Win - 10 Nova / Rambler.ru malware und NPE 0x8 Fehler - Verdacht auf rootkit

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 23-02-2017
durchgeführt von Martin Zenker (Administrator) auf MZ_YOGA_1 (23-02-2017 10:34:44)
Gestartet von C:\Users\mzenk_000\Downloads
Geladene Profile: Martin Zenker & alex_000 & DefaultAppPool (Verfügbare Profile: Martin Zenker & alex_000 & DefaultAppPool)
Platform: Windows 10 Pro Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Opera)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
() C:\Windows\System32\3DPrintService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cybereason) C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(3Dconnexion) C:\Program Files\3Dconnexion\3DxWare\3DxWinCore64\Mgl3DCtlrRPCService.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(MakerBot) C:\Program Files\MakerBot\MakerWare\conveyor-svc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
() C:\Windows\runSW.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek) C:\Windows\SwUSB.exe
(Cybereason) C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(3Dconnexion) C:\Program Files\3Dconnexion\3DxWare\3DxWinCore64\3dxpiemenus.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GlassWire.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Syntek Ltd.) C:\Windows\STK03N\STK03NM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1702.312.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Reason Software Company Inc.) C:\Program Files\Reason\Security\rsEngineSvc.exe
() C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe
() C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_bg.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Flexera Software, Inc.) C:\Users\mzenk_000\AppData\Local\Temp\{4DDCB862-DCD6-4709-8D9A-D6F603C15D75}\ISBEW64.exe
(Microsoft® Windows® Operating System) C:\Windows\System32\Taskmgr.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [111488 2013-10-14] (Intel Corporation)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [935104 2014-11-25] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [yogaserver] => C:\ProgramData\YogaSmartSwicth\yogaserver.exe [208464 2012-11-29] ()
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2013-11-26] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2013-11-26] (Lenovo(beijing) Limited)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-03] (Synaptics Incorporated)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Lenovo App Shop] => "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-16] (Apple Inc.)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2687520 2015-08-25] (Sony Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2553620308-2587970361-2745048916-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [5915776 2016-03-21] (Safer-Networking Ltd.)
HKU\S-1-5-21-2553620308-2587970361-2745048916-1001\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [10571776 2016-01-27] (SecureMix LLC)
HKU\S-1-5-21-2553620308-2587970361-2745048916-1001\...\RunOnce: [Uninstall C:\Users\mzenk_000\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\mzenk_000\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-2553620308-2587970361-2745048916-1014\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27011712 2016-10-17] (Skype Technologies S.A.)
HKU\S-1-5-21-2553620308-2587970361-2745048916-1014\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll -> Keine Datei
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll -> Keine Datei
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll -> Keine Datei
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll -> Keine Datei
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Motion Control.lnk [2012-11-29]
ShortcutTarget: Motion Control.lnk -> C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\STK03N PNP Monitor.lnk [2016-04-28]
ShortcutTarget: STK03N PNP Monitor.lnk -> C:\Windows\STK03N\STK03NM.exe (Syntek Ltd.)
BootExecute: autocheck autochk * bootdelete

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0dd36eb5-52b8-4a5d-b81f-f88aa9196f2c}: [DhcpNameServer] 80.146.165.25 46.16.220.98
Tcpip\..\Interfaces\{9979bf27-3ead-48b3-ba74-c5efe434be04}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{e082b941-bea0-4502-90fa-1a5edca624bb}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2553620308-2587970361-2745048916-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
HKU\S-1-5-21-2553620308-2587970361-2745048916-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://de.search.yahoo.com/?type=888596&fr=spigot-yhp-ie
HKU\S-1-5-21-2553620308-2587970361-2745048916-1014\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.lenovo.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {8A3FF90B-A977-47EC-9633-3E2C2D312AFD} URL = 
SearchScopes: HKU\S-1-5-21-2553620308-2587970361-2745048916-1001 -> {8A3FF90B-A977-47EC-9633-3E2C2D312AFD} URL = 
SearchScopes: HKU\S-1-5-21-2553620308-2587970361-2745048916-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2553620308-2587970361-2745048916-1014 -> {8A3FF90B-A977-47EC-9633-3E2C2D312AFD} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-07-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-11-02] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-07-12] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-02] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-07-19] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-07-12] (Microsoft Corporation)
DPF: HKLM-x32 {82774781-8F4E-11D1-AB1C-0000F8773BF0} hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: HKLM-x32 {F0C2A0FA-C11A-4B67-84ED-D62E95008822} hxxp://192.168.1.254/IPCConfig.exe

FireFox:
========
FF DefaultProfile: 1q2jlbpz.default
FF ProfilePath: C:\Users\mzenk_000\AppData\Roaming\CLIQZ\Profiles\1q2jlbpz.default [2016-12-08]
FF Extension: (Cliqz) - C:\Users\mzenk_000\AppData\Roaming\CLIQZ\Profiles\1q2jlbpz.default\Extensions\cliqz@cliqz.com.xpi [2016-11-15] [ist nicht signiert]
FF Extension: (HTTPS Everywhere) - C:\Program Files (x86)\CLIQZ\browser\features\https-everywhere@cliqz.com.xpi [2016-11-15] [ist nicht signiert]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => nicht gefunden
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-15] ()
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-02] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-02] (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-15] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 -> C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll [2012-09-28] (Logitech Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-22] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [Keine Datei]
FF Plugin-x32: ChromeWebPlugin -> C:\Program Files (x86)\WebControl\npGS_ChromePlugins.dll [Keine Datei]
FF Plugin-x32: FireFoxWebPlugin -> C:\Program Files (x86)\WebControl\npGS_Plugins.dll [Keine Datei]
FF Plugin-x32: JFGuide -> C:\Program Files (x86)\NetSurveillance\CMS\npGuide.dll [2015-03-11] ()
FF Plugin-x32: JFWeb -> C:\Program Files (x86)\NetSurveillance\CMS\npWebPlugin.dll [2015-03-11] ()
FF Plugin-x32: Sony Corporation/PMCADownloader -> C:\ProgramData\Sony Corporation\PMCADownloader\1.1.1975.475\npPMCADownloader.dll [2012-10-17] (Sony Network Entertainment International LLC)
FF Plugin-x32: Sony Corporation/PMCADownloaderHelper -> C:\ProgramData\Sony Corporation\PMCADownloader\1.1.1975.475\PMCADownloaderHelper.exe [2012-10-17] (Sony Network Entertainment International LLC)
FF Plugin-x32: Sony Corporation/PMCADownloaderLib -> C:\ProgramData\Sony Corporation\PMCADownloader\1.1.1975.475\PMCADownloaderLib.dll [2012-10-17] (Sony Network Entertainment International LLC)
