlin)
AVM FRITZ!fax für FRITZ!Box (HKLM-x32\...\FRITZ! 2.0) (Version:  - AVM Berlin)
AVM FRITZ!vox (HKLM-x32\...\AVMFBoxAnswerMachine) (Version:  - AVM Berlin)
AVM ISDN TAPI Services for CAPI (HKLM-x32\...\AVM ISDN TAPI Services) (Version:  - )
BMWi-Businessplaner Gründung (HKLM-x32\...\BMWiBusinessplanerGruenden) (Version: 1.0.1 - UNKNOWN)
BMWi-Businessplaner Gründung (x32 Version: 1.0.1 - UNKNOWN) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
calibre (HKLM-x32\...\{BDE6D02A-86B7-4D4C-8248-7705C1C0CC79}) (Version: 2.78.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform)
chip 1-click download service (HKLM-x32\...\{503CA94E-0834-4CEE-AD92-BA17AF4E809A}) (Version: 3.6.9.0 - Chip Digital GmbH)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
COMPUTER BILD Spionage-Stopper 2017 für Windows 10 (HKLM-x32\...\{F9565211-5480-408D-BC7C-1FE7B8366ACE}_is1) (Version: 2.0.0.1 - pXc-coding.com)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
CoreAAC Audio Decoder (remove only) (HKLM-x32\...\CoreAAC Audio Decoder) (Version:  - )
cyberJack Base Components (HKLM-x32\...\{FC338210-F594-11D3-BA24-00001C3AB4DF}) (Version: 6.10.0 - REINER SCT)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3418 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.)
CyberLink PowerDVD Copy (HKLM-x32\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.3726 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Das Telefonbuch Deutschland (HKLM-x32\...\DasTelefonbuch Deutschland) (Version:  - TVG Telefonbuch- und Verzeichnisverlag GmbH & Co. KG)
DeviceDiscovery (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Dropbox Update Helper (x32 Version: 1.3.51.1 - Dropbox, Inc.) Hidden
Duden-Rechtschreibprüfung (HKLM-x32\...\{BF420B0C-DD5B-4ACD-AD7A-CB8F25CA0D2F}) (Version: 8.0 - Bibliographisches Institut GmbH)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 14.4.20130909 - Landesfinanzdirektion Thüringen)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 2017.1 - Emsisoft Ltd.)
Erinnerung 2.1.0  (HKLM-x32\...\Erinnerung) (Version: 2.1.0 - Paul Finkler)
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
FileZilla Client 3.23.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.23.0.2 - Tim Kosse)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version:  - )
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Gelbe Seiten Deutschland (HKLM-x32\...\Gelbe Seiten Deutschland) (Version:  - )
Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.02) (Version: 9.02 - Artifex Software Inc.)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet Pro 8000 A809 Series (HKLM\...\{A9E695CB-A6AA-4B4C-9754-BA3CFF1C3B00}) (Version: 14.0 - HP)
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{D2D05FDB-4EDA-462D-8DB6-E0B9AD4FA25F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Hilfe (HKLM-x32\...\{FDE820DD-CC88-4395-AD5C-801365B8F316}) (Version: 28.0.0 - Hewlett Packard)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iBackupBot for iTunes 3.6.5 (HKLM-x32\...\iBackupBot for iTunes) (Version: 3.6.5 - VOWSoft, Ltd.)
iCloud (HKLM\...\{29AAC3D3-23FC-496D-8266-0E3833686758}) (Version: 6.0.2.10 - Apple Inc.)
InfoPrint AFP Workbench Viewer (HKLM-x32\...\{EE899171-9FBD-4650-A1C2-A937342B57A9}) (Version: 2.05.04.01 - InfoPrint Solutions Company)
InfoPrint AFP Workbench Viewer (x32 Version: 2.05.04.01 - InfoPrint Solutions Company) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Network Connections 17.4.95.0 (HKLM\...\PROSetDX) (Version: 17.4.95.0 - Intel)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
iTunes (HKLM\...\{2C49F336-2E86-4407-83E2-16AC65598EF4}) (Version: 12.5.3.16 - Apple Inc.)
Java 2 SDK Standard Edition v1.2.2_017 (HKLM-x32\...\Java 2 SDK Standard Edition v1.2.2_017) (Version:  - )
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java SE Development Kit 8 Update 71 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180710}) (Version: 8.0.710.15 - Oracle Corporation)
Java(TM) SE Development Kit 7 Update 2 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170020}) (Version: 1.7.0.20 - Oracle)
JavaFX 2.0.2 (64-bit) (HKLM\...\{1111706F-666A-4037-7777-202648764D10}) (Version: 2.0.2 - Oracle Corporation)
JavaFX 2.0.2 SDK (64-bit) (HKLM\...\{2222706F-666A-4037-7777-202648764D10}) (Version: 2.0.2 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JFritz 0.7.5 Rev. 23 (HKLM-x32\...\{AF5B3ED5-70D3-48CF-A00F-FC29F5261A37}_is1) (Version:  - JFritz Team)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarketResearch (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Medion Home Cinema (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.)
Medion Home Cinema (x32 Version: 8.0.2227 - CyberLink Corp.) Hidden
MEDION NAS TOOL (HKLM-x32\...\MEDION NAS TOOL) (Version:  - MEDION)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Micrografx Picture Publisher 10 (HKLM-x32\...\{04AABF6D-55C5-4779-ABF9-992016E913A2}) (Version: 1.0.0.0 - Micrografx, Inc.)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU  (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU  (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 48.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 de)) (Version: 48.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