FF Plugin HKU\.DEFAULT: ipc.com/ipc -> C:\Program Files (x86)\RegIPCPlugin\IPCPlugin\npipc.dll [2013-07-25] (IPC)
FF Plugin HKU\S-1-5-21-2553620308-2587970361-2745048916-1001: ajvision.com/webconfig -> C:\WINDOWS\system32\WEBConfig2\npwebconfig.dll [Keine Datei]
FF Plugin HKU\S-1-5-21-2553620308-2587970361-2745048916-1001: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll [Keine Datei]
FF Plugin HKU\S-1-5-21-2553620308-2587970361-2745048916-1001: ipc.com/ipc -> C:\Program Files (x86)\RegIPCPlugin\IPCPlugin\npipc.dll [2013-07-25] (IPC)
FF Plugin HKU\S-1-5-21-2553620308-2587970361-2745048916-1001: tpsee.com/ipcctrl -> C:\WINDOWS\system32\IPCConfigV2\npipcctrl.dll [Keine Datei]
FF Plugin HKU\S-1-5-21-2553620308-2587970361-2745048916-1014: ajvision.com/webconfig -> C:\windows\system32\WEBConfig2\npwebconfig.dll [Keine Datei]
FF Plugin HKU\S-1-5-21-2553620308-2587970361-2745048916-1014: tpsee.com/ipcctrl -> C:\windows\system32\IPCConfigV2\npipcctrl.dll [Keine Datei]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)

Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\mzenk_000\AppData\Local\Google\Chrome\User Data\Default [2017-02-22]
CHR Extension: (Google Präsentationen) - C:\Users\mzenk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-22]
CHR Extension: (Google Docs) - C:\Users\mzenk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-22]
CHR Extension: (Google Drive) - C:\Users\mzenk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-22]
CHR Extension: (YouTube) - C:\Users\mzenk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-22]
CHR Extension: (Google Tabellen) - C:\Users\mzenk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-22]
CHR Extension: (Google Docs Offline) - C:\Users\mzenk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-22]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\mzenk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-22]
CHR Extension: (Google Mail) - C:\Users\mzenk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-22]
CHR Extension: (Chrome Media Router) - C:\Users\mzenk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-22]
CHR HKLM-x32\...\Chrome\Extension: [omaonpoimgkmbllpdihbnmgphjoipdhf] - C:\Program Files (x86)\Logitech\Harmony Remote Driver\harmony_chrome.crx [2014-02-16]

Opera: 
=======
OPR Extension: (Adguard Werbeblocker) - C:\Users\mzenk_000\AppData\Roaming\Opera Software\Opera Stable\Extensions\bopfaehpakahokaelnomggbohfbimcia [2017-01-12]

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 3DPrintService; C:\windows\system32\3DPrintService.exe [181752 2015-02-05] ()
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2016-09-14] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2828016 2016-02-09] (Microsoft Corporation)
S3 CliqzMaintenance; C:\Program Files (x86)\Cliqz Maintenance Service\maintenanceservice.exe [175392 2016-11-15] (Cliqz GmbH)
R2 CybereasonRansomFree; C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe [18368 2017-01-12] (Cybereason)
S2 debugregsvc; C:\WINDOWS\System32\debugregsvc.dll [29184 2016-07-15] (Microsoft Corporation)
S3 DeveloperToolsService; C:\WINDOWS\System32\DeveloperToolsSvc.exe [104448 2016-07-15] (Microsoft Corporation)
S2 DptfParticipantProcessorService; C:\WINDOWS\system32\DptfParticipantProcessorService.exe [115656 2013-10-14] (Intel Corporation)
R2 DptfPolicyConfigTDPService; C:\WINDOWS\system32\DptfPolicyConfigTDPService.exe [118728 2013-10-14] (Intel Corporation)
R2 DptfPolicyLpmService; C:\WINDOWS\system32\DptfPolicyLpmService.exe [124904 2013-10-14] (Intel Corporation)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-19] (Microsoft Corporation) [Datei ist nicht signiert]
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [8915968 2016-01-27] (SecureMix LLC)
S2 HitmanPro37CrusaderBoot; C:\Users\mzenk_000\Downloads\hitmanpro_x64 (1).exe [11581544 2017-02-22] (SurfRight B.V.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [Datei ist nicht signiert]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [Datei ist nicht signiert]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 IISADMIN; C:\WINDOWS\system32\inetsrv\inetinfo.exe [17408 2016-09-14] (Microsoft Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22768 2014-04-17] (Microsoft Corporation)
R2 irstrtsv; C:\WINDOWS\SysWOW64\irstrtsv.exe [193576 2012-07-20] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S4 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584664 2015-12-14] (LENOVO INCORPORATED.)
R2 MakerBot Conveyor Service; C:\Program Files\MakerBot\MakerWare\conveyor-svc.exe [85504 2016-08-19] (MakerBot) [Datei ist nicht signiert]
R2 Mgl3DCtlrRPCService; C:\Program Files\3Dconnexion\3DxWare\3DxWinCore64\Mgl3DCtlrRPCService.exe [57856 2014-11-13] (3Dconnexion) [Datei ist nicht signiert]
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [227680 2011-08-12] ()
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [25088 2016-03-04] (The OpenVPN Project) [Datei ist nicht signiert]
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [496160 2015-08-25] (Sony Corporation)
R2 rscp; C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe [303896 2017-02-22] ()
R2 rsEngineSvc; C:\Program Files\Reason\Security\rsEngineSvc.exe [89880 2016-09-30] (Reason Software Company Inc.)
R2 RunSwUSB; C:\Windows\runSW.exe [44104 2013-05-23] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R3 SshBroker; C:\WINDOWS\System32\SshBroker.dll [360960 2016-12-21] (Microsoft Corporation)
R3 SshProxy; C:\WINDOWS\System32\SshProxy.dll [275456 2016-12-21] (Microsoft Corporation)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [249032 2015-06-03] (Synaptics Incorporated)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2014-02-25] () [Datei ist nicht signiert]
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87736 2014-04-30] (Microsoft Corporation)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56552 2016-03-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S4 WebManagement; C:\WINDOWS\system32\WebManagement.exe [1000448 2016-09-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 3dxhid; C:\WINDOWS\System32\drivers\3dxhid.sys [38672 2014-11-07] (3Dconnexion SAM)
S3 AX88179; C:\WINDOWS\System32\drivers\ax88179_178a.sys [74240 2016-07-16] (ASIX Electronics Corp.)
S3 DCamUSBSTK03N; C:\WINDOWS\system32\DRIVERS\STK03NW2.sys [113288 2010-01-05] (Syntek Ltd.)
S3 DCamUSBSTK03N; C:\Windows\SysWOW64\DRIVERS\STK03NW2.sys [108544 2010-01-05] (Syntek Ltd.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 DptfDevPch; C:\WINDOWS\system32\DRIVERS\DptfDevPch.sys [116752 2013-10-14] (Intel Corporation)
S3 DptfDevProc; C:\WINDOWS\system32\DRIVERS\DptfDevProc.sys [290256 2013-10-14] (Intel Corporation)
R3 DptfManager; C:\WINDOWS\system32\DRIVERS\DptfManager.sys [494808 2013-10-14] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [52200 2016-02-26] (Intel Corporation)
R3 DUBE100B; C:\WINDOWS\System32\drivers\DUBE100B.sys [49152 2013-10-23] (D-Link Corporation)
S3 ewusbnet; C:\WINDOWS\System32\drivers\ewusbnet.sys [415232 2011-10-18] (Huawei Technologies Co., Ltd.)
R1 gwdrv; C:\WINDOWS\system32\DRIVERS\gwdrv.sys [33152 2015-05-29] (SecureMix LLC)
R2 hardlock; C:\windows\system32\drivers\hardlock.sys [331328 2013-08-01] (SafeNet Inc.)
R4 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [54736 2017-02-22] ()
R3 irstrtdv; C:\WINDOWS\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation)
R3 KMJHidMini; C:\WINDOWS\System32\drivers\3dxkmj.sys [18944 2013-10-08] (3Dconnextion Inc.)
R3 KMJShim; C:\WINDOWS\System32\drivers\3dxshim.sys [7168 2013-10-08] (3Dconnextion Inc.)