Mozilla Thunderbird 45.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.2.0 (x86 de)) (Version: 45.2.0 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSYS2 64bit (HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\{495974d3-70a1-4ee2-8469-589be4831f36}) (Version: 20161025 - The MSYS2 Developers)
Music Recorder (HKLM-x32\...\{DFC20C50-021D-49CA-9790-D608B12722DB}) (Version: 14.1.7200.0 - Audials AG)
Nero CoverDesigner 2017 (HKLM-x32\...\{29102D23-A61D-48BC-876D-449BF9937B62}) (Version: 18.0.00900 - Nero AG)
NetObjects Fusion 12.0 (HKLM-x32\...\{4D15B53C-DACF-4548-929D-137F7FA1B39B}) (Version: 12 German - NetObjects)
NetObjects Fusion 12.0 (x32 Version: 12.00.5000.5041 - NetObjects) Hidden
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
NirSoft VideoCacheView (HKLM-x32\...\NirSoft VideoCacheView) (Version:  - )
Nur Entfernen der CopyTrans Suite möglich (HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\CopyTrans Suite) (Version: 4.002 - WindSolutions)
NVIDIA 3D Vision Controller-Treiber 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 378.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.49 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.3.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.3.0.95 - NVIDIA Corporation)
NVIDIA Grafiktreiber 378.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.49 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.21 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.5.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
Paragon Festplatten Manager™ 2012 Kompakt (HKLM-x32\...\{29258311-EA49-11DE-967C-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDF Architect 2 View Module (HKLM-x32\...\{3DA20A12-AD9F-4A75-8A6F-5204EEB94359}) (Version: 2.0.5.16319 - pdfforge GmbH)
PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio)
PhotoFiltre 7 (HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\PhotoFiltre 7) (Version:  - )
Pinnacle Instant DVD Recorder (HKLM-x32\...\{C1212AE3-DBB9-4365-8473-F8ABC7B06BBB}) (Version: 2.5.0.092 - Pinnacle Systems)
Pinnacle Video Treiber (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.029 - Pinnacle Systems)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polaroid Dust and Scratch Removal v1.0.0.15.2e (HKLM-x32\...\{7B03B4E6-E3F9-11D5-B9D9-00D0B75C082C}) (Version: Polaroid Polaroid Dust and Scratch Removal v1.0.0.15.2e - Polaroid Corporation)
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Prerequisite installer (x32 Version: 18.0.0003 - Nero AG) Hidden
ProductContext (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Readiris Pro 15 (HKLM-x32\...\{04C206EA-E327-4291-B54F-65EF89D94B3A}) (Version: 15.01.6224 - I.R.I.S.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.65.1025.2012 - Realtek)
REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}) (Version: 1.00.0187 - REALTEK Semiconductor Corp.)
Recover Keys (HKLM-x32\...\Recover Keys_is1) (Version: 9.0.3.168 - Recover Keys)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.28.1 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.28.1 - Renesas Electronics Corporation) Hidden
Rx Compensator (HKLM-x32\...\ST6UNST #1) (Version:  - )
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
ScanSoft PaperPort Viewer 7.0 (HKLM-x32\...\ScanSoft PaperPort Viewer 7.0) (Version:  - )
Security-Plugins-Chipcard (HKLM-x32\...\SecurityPluginsChipcard) (Version: 2.6.4.0 - PPI AG, Hamburg, Germany)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
SmartDraw 2013 (HKLM-x32\...\SmartDraw 2013) (Version:  - SmartDraw, LLC)
SmartWebPrinting (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
Studie zur Verbesserung von HP Officejet Pro 8600 Produkten (HKLM\...\{B9824225-2055-4700-BCD4-64B25EC88264}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.86.105304 - SugarSync, Inc.)
SUPER (C) v2016.Build.70+3D+Recorder Version released on (2016/ (HKLM-x32\...\{FF00DB05-B936-4B9A-B41B-1780A23D6050}_is1) (Version: released on (2016/12/15), - eRightSoft)
SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
System Requirements Lab for Intel (HKLM-x32\...\{63B7AC7E-0178-4F4F-A79B-08D97ADD02D7}) (Version: 4.5.11.0 - Husdawg, LLC)
Telescope Driver (HKLM-x32\...\{B2920232-19DA-44FC-835F-68E427EAE2CE}) (Version: 10.30.09 - PixArt)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.01 - Ghisler Software GmbH)
TrayApp (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (HKLM-x32\...\{241E7104-937A-4366-AD57-8FDDDB003939}) (Version: 15.4.5722.2 - Microsoft Corporation)
Versandhelfer (HKLM-x32\...\dpdhl.versandhelfer.medionpc.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1) (Version: 0.9.511 - Deutsche Post AG)
Versandhelfer (x32 Version: 0.9.511 - Deutsche Post AG) Hidden
Video DVD Maker v3.32.0.80 (HKLM-x32\...\{1A3E23D7-7A1E-43EC-B35D-EB2A31BED943}) (Version:  - )
VideoDownloaderUltimate (HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\VideoDownloaderUltimateWinApp) (Version: 1.0.1.98 - Link64)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VR-NetWorld (HKLM-x32\...\{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}) (Version:  - )
Vulkan Run Time Libraries 1.0.37.0 (HKLM\...\VulkanRT1.0.37.0) (Version: 1.0.37.0 - LunarG, Inc.)
WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
WinAVI iPhone Data Recovery (HKLM-x32\...\WinAVI iPhone Data Recovery) (Version: 1.2.0.1085 - WinAVI Software Ltd.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation)
Winmail Opener 1.4 (HKLM-x32\...\Winmail Opener) (Version: 1.4 - Eolsoft)
zebNet® Backup for Thunderbird® Free Edition 1.0.1.0 (HKLM\...\{9286F0E0-0A38-4B3C-AB46-5DCC49A2E997}) (Version: 1.0.1.0 - zebNet® Ltd)
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0093112F-88E6-45ED-BCAD-AF7548316A28} - System32\Tasks\{30F47FBD-E9AA-4830-82E7-A91F8A356A47} => C:\Users\Thomas Keune\Downloads\AdobeDownloadAssistant.exe 
Task: {0387743C-AF26-4336-88C9-BC4BBAB2116C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-02-20] (Microsoft Corporation)
Task: {04539A0F-7FB5-4F42-A848-8F192EB28D7B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe 
Task: {09450F48-8AAF-4ACD-A50F-D653784E7DA4} - System32\Tasks\{D642B5D6-EA45-4700-922F-E23876D3FB65} => pcalua.exe -a E:\FSetup.exe -d E:\
Task: {0C603520-E6AD-4055-996E-0CF570DF31BD} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe 
Task: {0D09DC82-F70F-419F-9BC2-03F6032DAFA3} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-20] (NVIDIA Corporation)
Task: {0DCB9430-19AE-4A3D-8CE8-BA5E643E92F6} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {0F973C20-8635-4934-A736-5FEBCB8A2CB6} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-20] (NVIDIA Corporation)
Task: {13F1A64F-86BF-4734-AA03-E99DD16E3D88} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {1747F6FA-A083-4959-B97D-876863E794B2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {189877C2-B588-49E0-A7C8-41D10F0EDE8D} - System32\Tasks\{FDDA34B2-8198-4284-9B20-F7BAF40CFEDB} => pcalua.exe -a "C:\Users\Thomas Keune\Downloads\PinnacleInstantDVDRecorderSetup_2.6.1.127.exe" -d "C:\Program Files (x86)\Mozilla Thunderbird"
Task: {19895852-25E1-412D-9DE9-BAED34BFBBCF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe 
Task: {19C81672-4514-45F8-8774-0E0E7C195871} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {2D44F6A2-874F-4D7A-AFB5-CB43B0685B17} - System32\Tasks\{DAB1E480-3AD5-4504-87BC-FF354AD1C780} => pcalua.exe -a "C:\Users\Thomas Keune\Downloads\TAPI_Services_for_CAPI_02.03.01_Deutsch(2).exe" -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {2DECBEC1-4174-4022-A7B5-3B002C60F230} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-21] (Piriform Ltd)
Task: {3098B355-30B4-43C8-8A3B-5365B996B33E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {32393DCB-3FBA-4600-8FDE-6B8EBB4FDEF8} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe 
Task: {32AAD558-1F1F-485B-BC7E-8A13025209D2} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {35DB159B-E719-4F8F-985E-3BFDC4F09474} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {3E563C68-3A90-46C5-9894-075027184440} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {40AE0875-6A3A-4187-A791-4A516200E8F6} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe 
Task: {433E3C53-9AA2-4D67-8F3F-DEB070589A33} - System32\Tasks\{329A0C86-ED7D-4E05-976B-6F2749FECAB9} => pcalua.exe -a "C:\Users\Thomas Keune\Downloads\ipsafpwb.exe" -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {47C5A85C-370A-4159-B991-CF8B1C126060} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {51F93248-2E61-4D5B-840C-B5BEE104930A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe 
Task: {58D8B644-6E26-4F1F-9230-E9B75F8E6CEB} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {5930BCBE-C3A4-443F-BE59-A83F6BC676F5} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-20] (NVIDIA Corporation)
Task: {5CCB5A8B-D7AA-42DA-8CA7-325542EF34DD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {5E97DC8F-37A7-458F-B904-651ABB5F351E} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {66F7007C-23BB-41D5-88FE-CF9A316CB5EC} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {67CB22B4-F086-4383-B13D-E94C730B2103} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe 
Task: {7266853E-A3EF-459A-A0A6-1C6D22458251} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe 
Task: {72B5E694-FF35-4EAC-A046-0255788C68A4} - System32\Tasks\hpUrlLauncher.exe_{7E5FE76F-C2EE-43C4-8219-B358A2EE7A7D} => C:\Program Files\HP\HP Officejet Pro 8600\Bin\utils\hpUrlLauncher.exe 
Task: {7874B0A5-0BA3-426C-B6EB-1856A0E0B290} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {7FD2BD48-7BA5-403E-97DF-74B6F95114F0} - kein Dateipfad
Task: {7FF5F145-A3F7-45FF-962E-CE306A7B6AE2} - System32\Tasks\{7BCECF0B-5759-4206-8FD1-B99820F1F36B} => pcalua.exe -a "C:\Users\Thomas Keune\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FEMJGEKP\avira_antivirus_premium_de.exe" -d "C:\Users\Thomas Keune\Desktop"
Task: {802CE256-8C02-420C-89E8-2668DC9A7500} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-01-20] (NVIDIA Corporation)
Task: {8153B878-09A6-462E-8799-1982C9CA672C} - System32\Tasks\{3DADCE68-CE29-4E5D-832B-82476A712850} => pcalua.exe -a "C:\Users\Thomas Keune\Downloads\Install_CopyTrans_Suite.exe" -d "C:\Users\Thomas Keune\Downloads"
Task: {83958D56-FCA1-4A3C-B097-8D2C9AE2D185} - System32\Tasks\{54B05DA1-AEBC-4B06-9313-2976C9FFDBF2} => C:\Users\Thomas Keune\Downloads\AdobeDownloadAssistant.exe 
Task: {85DE3961-A449-47F3-A07D-CC0C7581A457} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {8673C3EC-74BC-4BB0-8D80-A9CCB81579A0} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {9084FBAE-B621-470F-94BB-C41175A8BE60} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe 
Task: {9F157C3B-30B9-4B3D-8491-D4B139839E80} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-20] (NVIDIA Corporation)