S3 libusb0; C:\WINDOWS\system32\DRIVERS\libusb0.sys [52832 2013-12-05] (hxxp://libusb-win32.sourceforge.net)
S3 libusbK; C:\WINDOWS\System32\drivers\libusbK.sys [47200 2013-12-04] (hxxp://libusb-win32.sourceforge.net)
S3 MakerBotUsbFilter; C:\WINDOWS\system32\DRIVERS\MakerBotUsbFilter.sys [18712 2013-11-12] ()
S3 MS3dPrintUSB; C:\WINDOWS\system32\DRIVERS\MS3DPrintUSB.sys [24072 2015-02-05] ()
S3 Netaapl; C:\WINDOWS\system32\DRIVERS\netaapl64.sys [23040 2013-07-25] (Apple Inc.) [Datei ist nicht signiert]
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 NPF; C:\WINDOWS\System32\drivers\NPF.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 prwntdrv; C:\WINDOWS\system32\prwntdrv.sys [16776 2010-08-25] () [Datei ist nicht signiert]
S3 prwntdrv; C:\WINDOWS\SysWOW64\prwntdrv.sys [13704 2010-08-25] () [Datei ist nicht signiert]
S3 pwdrvio; C:\windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\windows\system32\pwdspio.sys [12504 2013-09-30] ()
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [624456 2015-07-07] (Realtek Semiconductor Corporation)
R3 RtlWlanu_OldIC; C:\WINDOWS\System32\drivers\rtwlanu_oldIC.sys [3814400 2016-07-16] (Realtek Semiconductor Corporation                           )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [422656 2016-03-09] (Realsil Semiconductor Corporation)
R3 SaiK1705; C:\WINDOWS\system32\DRIVERS\SaiK1705.sys [180584 2012-09-20] (Saitek)
R3 SaiMini; C:\WINDOWS\System32\drivers\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\WINDOWS\system32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
R3 SaiU1705; C:\WINDOWS\System32\drivers\SaiU1705.sys [47208 2012-09-20] (Saitek)
R3 SensorsAlsDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation)
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation)
S3 silabenm; C:\WINDOWS\system32\DRIVERS\silabenm.sys [27336 2013-11-08] (Silicon Laboratories) [Datei ist nicht signiert]
S3 silabser; C:\WINDOWS\system32\DRIVERS\silabser.sys [73216 2013-11-08] (Silicon Laboratories) [Datei ist nicht signiert]
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-03] (Synaptics Incorporated)
R3 SPUVCbv; C:\WINDOWS\System32\Drivers\SPUVCbv64.sys [772480 2015-12-25] (Sunplus)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R2 sxuptp; C:\WINDOWS\System32\drivers\sxuptp.sys [310496 2014-06-17] (silex technology, Inc.)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Apple, Inc.) [Datei ist nicht signiert]
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R2 WLNdis50; C:\WINDOWS\system32\DRIVERS\wlndis50.sys [35840 2014-06-05] ()
R2 WLNdis50; C:\Windows\SysWOW64\DRIVERS\wlndis50.sys [35840 2014-06-05] ()
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-02-22] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-02-22] (Zemana Ltd.)
U0 aswVmm; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

NETSVC: debugregsvc -> C:\Windows\System32\debugregsvc.dll (Microsoft Corporation)

==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-02-23 10:34 - 2017-02-23 10:35 - 00036932 _____ C:\Users\mzenk_000\Downloads\FRST.txt
2017-02-23 10:34 - 2017-02-23 10:34 - 00000000 ____D C:\FRST
2017-02-23 10:32 - 2017-02-23 10:32 - 02423296 _____ (Farbar) C:\Users\mzenk_000\Downloads\FRST64.exe
2017-02-23 10:29 - 2017-02-23 10:33 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\NPE
2017-02-23 10:29 - 2017-02-23 10:29 - 03435768 _____ (Symantec Corporation) C:\Users\mzenk_000\Downloads\NPE (1).exe
2017-02-23 10:29 - 2017-02-23 10:29 - 00000000 ____D C:\ProgramData\Norton
2017-02-23 10:26 - 2017-02-23 10:26 - 03435768 _____ (Symantec Corporation) C:\Users\mzenk_000\Downloads\NPE.exe
2017-02-23 10:21 - 2017-02-23 10:21 - 00001923 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-23 10:21 - 2017-02-23 10:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-23 10:21 - 2017-02-23 10:21 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-23 10:21 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-02-23 10:13 - 2017-02-23 10:20 - 55566792 _____ (Malwarebytes ) C:\Users\mzenk_000\Downloads\mb3-setup-consumer-3.0.6.1469.exe
2017-02-23 09:47 - 2017-02-23 09:47 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2017-02-23 09:47 - 2017-02-23 09:47 - 00000424 _____ C:\WINDOWS\system32\bootdelete.lst
2017-02-22 20:39 - 2017-02-22 20:39 - 00000000 _____ C:\Users\mzenk_000\Desktop\Unbenannt.uafi
2017-02-22 18:04 - 2017-02-22 18:04 - 00003642 _____ C:\WINDOWS\System32\Tasks\ReasonSecurityScheduledScan
2017-02-22 18:04 - 2017-02-22 18:04 - 00003510 _____ C:\WINDOWS\System32\Tasks\ReasonSecurityStart
2017-02-22 18:04 - 2017-02-22 18:04 - 00000000 ____D C:\ProgramData\Reason
2017-02-22 18:03 - 2017-02-22 18:03 - 06406240 _____ (Reason Software Company Inc.) C:\Users\mzenk_000\Desktop\reason-core-security-setup.exe
2017-02-22 18:03 - 2017-02-22 18:03 - 00000959 _____ C:\Users\Public\Desktop\Reason Core Security.lnk
2017-02-22 18:03 - 2017-02-22 18:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reason Core Security
2017-02-22 18:03 - 2017-02-22 18:03 - 00000000 ____D C:\Program Files\Reason
2017-02-22 12:42 - 2017-02-22 12:42 - 00000000 __RHD C:\Users\mzenk_000\Desktop\ Cybereason RansomFree
2017-02-22 12:42 - 2017-02-22 12:42 - 00000000 ___HD C:\Users\mzenk_000\Documents\Zibrd
2017-02-22 12:42 - 2017-02-22 12:42 - 00000000 ___HD C:\Users\mzenk_000\Documents\2014-05-3 1KaL
2017-02-22 12:41 - 2017-02-22 12:41 - 00516193 _____ C:\Users\akyDYS\transferred displace painful.xlsx
2017-02-22 12:41 - 2017-02-22 12:41 - 00514358 _____ C:\Users\Q1YXi\sVY.xlsx
2017-02-22 12:41 - 2017-02-22 12:41 - 00220520 _____ C:\Users\akyDYS\viennauprightdirectors.mdb
2017-02-22 12:41 - 2017-02-22 12:41 - 00207408 _____ C:\Users\Q1YXi\prize conflict tidy.mdb
2017-02-22 12:41 - 2017-02-22 12:41 - 00072351 _____ C:\Users\akyDYS\srA1e.xls
2017-02-22 12:41 - 2017-02-22 12:41 - 00061331 _____ C:\Users\Q1YXi\EAJOdDC.xls
2017-02-22 12:41 - 2017-02-22 12:41 - 00053245 _____ C:\Users\Q1YXi\8SUSD1lxZhbG.pem
2017-02-22 12:41 - 2017-02-22 12:41 - 00052457 _____ C:\Users\akyDYS\8z7MF4fqM.pem
2017-02-22 12:41 - 2017-02-22 12:41 - 00035851 _____ C:\Users\Q1YXi\3ZYxLc9.txt
2017-02-22 12:41 - 2017-02-22 12:41 - 00022622 _____ C:\Users\akyDYS\1k0M1.sql
2017-02-22 12:41 - 2017-02-22 12:41 - 00014652 _____ C:\Users\Q1YXi\rise comfort.sql
2017-02-22 12:41 - 2017-02-22 12:41 - 00011363 _____ C:\Users\akyDYS\set.calm.cape.txt
2017-02-22 12:41 - 2017-02-22 12:41 - 00000000 ___HD C:\Users\Q1YXi
2017-02-22 12:41 - 2017-02-22 12:41 - 00000000 ___HD C:\Users\akyDYS
2017-02-22 12:41 - 2017-02-22 12:41 - 00000000 ____D C:\Xpu1Slb
2017-02-22 12:41 - 2017-02-22 12:41 - 00000000 ____D C:\WINDOWS\Panther
2017-02-22 12:41 - 2017-02-22 12:41 - 00000000 ____D C:\1455aVRZ
2017-02-22 12:40 - 2017-02-23 09:47 - 00000524 _____ C:\WINDOWS\system32\.crusader
2017-02-22 12:27 - 2017-02-22 12:41 - 00054736 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2017-02-22 12:27 - 2017-02-22 12:41 - 00000000 ____D C:\ProgramData\HitmanPro
2017-02-22 12:26 - 2017-02-22 12:27 - 11581544 _____ (SurfRight B.V.) C:\Users\mzenk_000\Downloads\hitmanpro_x64 (1).exe
2017-02-22 12:17 - 2017-02-22 12:18 - 00003734 _____ C:\Users\mzenk_000\Desktop\Rkill.txt
2017-02-22 12:02 - 2017-02-23 10:34 - 00674844 _____ C:\WINDOWS\ZAM.krnl.trace
2017-02-22 12:02 - 2017-02-23 10:34 - 00645391 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-02-22 12:02 - 2017-02-22 12:02 - 14449600 _____ (Copyright 2017.) C:\Users\mzenk_000\Downloads\Zemana.AntiMalware.Portable.exe