Task: {A0A7E08F-1B02-40AA-A725-93FA18344624} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {A33913F9-8774-4BD8-8AB2-4DEDF30616B7} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe 
Task: {A3600956-51E6-4A6C-AA75-791CEB3003C6} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {ADB74AA7-7A4F-4807-B8ED-ABF3153BB0D4} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe 
Task: {AEF9CE6F-450B-4B31-BA3C-49A01002501E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {B591A7EF-4CF8-4531-8FDB-2C18CB39ECDF} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe 
Task: {B5B16780-1FFC-4563-855D-FD8E4E4D78FF} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe 
Task: {BC3F5B30-E1CD-4F47-B936-E977AFD41F11} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe 
Task: {BDB65469-DA1B-46BD-971C-13392055ADD5} - System32\Tasks\{2E82D357-A251-4790-899F-47464FEFD543} => pcalua.exe -a "C:\Program Files (x86)\REINER SCT\cyberJack\SetupZkaSig.exe" -c /d
Task: {C1A5909A-2597-467A-8A2E-B7E05E6C7139} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-01-20] (NVIDIA Corporation)
Task: {D955AFC3-9C15-4CAD-9EDB-3E510FCED431} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-28] (Adobe Systems Incorporated)
Task: {DC2A1FE1-85B4-4163-B1E6-740AF21B4BA3} - System32\Tasks\{0DCEE5B7-A88F-4328-8395-2C19EAF6E9E7} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {DF9251A9-DED0-459C-B5B5-FE1C13B56D91} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {EBCA6BE0-93D7-4BB1-A692-3A5C12C807D2} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {ECD598FA-804D-4DC8-9EC7-245939254043} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {EE96219E-0F3D-46B3-98E0-04C79F77CC7A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {EF6381FD-6139-4481-AE36-A7A6DB4D3029} - System32\Tasks\{4D10A259-15B0-45A4-BF14-755D0970BDA6} => pcalua.exe -a "C:\Program Files (x86)\JAR2EXE Converter\JAR2EXE Converter.exe"
Task: {FBB20570-BF1E-407B-8E8F-681182187B47} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {FF816E96-1B9D-42E4-A663-934AADE5F6C3} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-12-14 22:08 - 2016-12-09 11:29 - 02681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2017-02-14 08:53 - 2017-01-20 16:13 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-12-24 10:33 - 2006-02-23 11:35 - 00020480 _____ () C:\Windows\System32\FritzColorPort64.dll
2011-12-24 10:33 - 2006-02-22 10:39 - 00020480 _____ () C:\Windows\System32\FritzPort64.dll
2011-12-29 14:22 - 2010-06-17 21:56 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2017-02-14 08:55 - 2017-01-20 19:39 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2017-02-14 08:55 - 2017-01-20 19:39 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-01-13 11:40 - 2015-02-09 12:36 - 00401256 _____ () C:\Program Files (x86)\TVG\OnlineUpdate\OnlineUpdateSvc.exe
2016-12-14 22:08 - 2016-12-09 11:29 - 02681200 _____ () C:\Windows\SYSTEM32\CoreUIComponents.dll
2016-10-14 15:37 - 2016-10-14 15:37 - 00959168 _____ () C:\Users\Thomas Keune\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-12-06 17:17 - 2016-12-06 17:17 - 00052400 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2016-10-14 04:18 - 2016-10-14 04:18 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-17 16:14 - 2016-12-21 08:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-17 16:13 - 2016-12-21 07:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-17 16:13 - 2016-12-21 07:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-17 16:13 - 2016-12-21 07:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-17 16:13 - 2016-12-21 07:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-17 16:13 - 2016-12-21 07:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-17 16:14 - 2016-12-21 07:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-07-01 03:39 - 2016-07-01 03:39 - 04535192 _____ () C:\Program Files (x86)\Music Recorder\Music Recorder 2016\AudialsNotifier.exe
2015-04-02 08:47 - 2017-01-20 19:39 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-02-14 08:55 - 2017-01-20 19:39 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2017-02-14 08:55 - 2017-01-20 19:39 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2012-12-17 22:48 - 2009-12-09 21:20 - 00126976 _____ () C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\EnumDevLib.dll
2016-07-01 03:40 - 2016-07-01 03:40 - 00049424 _____ () C:\Program Files (x86)\Music Recorder\Music Recorder 2016\boost_thread-vc90-mt-1_39.dll
2016-07-01 03:40 - 2016-07-01 03:40 - 00048400 _____ () C:\Program Files (x86)\Music Recorder\Music Recorder 2016\boost_date_time-vc90-mt-1_39.dll
2016-07-01 03:40 - 2016-07-01 03:40 - 00068504 _____ () C:\Program Files (x86)\Music Recorder\Music Recorder 2016\CrashRpt.dll
2016-07-01 03:40 - 2016-07-01 03:40 - 00618256 _____ () C:\Program Files (x86)\Music Recorder\Music Recorder 2016\boost_regex-vc90-mt-1_39.dll
2016-07-01 03:40 - 2016-07-01 03:40 - 00544152 _____ () C:\Program Files (x86)\Music Recorder\Music Recorder 2016\StreamingClient.dll
2016-07-01 03:40 - 2016-07-01 03:40 - 00016144 _____ () C:\Program Files (x86)\Music Recorder\Music Recorder 2016\boost_system-vc90-mt-1_39.dll
2016-11-23 06:58 - 2016-11-23 06:58 - 00340992 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Utils\68fc17d6e5e7d2bad7b18b8d60806540\Utils.ni.dll
2016-11-23 06:58 - 2016-11-23 06:58 - 00549888 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\ManagedInterfaces\9806b0667678a0d6f857efbcafc11565\ManagedInterfaces.ni.dll
2016-12-03 07:57 - 2016-12-03 07:57 - 04722176 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\AudialsComponents\79ddd0a4f5f325c9e61636c71a93758a\AudialsComponents.ni.dll
2016-11-23 06:58 - 2016-11-23 06:58 - 00774144 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\RSControls\2e161c2bf58a80553d92547040617e0d\RSControls.ni.dll
2016-12-16 07:10 - 2016-12-16 07:10 - 00177664 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\fastJSON\8d604d7d5af9a724226a7eda8729d695\fastJSON.ni.dll
2016-11-23 06:58 - 2016-11-23 06:58 - 00062464 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\CrashHandlerNET\a68af5e6e5d69b9e255d6b41d82c7688\CrashHandlerNET.ni.dll
2016-07-01 03:40 - 2016-07-01 03:40 - 00040856 _____ () C:\Program Files (x86)\Music Recorder\Music Recorder 2016\CrashHandlerNET.dll
2017-02-14 08:55 - 2017-01-20 14:36 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2017-02-14 08:55 - 2017-01-20 14:36 - 00254008 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2017-02-14 08:55 - 2017-01-20 14:36 - 02808888 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2017-02-14 08:55 - 2017-01-20 14:36 - 00384568 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2017-02-14 08:55 - 2017-01-20 14:36 - 00537656 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2017-02-14 08:55 - 2017-01-20 14:36 - 00468024 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2017-02-14 08:55 - 2017-01-20 14:36 - 01066552 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2017-02-15 09:24 - 2017-01-20 14:36 - 01014840 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-16 17.20.45.jpg:com.dropbox.attributes [1242]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-16 17.21.00.jpg:com.dropbox.attributes [1230]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-16 18.00.08.jpg:com.dropbox.attributes [1236]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-16 18.00.15.jpg:com.dropbox.attributes [1240]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-16 18.00.39.jpg:com.dropbox.attributes [1242]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-16 18.00.45.jpg:com.dropbox.attributes [1238]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 20.29.06.jpg:com.dropbox.attributes [1238]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 20.29.21.jpg:com.dropbox.attributes [1242]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 20.29.23.jpg:com.dropbox.attributes [1238]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 20.41.48.jpg:com.dropbox.attributes [621]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 20.41.55.jpg:com.dropbox.attributes [1236]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 20.45.38.jpg:com.dropbox.attributes [1244]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 22.03.10.jpg:com.dropbox.attributes [1240]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 22.03.12.jpg:com.dropbox.attributes [1242]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 22.15.47.jpg:com.dropbox.attributes [619]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 22.16.02.jpg:com.dropbox.attributes [1240]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 22.16.17.jpg:com.dropbox.attributes [1236]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 22.27.22.jpg:com.dropbox.attributes [1232]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 22.27.29.jpg:com.dropbox.attributes [1240]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 22.27.32.jpg:com.dropbox.attributes [1230]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 22.27.35.jpg:com.dropbox.attributes [1238]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 22.28.07.jpg:com.dropbox.attributes [1234]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 22.31.26.jpg:com.dropbox.attributes [1238]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 22.31.37.jpg:com.dropbox.attributes [1234]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 22.31.47.jpg:com.dropbox.attributes [1244]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 22.31.54.jpg:com.dropbox.attributes [1238]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 22.36.15.jpg:com.dropbox.attributes [1238]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 22.36.21.jpg:com.dropbox.attributes [1242]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 22.40.31.mov:com.dropbox.attributes [1190]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 23.05.08.jpg:com.dropbox.attributes [1242]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-20 21.07.42.jpg:com.dropbox.attributes [1238]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-20 21.19.45.jpg:com.dropbox.attributes [1194]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-20 21.19.47.jpg:com.dropbox.attributes [1196]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-21 14.42.37.jpg:com.dropbox.attributes [1246]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-21 14.48.20.jpg:com.dropbox.attributes [1246]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-22 14.29.15.png:com.dropbox.attributes [1198]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-22 14.30.28.png:com.dropbox.attributes [1192]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-24 21.32.51.jpg:com.dropbox.attributes [1248]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-26 21.16.14.jpg:com.dropbox.attributes [1244]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