2017-02-22 12:02 - 2017-02-22 12:02 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-02-22 12:02 - 2017-02-22 12:02 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-02-22 12:02 - 2017-02-22 12:02 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Zemana
2017-02-22 11:54 - 2017-02-22 11:55 - 00316816 _____ C:\TDSSKiller.3.1.0.12_22.02.2017_11.54.43_log.txt
2017-02-22 11:54 - 2017-02-22 11:54 - 04747704 _____ (AO Kaspersky Lab) C:\Users\mzenk_000\Downloads\tdsskiller.exe
2017-02-22 11:42 - 2017-02-22 11:52 - 00002275 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-22 11:42 - 2017-02-22 11:52 - 00002263 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-22 11:41 - 2017-02-22 11:41 - 01201256 _____ (Adobe Systems Incorporated) C:\Users\mzenk_000\Downloads\flashplayer24pp_da_install.exe
2017-02-22 10:16 - 2017-02-22 10:18 - 00000000 ____D C:\Users\mzenk_000\Desktop\funk
2017-02-21 16:19 - 2017-02-21 16:19 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign7f26db0a4933127e
2017-02-21 16:16 - 2017-02-21 16:16 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign7012e679b3cdbef1
2017-02-21 14:11 - 2017-02-21 14:11 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigndd822a315bd2fb18
2017-02-21 14:11 - 2017-02-21 14:11 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigndc683d65d21136c8
2017-02-21 14:11 - 2017-02-21 14:11 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign106a730f97475271
2017-02-21 12:44 - 2017-02-21 12:44 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign49ae2af517fc5c58
2017-02-21 12:43 - 2017-02-21 12:43 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignc53783aa983d2a83
2017-02-21 11:36 - 2017-02-21 11:36 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigne0769834de9bd005
2017-02-21 11:36 - 2017-02-21 11:36 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign4f800e60bde24a70
2017-02-21 11:36 - 2017-02-21 11:36 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign4baf574cc4a8d27d
2017-02-21 11:28 - 2017-02-21 11:28 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignf06cef9267c87ee3
2017-02-21 11:28 - 2017-02-21 11:28 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign4eff38e8db3cf107
2017-02-21 11:27 - 2017-02-21 11:27 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign56cd0fcb8de5d081
2017-02-21 09:04 - 2017-02-22 18:19 - 00000000 ____D C:\Program Files (x86)\UC
2017-02-21 09:04 - 2017-02-21 09:04 - 00001021 _____ C:\Users\Public\Desktop\UC.lnk
2017-02-21 08:37 - 2017-02-21 08:37 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign363f4652aac7f3f1
2017-02-21 08:36 - 2017-02-21 08:36 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigncaa405149411c168
2017-02-21 07:45 - 2017-02-21 07:45 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignd2bbff85e07918b4
2017-02-21 07:45 - 2017-02-21 07:45 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign49aac4c9437b8cee
2017-02-21 07:45 - 2017-02-21 07:45 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign14020a0f1e77e812
2017-02-21 07:44 - 2017-02-21 07:44 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigne4d9e333266c0b88
2017-02-21 07:44 - 2017-02-21 07:44 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignc17a6ecec7d8bc22
2017-02-21 07:44 - 2017-02-21 07:44 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigna66ffdcdd968ebdf
2017-02-21 07:38 - 2017-02-21 07:38 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignda063bb2f1289280
2017-02-21 07:38 - 2017-02-21 07:38 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign58420517735a9b9c
2017-02-21 07:30 - 2017-02-21 07:30 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignc16edab1fda1e87b
2017-02-21 07:30 - 2017-02-21 07:30 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign9db95f2bec3f014b
2017-02-20 23:32 - 2017-02-20 23:32 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign9667c3bd1b6cad1e
2017-02-20 23:15 - 2017-02-20 23:15 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigndcfad7ab9320a176
2017-02-20 23:15 - 2017-02-20 23:15 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignda36507a1f2319d1
2017-02-20 23:14 - 2017-02-20 23:14 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign1e10687bb9d87204
2017-02-20 23:07 - 2017-02-20 23:07 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignc7383a4717f93c60
2017-02-20 23:00 - 2017-02-20 23:00 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign02031925d2895d24
2017-02-20 22:59 - 2017-02-20 22:59 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign3a33744224791093
2017-02-20 22:58 - 2017-02-20 22:58 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignfed99dc4589e5e3b
2017-02-20 22:58 - 2017-02-20 22:58 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigne8637107747c211d
2017-02-20 22:58 - 2017-02-20 22:58 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigne10dc75ae43b8142
2017-02-20 22:58 - 2017-02-20 22:58 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigna1f9734973fae393
2017-02-20 16:07 - 2017-02-20 16:07 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigne415bed2d394f8c3
2017-02-20 14:38 - 2017-02-20 14:38 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigne19eefa3b0ccf58d
2017-02-20 14:38 - 2017-02-20 14:38 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignd96c8a410bf9fe14
2017-02-20 14:38 - 2017-02-20 14:38 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign126c813ef87c6e51
2017-02-20 14:37 - 2017-02-20 14:37 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigndfbc714a83173ccb
2017-02-20 14:33 - 2017-02-20 14:33 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign9c3bd7c420580f53
2017-02-20 14:32 - 2017-02-20 14:32 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign7d73408497e137fb
2017-02-20 14:20 - 2017-02-20 14:20 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign23f23f622c6519d4
2017-02-20 14:19 - 2017-02-20 14:19 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignc97b7c8c81fa117e
2017-02-20 14:19 - 2017-02-20 14:19 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignbef781058f15b7f0
2017-02-20 14:19 - 2017-02-20 14:19 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign4dde062d9c54892b
2017-02-20 14:19 - 2017-02-20 14:19 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign1d79ad993129aac8
2017-02-20 12:20 - 2017-02-20 12:20 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign848c08f209520c73
2017-02-20 12:19 - 2017-02-20 12:19 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign13d14c53619ffc01
2017-02-20 12:18 - 2017-02-20 12:18 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignfdfcae806561652c
2017-02-20 12:18 - 2017-02-20 12:18 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigne91ae1f7d1eba320
2017-02-20 12:18 - 2017-02-20 12:18 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign4654f58f9857fa60
2017-02-18 11:02 - 2017-02-18 11:02 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign9c0f88bfe9d3dd44
2017-02-18 11:01 - 2017-02-18 11:01 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignbaaf037bfd15b1f9
2017-02-18 11:01 - 2017-02-18 11:01 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigna058f9c95b1f2dea
2017-02-17 18:05 - 2017-02-17 18:05 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignfde3140021b60f06
2017-02-17 18:04 - 2017-02-17 18:04 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignfbf68b1b6fdf6a5b