Da befinden sich 7916 mehr Seiten.

IE restricted site: HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\123simsen.com -> www.123simsen.com

Da befinden sich 7917 mehr Seiten.


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2017-02-23 06:47 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-4016997756-889063991-563976297-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

MSCONFIG\Services: NAUpdate => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Erinnerung.lnk => C:\Windows\pss\Erinnerung.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^t@x aktuell.lnk => C:\Windows\pss\t@x aktuell.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VR-NetWorld Auftragsprüfung.lnk => C:\Windows\pss\VR-NetWorld Auftragsprüfung.lnk.CommonStartup
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AVMFBoxMonitor => "C:\Program Files (x86)\FRITZ!Box Monitor\FRITZBoxMonitor.exe"
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: daCAPI => "C:\Program Files (x86)\daCAPI\daCAPI.exe" /auto
MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: Duden Korrektor SysTray => C:\Program Files (x86)\Duden\Duden-Rechtschreibprüfung\DKTray.exe
MSCONFIG\startupreg: FreePDF Assistant => "C:\Program Files (x86)\FreePDF_XP\fpassist.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: InstallManager => E:\st.exe /CONT
MSCONFIG\startupreg: iSkysoft Helper Compact.exe => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: PAC7302_Monitor => C:\Windows\PixArt\PAC7302\Monitor.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
MSCONFIG\startupreg: SAOB Monitor => C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: SmartCallMonitor => C:\Program Files (x86)\JAM Software\SmartCallMonitor\SmartCallMonitor.exe
MSCONFIG\startupreg: SugarSync => "C:\Program Files (x86)\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true
MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
HKLM\...\StartupApproved\StartupFolder: => "FriFax32 - Verknüpfung.lnk"
HKLM\...\StartupApproved\StartupFolder: => "JFritz.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Das Telefonbuch Browserlösung.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "%RunKey%"
HKLM\...\StartupApproved\Run32: => "Nikon Message Center 2"
HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\StartupApproved\Run: => "OneDrive"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{0552A074-95A6-47FD-93DB-AB44431A4D33}C:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe] => (Allow) C:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe
FirewallRules: [TCP Query User{4B20D3EA-56D2-408F-B2ED-46F4F0669EF2}C:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe] => (Allow) C:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe
FirewallRules: [UDP Query User{12414602-D1BA-4CF8-9AFC-89DB3FB9E2EC}C:\program files (x86)\fritz!\friver32.exe] => (Allow) C:\program files (x86)\fritz!\friver32.exe
FirewallRules: [TCP Query User{BE79240E-911B-4C91-8E3F-515CD7C5E024}C:\program files (x86)\fritz!\friver32.exe] => (Allow) C:\program files (x86)\fritz!\friver32.exe
FirewallRules: [{210729ED-99B3-4C90-8567-2B75CF337CA8}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E407A13E-D977-413C-81D4-3F3E776DDEC4}] => (Allow) LPort=2869
FirewallRules: [{8204DEB6-CCBD-43D4-8BD2-29407734ABCB}] => (Allow) LPort=1900
FirewallRules: [{BEEF6954-2D8E-4FEA-8399-8DDA2BF376D9}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{D96192B3-5EC4-4A94-92EB-7284B635724C}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{0CAC57E3-D2EC-4A1B-A10B-6126858B047C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{802328A3-C5C6-4C5A-A624-CAA584D9B00A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{C05C195A-3B3D-4498-B7DD-1705A1EBCFFE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{6B27F1D1-1CE4-42B6-A11F-6FD9193821C3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{272E7C97-E477-4AD7-85BC-9B13839FBEFB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{B80BD926-62EB-457A-9A61-9EB6A3F906A4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{2212748C-092D-49EB-9691-94AFEF7E4B1A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{69A0757C-178D-43D6-940D-1C8AE9F9C84F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{FE016203-2EE2-43BA-A1EF-C35DD9E845D5}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{42DDCF1E-0861-45AB-939C-224C2A3B7FDB}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [TCP Query User{2A934D67-CC63-4E99-8918-0CEC71005391}C:\program files (x86)\fritz!\frifax32.exe] => (Allow) C:\program files (x86)\fritz!\frifax32.exe
FirewallRules: [UDP Query User{1056B8D7-9419-4FBB-BF2B-96553CD7F05F}C:\program files (x86)\fritz!\frifax32.exe] => (Allow) C:\program files (x86)\fritz!\frifax32.exe
FirewallRules: [TCP Query User{2DD32AF0-1802-4DE4-9672-266FCDB58D43}C:\program files (x86)\fritz!\frifax32.exe] => (Allow) C:\program files (x86)\fritz!\frifax32.exe
FirewallRules: [UDP Query User{F4C119E6-5B66-45CD-9B89-B9B40880DBA7}C:\program files (x86)\fritz!\frifax32.exe] => (Allow) C:\program files (x86)\fritz!\frifax32.exe
FirewallRules: [{F9AC49DD-3E25-47C9-86D7-98A9B2ECA668}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5FB97470-5AF2-452A-A990-562D9946DF2D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{90A396C5-3F74-4CC2-94CE-3FD577352531}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{BB337C31-DB05-483A-BBBE-C49B0C666E4E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{BACBBFF4-ECD1-4D02-B415-7147E04A9FD7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{7B307F34-DD67-4989-B5E1-F171AD5E54DC}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [TCP Query User{313BE467-03ED-4665-8B41-116CEAB27115}C:\program files (x86)\fritz!vox\fritz!vox.exe] => (Allow) C:\program files (x86)\fritz!vox\fritz!vox.exe
FirewallRules: [UDP Query User{B996EFF6-8C05-4BE8-80A4-A4B4BB993E58}C:\program files (x86)\fritz!vox\fritz!vox.exe] => (Allow) C:\program files (x86)\fritz!vox\fritz!vox.exe
FirewallRules: [{C55D4605-46B6-4E5A-84F2-5FAD8DA8C9F2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DBFB90B6-6F04-43D6-B010-BE6F07359244}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C05B2B38-910B-41D7-9067-AACE8430C136}] => (Allow) C:\Program Files (x86)\Music Recorder\Music Recorder 2016\Audials.exe
FirewallRules: [{ACC0478C-3F99-427E-AD0B-789EE107DB05}] => (Allow) LPort=12972
FirewallRules: [{88AA4E00-FF66-4222-B385-23822E05C8DB}] => (Allow) LPort=14714
FirewallRules: [{1E2FCD38-FB2E-4461-BA00-DA3A6E103D1E}] => (Allow) LPort=31931
FirewallRules: [TCP Query User{DF5E1045-28C1-4543-B43F-E6606DB3858A}C:\program files (x86)\medion\medion nas tool\medion nas tool.exe] => (Allow) C:\program files (x86)\medion\medion nas tool\medion nas tool.exe
FirewallRules: [UDP Query User{17556B1D-13FA-4B65-A8F2-37F1E220C6E3}C:\program files (x86)\medion\medion nas tool\medion nas tool.exe] => (Allow) C:\program files (x86)\medion\medion nas tool\medion nas tool.exe
FirewallRules: [{9B9999FB-DFD9-4C9B-8480-B59E8408A79A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{849E1D66-C46C-46BF-82E3-B48F836B2BA7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{56EB73CB-1588-4EFC-9D8B-D7539ADE2A9E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{A549D9F8-4F94-466F-8D05-F52742BB01BA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B9950044-453E-4F9C-A765-E0C789BCBF9F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{AA8A2C99-D58A-41E0-8EB5-692B0B285D62}] => (Allow) C:\Program Files\7-Zip\7zFM.exe
FirewallRules: [{7F1BB054-BBC3-4E25-BFED-195E98617235}] => (Allow) C:\Program Files\7-Zip\7zFM.exe

==================== Wiederherstellungspunkte =========================

19-02-2017 19:18:09 Windows Update
20-02-2017 17:04:47 JRT Pre-Junkware Removal
22-02-2017 11:45:13 JRT Pre-Junkware Removal

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: 
Description: 
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet Pro 8600
Description: Officejet Pro 8600
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Realtek RTL8191SU Wireless LAN 802.11n USB 2.0 Network Adapter
Description: Realtek RTL8191SU Wireless LAN 802.11n USB 2.0-Netzwerkadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTL8192su
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (02/23/2017 08:19:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ThomasKeune-PC)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147024894. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (02/23/2017 08:18:48 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ThomasKeune-PC)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147024894. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (02/23/2017 08:16:48 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ThomasKeune-PC)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147024894. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (02/23/2017 08:15:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ThomasKeune-PC)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147024894. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (02/23/2017 08:14:08 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ThomasKeune-PC)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147024894. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (02/23/2017 08:13:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ThomasKeune-PC)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147024894. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (02/23/2017 08:11:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ThomasKeune-PC)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147024894. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (02/23/2017 08:10:22 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ThomasKeune-PC)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147024894. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (02/23/2017 08:09:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ThomasKeune-PC)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147024894. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (02/23/2017 08:08:03 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ThomasKeune-PC)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147024894. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.


Systemfehler:
=============
Error: (02/23/2017 08:19:52 PM) (Source: DCOM) (EventID: 10001) (User: ThomasKeune-PC)
Description: Ein DCOM-Server konnte nicht gestartet werden: microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca als Nicht verfügbar/Nicht verfügbar. Fehler:
"2"
Aufgetreten beim Start dieses Befehls:
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7903.40527.0_x64__8wekyb3d8bbwe\HxTsr.exe" -ServerName:Hx.IPC.Server

Error: (02/23/2017 08:18:48 PM) (Source: DCOM) (EventID: 10001) (User: ThomasKeune-PC)
Description: Ein DCOM-Server konnte nicht gestartet werden: microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca als Nicht verfügbar/Nicht verfügbar. Fehler:
"2"
Aufgetreten beim Start dieses Befehls:
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7903.40527.0_x64__8wekyb3d8bbwe\HxTsr.exe" -ServerName:Hx.IPC.Server

Error: (02/23/2017 08:16:48 PM) (Source: DCOM) (EventID: 10001) (User: ThomasKeune-PC)
Description: Ein DCOM-Server konnte nicht gestartet werden: microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca als Nicht verfügbar/Nicht verfügbar. Fehler:
"2"
Aufgetreten beim Start dieses Befehls:
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7903.40527.0_x64__8wekyb3d8bbwe\HxTsr.exe" -ServerName:Hx.IPC.Server

Error: (02/23/2017 08:15:45 PM) (Source: DCOM) (EventID: 10001) (User: ThomasKeune-PC)
Description: Ein DCOM-Server konnte nicht gestartet werden: microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca als Nicht verfügbar/Nicht verfügbar. Fehler:
"2"
Aufgetreten beim Start dieses Befehls:
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7903.40527.0_x64__8wekyb3d8bbwe\HxTsr.exe" -ServerName:Hx.IPC.Server

Error: (02/23/2017 08:14:08 PM) (Source: DCOM) (EventID: 10001) (User: ThomasKeune-PC)
Description: Ein DCOM-Server konnte nicht gestartet werden: microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca als Nicht verfügbar/Nicht verfügbar. Fehler:
"2"
Aufgetreten beim Start dieses Befehls:
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7903.40527.0_x64__8wekyb3d8bbwe\HxTsr.exe" -ServerName:Hx.IPC.Server

Error: (02/23/2017 08:13:05 PM) (Source: DCOM) (EventID: 10001) (User: ThomasKeune-PC)
Description: Ein DCOM-Server konnte nicht gestartet werden: microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca als Nicht verfügbar/Nicht verfügbar. Fehler:
"2"
Aufgetreten beim Start dieses Befehls:
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7903.40527.0_x64__8wekyb3d8bbwe\HxTsr.exe" -ServerName:Hx.IPC.Server