2017-02-17 15:22 - 2017-02-17 15:22 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign682f7b41212e439a
2017-02-17 13:41 - 2017-02-17 13:41 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign785bf2dce2060654
2017-02-17 11:34 - 2017-02-17 11:34 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignf0f68ffbb638e886
2017-02-16 21:13 - 2017-02-16 21:13 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign914ec2e6746d24c9
2017-02-16 18:20 - 2017-02-16 18:20 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign14cbc91f303a3bde
2017-02-16 17:48 - 2017-02-16 17:48 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignd064987d536e674c
2017-02-16 17:47 - 2017-02-16 17:47 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign26b6e221d997388e
2017-02-16 17:46 - 2017-02-16 17:46 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignc7ff97d410d188aa
2017-02-16 17:46 - 2017-02-16 17:46 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign10f04a517778d9f7
2017-02-16 17:11 - 2017-02-16 17:11 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignc65d73d1631ebcf7
2017-02-16 17:08 - 2017-02-16 17:08 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignf8a832b01eb716c4
2017-02-16 17:08 - 2017-02-16 17:08 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign1f0af582579988c7
2017-02-16 16:45 - 2017-02-16 16:45 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignd159729d576db242
2017-02-16 16:45 - 2017-02-16 16:45 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign267f25a1a0e684cf
2017-02-16 16:44 - 2017-02-16 16:44 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignfe4d2e52d950ba99
2017-02-16 16:44 - 2017-02-16 16:44 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign2425db3c15d81f20
2017-02-16 16:43 - 2017-02-16 16:43 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignb0161fc2dfebc8ec
2017-02-16 16:43 - 2017-02-16 16:43 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign0c7741804853ace2
2017-02-16 16:39 - 2017-02-16 16:39 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign3d6b0a09f4fd504d
2017-02-16 16:39 - 2017-02-16 16:39 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign0aefc66b401ab0c4
2017-02-16 16:34 - 2017-02-16 16:34 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignec9ee2589f9991d8
2017-02-16 16:34 - 2017-02-16 16:34 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign13722565e5571258
2017-02-16 16:33 - 2017-02-16 16:33 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign985e3b27a09a98e7
2017-02-16 16:33 - 2017-02-16 16:33 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign8333d1dc01829e44
2017-02-16 13:52 - 2017-02-16 13:52 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigne15c34d2558ef35f
2017-02-16 13:52 - 2017-02-16 13:52 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign97de9fcbf995a9c6
2017-02-16 13:51 - 2017-02-16 13:51 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign909f476af60b03d0
2017-02-16 13:27 - 2017-02-16 13:27 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign4275ebd056208641
2017-02-16 13:09 - 2017-02-16 13:09 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign5beeac0d975285ec
2017-02-16 13:08 - 2017-02-16 13:08 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigne88afef08fa6a26c
2017-02-16 13:08 - 2017-02-16 13:08 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign7db61f06c73c131b
2017-02-16 13:07 - 2017-02-16 13:07 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigne802c191006cc720
2017-02-16 13:07 - 2017-02-16 13:07 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignb9fbb28027b3d633
2017-02-16 11:05 - 2017-02-16 11:05 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign4796ddcaf9067c89
2017-02-16 11:04 - 2017-02-16 11:04 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignd938129888ed70b4
2017-02-16 11:04 - 2017-02-16 11:04 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignc0e10d8b85ad6d98
2017-02-16 10:34 - 2017-02-16 10:34 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigne842fcc80bf3e4a5
2017-02-16 10:32 - 2017-02-16 10:32 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignd8c1d5d9275e0a9a
2017-02-16 10:32 - 2017-02-16 10:32 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign18f18466713053dc
2017-02-16 10:32 - 2017-02-16 10:32 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign06e0e4d367433f97
2017-02-16 10:32 - 2017-02-16 10:32 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign0608a3c7c57f946a
2017-02-15 17:49 - 2017-02-15 17:49 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignefb7bb002230a3cd
2017-02-15 17:49 - 2017-02-15 17:49 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign5bf168b350ada6d8
2017-02-15 16:46 - 2017-02-15 16:46 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignd41d332e8e5e1a62
2017-02-15 16:46 - 2017-02-15 16:46 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign2e5d29f566963d38
2017-02-15 15:31 - 2017-02-15 15:31 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign492baf5f70dcef93
2017-02-15 15:27 - 2017-02-15 15:27 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign955e2546690217bf
2017-02-15 15:27 - 2017-02-15 15:27 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign32041dcedb3e9835
2017-02-15 15:26 - 2017-02-15 15:26 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignd096911b8a1e0486
2017-02-15 15:26 - 2017-02-15 15:26 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign234f1f4ae72fd587
2017-02-15 12:59 - 2017-02-15 12:59 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign6ae67a975ea5b8be
2017-02-15 12:59 - 2017-02-15 12:59 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign5ace8c50355aff8a
2017-02-14 15:26 - 2017-02-14 15:26 - 00023157 _____ C:\Users\mzenk_000\Downloads\full-page-navigation.zip
2017-02-14 15:23 - 2017-02-14 15:23 - 00026983 _____ C:\Users\mzenk_000\Downloads\gooey-menu-v1.zip
2017-02-14 15:00 - 2017-02-14 15:00 - 00029436 _____ C:\Users\mzenk_000\Downloads\gooey-menu-v4.zip
2017-02-14 14:55 - 2017-02-14 14:55 - 00029133 _____ C:\Users\mzenk_000\Downloads\angle-nav.zip
2017-02-14 13:49 - 2017-02-14 13:49 - 00167479 _____ C:\Users\mzenk_000\Downloads\News-Feed-Free-V2.zip
2017-02-14 13:49 - 2017-02-14 13:49 - 00097862 _____ C:\Users\mzenk_000\Downloads\Content-Locker-Free-V2.zip
2017-02-14 13:49 - 2017-02-14 13:49 - 00076310 _____ C:\Users\mzenk_000\Downloads\cool-countdownV21.zip
2017-02-14 13:49 - 2017-02-14 13:49 - 00035362 _____ C:\Users\mzenk_000\Downloads\Mailchimp-Signup-Form.zip
2017-02-14 13:49 - 2017-02-14 13:49 - 00025625 _____ C:\Users\mzenk_000\Downloads\cookie-policy-popup-V3.zip
2017-02-14 13:49 - 2017-02-14 13:49 - 00023810 _____ C:\Users\mzenk_000\Downloads\muse-password-protect1.zip
2017-02-14 13:49 - 2017-02-14 13:49 - 00023691 _____ C:\Users\mzenk_000\Downloads\HoverAnimationEffects.zip
2017-02-14 13:49 - 2017-02-14 13:49 - 00023416 _____ C:\Users\mzenk_000\Downloads\search-and-replace.zip
2017-02-13 15:35 - 2017-02-13 15:35 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignb6f8e8206877e911
2017-02-13 14:28 - 2017-02-13 14:28 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign56f6d694b2e04b6b
2017-02-13 14:28 - 2017-02-13 14:28 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign18daaabdfa9a73e9
2017-02-13 14:28 - 2017-02-13 14:28 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign172abc1b5708c755
2017-02-13 14:19 - 2017-02-13 14:19 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign384744cf76406df2
2017-02-13 13:29 - 2017-02-13 13:29 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigna11df168643eb5fb
2017-02-13 13:29 - 2017-02-13 13:29 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign2ac49be8ace554af
2017-02-13 10:04 - 2017-02-13 10:04 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigne42b26e018191999
2017-02-13 10:04 - 2017-02-13 10:04 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignb248c61ba1170207
2017-02-13 10:04 - 2017-02-13 10:04 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign1142a570deb9672a
2017-02-13 10:02 - 2017-02-13 10:02 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignbe001cddd3ca882f
2017-02-13 10:01 - 2017-02-13 10:01 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignba68d35dc63165c8
2017-02-10 19:05 - 2017-02-13 17:50 - 00038261 _____ C:\Users\mzenk_000\Desktop\Test_PCB.T3001
2017-02-10 19:05 - 2017-02-13 17:50 - 00000000 ____D C:\Users\mzenk_000\Desktop\BackupFiles
2017-02-10 14:12 - 2017-02-10 14:12 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignaeabc3ee579df135
2017-02-10 14:08 - 2017-02-10 14:08 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignf0fa481281a5196a
2017-02-10 14:08 - 2017-02-10 14:08 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign7515249099ccbb32
2017-02-10 10:20 - 2017-02-10 10:20 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign48ab21c6b95be5d9
2017-02-10 10:20 - 2017-02-10 10:20 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign3384cbd5878901c1
2017-02-10 09:18 - 2017-02-10 09:18 - 00000000 ____D C:\Users\mzenk_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TARGET 3001! V18 discover
2017-02-10 09:18 - 2017-02-10 09:18 - 00000000 ____D C:\ProgramData\Okmbexyj0
2017-02-10 09:17 - 2017-02-10 09:18 - 00000000 ____D C:\Program Files (x86)\ELECTRA
2017-02-10 09:17 - 2017-02-10 09:17 - 00001324 _____ C:\Users\Public\Desktop\Target 3001! V18 discover.lnk
2017-02-10 09:17 - 2017-02-10 09:17 - 00001075 _____ C:\Users\mzenk_000\Desktop\ELECTRA.lnk
2017-02-10 09:17 - 2017-02-10 09:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TARGET 3001! V18 discover
2017-02-10 09:17 - 2017-02-10 09:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ELECTRA
2017-02-10 09:17 - 2017-02-10 09:17 - 00000000 ____D C:\Program Files (x86)\ibf
2017-02-10 09:12 - 2017-02-10 09:12 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign8c71d19af8e569e4
2017-02-10 09:12 - 2017-02-10 09:12 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign7a59ce72730ddca8
2017-02-10 09:12 - 2017-02-10 09:12 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign5048d17ade60ef3a
2017-02-10 08:53 - 2017-02-10 08:53 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignbf59e829652370c9
2017-02-10 08:53 - 2017-02-10 08:53 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign283e73481bc56a0a
2017-02-10 08:53 - 2017-02-10 08:53 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign11c9b47200ec4070
2017-02-09 14:02 - 2017-02-09 14:02 - 00394252 _____ C:\Users\mzenk_000\Desktop\170209_01_OF-NBB_N.pdf
2017-02-09 12:58 - 2017-02-09 12:58 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignf59a1d730f094f39
2017-02-09 12:58 - 2017-02-09 12:58 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigndcd87cbf3b53f024
2017-02-09 12:58 - 2017-02-09 12:58 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigna9f8fb0bf2a339e3
2017-02-09 12:58 - 2017-02-09 12:58 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign98b93d005594c566
2017-02-09 12:57 - 2017-02-09 12:57 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigna9347c0ec9f8d6e7
2017-02-09 12:57 - 2017-02-09 12:57 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign737a376c1362f98d
2017-02-09 12:57 - 2017-02-09 12:57 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign5c1258d0053196f5
2017-02-09 12:17 - 2017-02-09 12:17 - 03060834 _____ C:\Users\mzenk_000\Downloads\170207_video_userart.pdf
2017-02-09 12:16 - 2017-02-09 12:16 - 07530944 _____ C:\Users\mzenk_000\Downloads\A4_pricing (1).pdf
2017-02-09 11:16 - 2017-02-09 11:16 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign9856dcc15a1603ec
2017-02-09 11:16 - 2017-02-09 11:16 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign4f2d1d882eeed158
2017-02-09 11:16 - 2017-02-09 11:16 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign187b2b4ad4340a8e
2017-02-09 11:16 - 2017-02-09 11:16 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign06464810f4c0df2a
2017-02-09 10:41 - 2017-02-09 11:24 - 00387203 _____ C:\Users\mzenk_000\Desktop\170208_01_OF-EDK_CCB.pdf
2017-02-07 18:49 - 2017-02-07 18:49 - 00000000 ____D C:\Users\mzenk_000\Desktop\fritz
2017-02-07 18:48 - 2017-02-07 18:48 - 50293250 _____ C:\Users\mzenk_000\Downloads\fritzing.0.9.2b.32.pc.zip
2017-02-07 18:45 - 2017-02-07 18:45 - 00000000 ____D C:\Users\mzenk_000\Desktop\fritzing.0.9.3b.64.pc
2017-02-07 18:31 - 2017-02-07 18:31 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign97121c07a75f8c52
2017-02-07 18:31 - 2017-02-07 18:31 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign88c1733fb2770e04
2017-02-07 18:31 - 2017-02-07 18:31 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign4f09ad5c76a753f5
2017-02-07 18:06 - 2017-02-07 18:42 - 00000000 ____D C:\Users\mzenk_000\Downloads\fritzing.0.9.3b.64.pc
2017-02-07 17:20 - 2017-02-07 17:20 - 03060834 _____ C:\Users\mzenk_000\Desktop\170207_video_userart.pdf
2017-02-07 16:51 - 2017-02-07 16:51 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignd1f6318c9d1600bc
2017-02-07 16:51 - 2017-02-07 16:51 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignbaaad3e3d6784574
2017-02-07 16:51 - 2017-02-07 16:51 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignaec88454634c9105
2017-02-07 12:09 - 2017-02-07 12:10 - 04009061 _____ C:\Users\mzenk_000\Downloads\Reolink-Client-Windows-v7.1.2.44.zip
2017-02-06 12:25 - 2017-02-06 12:25 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign53641ec6fdc715eb
2017-02-06 12:14 - 2017-02-06 12:14 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign4f9d40a5c17806e6
2017-02-06 12:14 - 2017-02-06 12:14 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign06b388432c15f36f
2017-02-06 12:12 - 2017-02-06 12:12 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignb97eb56002ecbdf2
2017-02-06 12:12 - 2017-02-06 12:12 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign6db7dce2268c1653
2017-02-06 12:12 - 2017-02-06 12:12 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign57d2c35bd783b793
2017-02-05 13:11 - 2017-02-05 13:11 - 36193624 _____ C:\Users\mzenk_000\Desktop\hz.7z
2017-02-05 13:08 - 2017-02-05 13:08 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigncd3e28d3e309604f
2017-02-05 13:08 - 2017-02-05 13:08 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignc38f5e4111fd38dd
2017-02-05 13:08 - 2017-02-05 13:08 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign7816e8e04de038af
2017-02-05 13:08 - 2017-02-05 13:08 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign5ed70d4e258b8ad9
2017-02-05 13:05 - 2017-02-05 13:05 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignd10a608de7703ed0
2017-02-05 13:05 - 2017-02-05 13:05 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign9a522224ce47b2de
2017-02-05 13:05 - 2017-02-05 13:05 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign24999d1b2762cbfd
2017-02-05 13:00 - 2017-02-05 13:43 - 00000000 ____D C:\Users\mzenk_000\Desktop\hz