Error: (02/23/2017 08:11:25 PM) (Source: DCOM) (EventID: 10001) (User: ThomasKeune-PC)
Description: Ein DCOM-Server konnte nicht gestartet werden: microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca als Nicht verfügbar/Nicht verfügbar. Fehler:
"2"
Aufgetreten beim Start dieses Befehls:
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7903.40527.0_x64__8wekyb3d8bbwe\HxTsr.exe" -ServerName:Hx.IPC.Server

Error: (02/23/2017 08:10:22 PM) (Source: DCOM) (EventID: 10001) (User: ThomasKeune-PC)
Description: Ein DCOM-Server konnte nicht gestartet werden: microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca als Nicht verfügbar/Nicht verfügbar. Fehler:
"2"
Aufgetreten beim Start dieses Befehls:
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7903.40527.0_x64__8wekyb3d8bbwe\HxTsr.exe" -ServerName:Hx.IPC.Server

Error: (02/23/2017 08:09:06 PM) (Source: DCOM) (EventID: 10001) (User: ThomasKeune-PC)
Description: Ein DCOM-Server konnte nicht gestartet werden: microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca als Nicht verfügbar/Nicht verfügbar. Fehler:
"2"
Aufgetreten beim Start dieses Befehls:
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7903.40527.0_x64__8wekyb3d8bbwe\HxTsr.exe" -ServerName:Hx.IPC.Server

Error: (02/23/2017 08:08:03 PM) (Source: DCOM) (EventID: 10001) (User: ThomasKeune-PC)
Description: Ein DCOM-Server konnte nicht gestartet werden: microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca als Nicht verfügbar/Nicht verfügbar. Fehler:
"2"
Aufgetreten beim Start dieses Befehls:
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7903.40527.0_x64__8wekyb3d8bbwe\HxTsr.exe" -ServerName:Hx.IPC.Server


CodeIntegrity:
===================================
  Date: 2017-02-23 06:49:34.019
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-22 10:53:34.527
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-21 21:37:21.783
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-21 21:28:04.077
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-21 20:59:41.175
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-02-21 18:47:01.853
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-21 05:53:43.945
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-20 15:49:16.838
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-02-20 15:49:16.812
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-02-20 15:49:16.728
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll that did not meet the Microsoft signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i5-2300 CPU @ 2.80GHz
Prozentuale Nutzung des RAM: 63%
Installierter physikalischer RAM: 4077.64 MB
Verfügbarer physikalischer RAM: 1478.52 MB
Summe virtueller Speicher: 8173.64 MB
Verfügbarer virtueller Speicher: 4457.57 MB

==================== Laufwerke ================================

Drive c: (Boot) (Fixed) (Total:1831.92 GB) (Free:1561.33 GB) NTFS
Drive d: (Recover) (Fixed) (Total:30 GB) (Free:11.62 GB) NTFS
Drive k: (Backup) (Fixed) (Total:292.97 GB) (Free:225.31 GB) NTFS
Drive l: (Data) (Fixed) (Total:292.97 GB) (Free:91.9 GB) NTFS
Drive m: (Copy) (Fixed) (Total:292.97 GB) (Free:291.52 GB) NTFS
Drive n: (Siemens) (Fixed) (Total:292.97 GB) (Free:30.03 GB) NTFS
Drive o: () (Fixed) (Total:0.1 GB) (Free:0.02 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive p: (Schneider) (Fixed) (Total:225.39 GB) (Free:82.33 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 59ECDFB3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1831.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=30 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1397.3 GB) (Disk ID: 27E9BFE8)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=OF Extended)

==================== Ende von Addition.txt ============================

cosinus · 24.02.2017, 09:24

FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

removeproxy:
emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

cosinus · 24.02.2017, 09:24

FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

removeproxy:
emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

OhSchreck! · 24.02.2017, 18:26

Code:

ATTFilter

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 23-02-2017 01
durchgeführt von Thomas Keune (24-02-2017 18:11:17) Run:3
Gestartet von C:\Users\Thomas Keune\Desktop
Geladene Profile: Thomas Keune (Verfügbare Profile: Thomas Keune)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
removeproxy:
emptytemp:
*****************


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-4016997756-889063991-563976297-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-4016997756-889063991-563976297-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt


========= Ende von RemoveProxy: =========


=========== EmptyTemp: ==========

BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8645526 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => -408067 B
Edge => 0 B
Chrome => 0 B
Firefox => 5316529 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 8222 B
NetworkService => 1058 B
Thomas Keune => 252608 B
DefaultAppPool => 0 B

RecycleBin => 131512 B
EmptyTemp: => 13.3 MB temporäre Dateien entfernt.

================================


Das System musste neu gestartet werden.

==== Ende von Fixlog 18:11:25 ====

22.02.2017, 12:08	#20
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Antivir meldet Verbindungsfehler - Überprüfen Sie Ihre Internetverbindung und Defender lässt sich nicht aktivieren. Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Untersuchen klicken __________________ Logfiles bitte immer in CODE-Tags posten

23.02.2017, 09:42	#25
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Antivir meldet Verbindungsfehler - Überprüfen Sie Ihre Internetverbindung und Defender lässt sich nicht aktivieren. schön Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Untersuchen klicken __________________ Logfiles bitte immer in CODE-Tags posten

Antivir meldet Verbindungsfehler - Überprüfen Sie Ihre Internetverbindung und Defender lässt sich nicht aktivieren.

Plagegeister aller Art und deren Bekämpfung: Antivir meldet Verbindungsfehler - Überprüfen Sie Ihre Internetverbindung und Defender lässt sich nicht aktivieren.