2017-02-05 12:55 - 2017-02-05 12:55 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign98b038aa59773bc5
2017-02-05 12:55 - 2017-02-05 12:55 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign986829465dc8b451
2017-02-05 12:55 - 2017-02-05 12:55 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign66b2c2ff01014dfe
2017-02-03 10:48 - 2017-02-03 10:48 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigne71557b37b948fe0
2017-02-03 10:48 - 2017-02-03 10:48 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign8e71485dc7e2836d
2017-02-03 10:48 - 2017-02-03 10:48 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign2c5fd137c97afcc6
2017-02-02 18:16 - 2017-02-02 18:16 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignff1a577bd8dfce30
2017-02-02 13:51 - 2017-02-02 13:51 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigncfb76ba3b86d0f05
2017-02-02 13:51 - 2017-02-02 13:51 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign3c101241f5775b14
2017-02-02 11:32 - 2017-02-02 11:32 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign47b3c8d3a537346b
2017-02-02 10:36 - 2017-02-02 10:36 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigna9238eb19aa5dd68
2017-02-02 10:35 - 2017-02-02 10:35 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign42ec664478d58e11
2017-02-02 10:35 - 2017-02-02 10:35 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign2106d3a2cdbe11e8
2017-02-02 10:04 - 2017-02-02 14:51 - 03188713 _____ C:\Users\mzenk_000\Desktop\test4.pdf
2017-02-02 09:14 - 2017-02-02 09:14 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign1e5eaef36b1ad4bc
2017-02-02 09:06 - 2017-02-02 09:06 - 02965745 _____ C:\Users\mzenk_000\Desktop\newDesign_test.psd
2017-02-02 08:28 - 2017-02-02 08:28 - 03004084 _____ C:\Users\mzenk_000\Downloads\test2 (3).pdf
2017-02-01 19:48 - 2017-02-01 19:48 - 03004084 _____ C:\Users\mzenk_000\Downloads\test2 (2).pdf
2017-02-01 19:47 - 2017-02-01 19:47 - 03004084 _____ C:\Users\mzenk_000\Downloads\test2 (1).pdf
2017-02-01 19:45 - 2017-02-01 19:45 - 03004084 _____ C:\Users\mzenk_000\Downloads\test2.pdf
2017-02-01 19:33 - 2017-02-01 19:33 - 03004084 _____ C:\Users\mzenk_000\Desktop\test2.pdf
2017-02-01 18:53 - 2017-02-01 18:53 - 02992213 _____ C:\Users\mzenk_000\Desktop\test.pdf
2017-02-01 18:26 - 2017-02-01 18:26 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigneafda34b046ec09f
2017-02-01 17:45 - 2017-02-01 17:45 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign952e9cd8a44d7813
2017-02-01 17:45 - 2017-02-01 17:45 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign14d1df027716a70b
2017-02-01 16:03 - 2017-02-01 16:03 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign9148140213c2537b
2017-02-01 16:03 - 2017-02-01 16:03 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign8e82a863e603aedf
2017-02-01 15:18 - 2017-02-01 15:18 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignace09b0a7f52a7c3
2017-02-01 10:33 - 2017-02-01 10:33 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign59940190a9e2853f
2017-02-01 10:32 - 2017-02-01 10:32 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign9953110cc371eed4
2017-02-01 10:32 - 2017-02-01 10:32 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign1006db2fc981619d
2017-01-31 17:53 - 2017-01-31 17:53 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigne575d59ab15779ab
2017-01-31 17:28 - 2017-01-31 17:28 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignfe91425c6bd6027f
2017-01-31 17:18 - 2017-01-31 17:18 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign98586aa3c9734a36
2017-01-31 17:16 - 2017-01-31 17:16 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign10e97d07a757b601
2017-01-30 19:21 - 2017-01-30 19:21 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign8b3c826f78683fd5
2017-01-30 19:20 - 2017-01-30 19:20 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign9c31088370a4d7e5
2017-01-30 19:11 - 2017-01-30 19:11 - 00007987 _____ C:\Users\mzenk_000\Desktop\_DSC9265.xmp
2017-01-30 18:58 - 2017-01-30 18:58 - 00007983 _____ C:\Users\mzenk_000\Desktop\_DSC9263.xmp
2017-01-30 18:58 - 2017-01-30 18:58 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignb2def6a33deb50d4
2017-01-30 17:41 - 2017-01-30 17:41 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignd929c642b92d88fa
2017-01-30 17:41 - 2017-01-30 17:41 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigna4214f993abfeae1
2017-01-28 11:58 - 2017-01-28 11:58 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigna685ba46f4e27a65
2017-01-28 11:58 - 2017-01-28 11:58 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign164608d3b2e25485
2017-01-28 11:58 - 2017-01-28 11:58 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign0b68d206c35efcfa
2017-01-28 11:57 - 2017-01-28 11:57 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigne4126ea7a9335e56
2017-01-28 11:57 - 2017-01-28 11:57 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignb674af7d755830ea
2017-01-25 12:04 - 2016-12-21 08:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 12:04 - 2016-12-21 05:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-24 16:16 - 2017-01-24 16:16 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign6fde0984c2759ff9
2017-01-24 16:16 - 2017-01-24 16:16 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign168b33ba7f6aea81
2017-01-24 15:30 - 2017-01-24 15:30 - 00001032 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Muse CC 2017.lnk
2017-01-24 15:29 - 2017-01-24 15:29 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign7b6a5ea10806c973
2017-01-24 15:29 - 2017-01-24 15:29 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign5fa4f1f0a76deb83
2017-01-24 15:29 - 2017-01-24 15:29 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign1304b1a1720d4cda
2017-01-24 15:19 - 2017-01-24 15:19 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigndd4c16ce0ed3f0f3
2017-01-24 15:19 - 2017-01-24 15:19 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign97e7956eb4a47c28

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-02-23 10:35 - 2015-11-19 17:23 - 00000000 ____D C:\ProgramData\Tenable
2017-02-23 10:21 - 2016-04-01 12:34 - 00000000 ____D C:\Users\mzenk_000\Documents\Visual Studio 2015
2017-02-23 10:21 - 2015-07-01 14:22 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-23 10:20 - 2015-07-01 14:22 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2017-02-23 09:54 - 2016-09-14 13:17 - 00000000 ____D C:\Users\mzenk_000
2017-02-23 09:16 - 2016-09-14 13:14 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-23 07:02 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-23 07:02 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-23 02:00 - 2013-02-12 10:02 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Adobe
2017-02-22 20:48 - 2014-03-25 12:21 - 00000600 _____ C:\Users\mzenk_000\AppData\Local\PUTTY.RND
2017-02-22 18:25 - 2016-09-14 13:16 - 00000000 ____D C:\ProgramData\Razer
2017-02-22 18:25 - 2013-02-26 17:38 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Razer
2017-02-22 18:24 - 2016-09-14 13:16 - 00000000 ____D C:\Program Files (x86)\Razer
2017-02-22 18:22 - 2012-11-29 08:15 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-02-22 18:21 - 2016-09-14 13:56 - 00003738 _____ C:\WINDOWS\System32\Tasks\DriverMaxAgent
2017-02-22 18:17 - 2016-04-01 09:32 - 00000000 ____D C:\Program Files (x86)\OpenVPN
2017-02-22 18:17 - 2015-07-29 11:46 - 00000000 ____D C:\Program Files (x86)\Bitcoin
2017-02-22 12:47 - 2016-09-14 13:17 - 04547644 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-22 12:47 - 2016-07-16 23:51 - 02073388 _____ C:\WINDOWS\system32\perfh007.dat
2017-02-22 12:47 - 2016-07-16 23:51 - 00544078 _____ C:\WINDOWS\system32\perfc007.dat
2017-02-22 12:43 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2017-02-22 12:41 - 2016-11-15 10:49 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-22 12:41 - 2016-09-14 13:56 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-22 12:41 - 2016-07-16 07:04 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-02-22 12:41 - 2015-11-19 17:23 - 00001024 _____ C:\.rnd
2017-02-22 12:41 - 2015-11-04 10:57 - 00000946 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-02-22 12:13 - 2016-09-14 14:02 - 00000306 __RSH C:\Users\mzenk_000\ntuser.pol
2017-02-22 12:13 - 2013-11-21 13:33 - 00000306 __RSH C:\ProgramData\ntuser.pol
2017-02-22 12:08 - 2013-04-06 22:23 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Google
2017-02-22 11:55 - 2014-09-06 19:24 - 00817796 _____ C:\Users\mzenk_000\Documents\MuseLog.txt
2017-02-22 11:47 - 2016-09-14 13:56 - 00003628 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-02-22 11:47 - 2016-09-14 13:56 - 00003504 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-02-22 11:42 - 2016-09-14 13:56 - 00004086 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-02-22 11:42 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-22 11:42 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-22 11:42 - 2013-04-06 22:23 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-22 10:31 - 2014-09-06 18:33 - 00000000 ____D C:\Users\mzenk_000\Desktop\userart
2017-02-22 09:41 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-21 10:11 - 2013-01-17 12:52 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Packages
2017-02-21 09:04 - 2017-01-08 12:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC
2017-02-21 07:45 - 2016-05-11 09:07 - 00000033 _____ C:\Users\mzenk_000\AppData\Roaming\AdobeWLCMCache.dat
2017-02-20 18:25 - 2013-02-28 11:43 - 00000000 ____D C:\Users\mzenk_000\AppData\Roaming\MakerBot
2017-02-15 15:41 - 2013-01-17 12:52 - 00000000 ____D C:\Users\mzenk_000\AppData\Roaming\Adobe
2017-02-13 10:01 - 2016-05-10 15:42 - 00000000 ___RD C:\Users\mzenk_000\Creative Cloud Files
2017-02-13 10:01 - 2014-02-13 09:56 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-02-10 09:18 - 2013-09-13 22:07 - 00000000 ____D C:\Users\mzenk_000\AppData\Roaming\ibf
2017-02-09 12:26 - 2016-11-03 12:05 - 00003976 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1478171135
2017-02-09 12:26 - 2016-11-03 12:05 - 00001131 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2017-02-09 12:26 - 2014-03-11 14:25 - 00000000 ____D C:\Program Files (x86)\Opera
2017-02-07 17:59 - 2015-03-06 12:22 - 00000000 ____D C:\Users\mzenk_000\AppData\Roaming\Fritzing
2017-02-06 20:48 - 2016-07-16 12:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-06 20:48 - 2016-07-16 12:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-06 18:26 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-06 16:45 - 2016-12-14 09:25 - 00001365 _____ C:\Users\mzenk_000\Desktop\Neues Textdokument (2).txt
2017-01-31 15:58 - 2016-12-08 15:22 - 00000000 ____D C:\Users\mzenk_000\Desktop\sales
2017-01-30 20:10 - 2016-11-22 19:28 - 00008256 _____ C:\Users\mzenk_000\Desktop\_DSC9255.xmp
2017-01-27 13:13 - 2013-04-25 11:31 - 00000000 ____D C:\Users\mzenk_000\Desktop\private
2017-01-26 18:42 - 2016-12-12 15:59 - 00000013 _____ C:\Users\mzenk_000\Desktop\karl.txt
2017-01-25 18:43 - 2017-01-17 11:17 - 00000000 ____D C:\Users\mzenk_000\Desktop\ste_edit
2017-01-24 16:16 - 2017-01-11 18:53 - 00000000 ____D C:\Users\mzenk_000\Documents\MobaXterm
2017-01-24 15:30 - 2013-02-12 10:45 - 00000000 ____D C:\Program Files\Adobe

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2013-01-17 12:53 - 2013-01-19 10:33 - 0002347 _____ () C:\Users\mzenk_000\AppData\Roaming\AbsoluteReminder.xml
2013-10-06 10:56 - 2013-10-06 10:56 - 0000132 _____ () C:\Users\mzenk_000\AppData\Roaming\Adobe CS6-BMP-Format - Voreinstellungen
2014-10-15 07:59 - 2015-01-29 12:34 - 0000132 _____ () C:\Users\mzenk_000\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2016-05-11 09:07 - 2017-02-21 07:45 - 0000033 _____ () C:\Users\mzenk_000\AppData\Roaming\AdobeWLCMCache.dat
2013-02-26 17:52 - 2013-02-26 19:36 - 0001846 _____ () C:\Users\mzenk_000\AppData\Roaming\EliseProfile0.dat
2013-02-26 19:35 - 2013-02-26 19:36 - 0001820 _____ () C:\Users\mzenk_000\AppData\Roaming\EliseProfile1.dat
2015-12-19 19:13 - 2016-04-13 12:23 - 0000600 _____ () C:\Users\mzenk_000\AppData\Roaming\PUTTY.RND
2013-10-06 10:32 - 2013-10-06 10:32 - 0000000 _____ () C:\Users\mzenk_000\AppData\Roaming\sdsce.dll
2013-10-06 10:35 - 2013-10-06 10:35 - 0000000 _____ () C:\Users\mzenk_000\AppData\Roaming\systkr32.dll
2014-03-19 11:33 - 2014-12-12 09:28 - 0000600 _____ () C:\Users\mzenk_000\AppData\Roaming\winscp.rnd
2013-02-13 17:31 - 2016-05-06 08:48 - 0001456 _____ () C:\Users\mzenk_000\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2013-01-17 12:52 - 2016-03-03 12:26 - 0067415 _____ () C:\Users\mzenk_000\AppData\Local\BTServer.log
2014-01-15 13:32 - 2014-01-15 13:32 - 0000144 _____ () C:\Users\mzenk_000\AppData\Local\CFHDMNOQAIGPKHIHSRKO.75956.blb
2013-02-26 17:47 - 2013-02-26 17:47 - 0007875 _____ () C:\Users\mzenk_000\AppData\Local\CleanupUninstall.txt
2014-01-25 18:10 - 2014-01-25 18:10 - 0000144 _____ () C:\Users\mzenk_000\AppData\Local\CLNTFNCJIMJFDSTBSCHS.5108.blb
2013-12-18 15:28 - 2013-12-18 15:28 - 0000144 _____ () C:\Users\mzenk_000\AppData\Local\EFHHTCHONLPNPHRFQANH.30860.blb
2014-01-25 17:27 - 2014-01-25 17:27 - 0000144 _____ () C:\Users\mzenk_000\AppData\Local\FPISCFKGEBANHRLFIGGT.5108.blb
2013-12-18 16:44 - 2013-12-18 16:44 - 0000144 _____ () C:\Users\mzenk_000\AppData\Local\GBCTOPGKTCGSHDMETAJG.16708.blb
2014-01-25 15:52 - 2014-01-25 15:52 - 0000144 _____ () C:\Users\mzenk_000\AppData\Local\HFSSDHRKCHOFPQJHIOHJ.5108.blb
2014-01-15 12:50 - 2014-01-15 12:50 - 0000144 _____ () C:\Users\mzenk_000\AppData\Local\LTRMABHCTOJCOQEMCERM.75956.blb
2013-12-18 17:24 - 2013-12-18 17:24 - 0000144 _____ () C:\Users\mzenk_000\AppData\Local\NQNKIDCARMBCCFPMHNCI.15028.blb
2013-01-18 09:03 - 2013-07-17 13:09 - 0000008 ____H () C:\Users\mzenk_000\AppData\Local\pcdit.dat
2014-03-25 12:21 - 2017-02-22 20:48 - 0000600 _____ () C:\Users\mzenk_000\AppData\Local\PUTTY.RND
2015-01-15 16:11 - 2015-01-15 16:11 - 0000218 _____ () C:\Users\mzenk_000\AppData\Local\recently-used.xbel
2013-02-18 21:57 - 2013-11-04 12:44 - 0000369 _____ () C:\Users\mzenk_000\AppData\Local\RegisteredPackageInformation.xml
2013-10-30 10:43 - 2013-10-30 10:43 - 0000017 _____ () C:\Users\mzenk_000\AppData\Local\resmon.resmoncfg
2014-01-18 15:59 - 2014-01-18 15:59 - 0000144 _____ () C:\Users\mzenk_000\AppData\Local\RTHHCLTGFPJAKJKLANID.900792.blb
2013-11-11 12:22 - 2013-11-11 12:22 - 0000331 _____ () C:\Users\mzenk_000\AppData\Local\RunFromPB.rtfxoptions
2016-09-14 13:14 - 2016-09-14 13:14 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-01-18 09:02 - 2013-01-18 09:02 - 0000036 _____ () C:\ProgramData\InstallAlibre.config
2013-12-18 15:13 - 2013-12-18 15:13 - 0000090 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-02-20 12:57

==================== Ende von FRST.txt ============================