Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Lavasoft Entfernung (https://www.trojaner-board.de/194545-lavasoft-entfernung.html)

dirk_92 04.01.2019 22:44
Lavasoft Entfernung
 
Hallo zusammen,

beim Versuch das Spiel Factorio im Multiplayer zu spielen scheint es zu Komplikationen mit der LavasoftTcpService64.dll zu kommen. Keine Ahnung wo die herkommt ;-)

Ich würde mich freuen, wenn Ihr mir dabei helfen könnt, das Ding loszuwerden.

Ich habe mir FRST frisch runtergeladen, hier die Logs:

Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 01.01.2019
durchgeführt von Admin (Administrator) auf DJ (04-01-2019 22:20:29)
Gestartet von C:\Users\Admin\Desktop
Geladene Profile: Admin & Fee-Jonas & Dirk (Verfügbare Profile: Admin & Fee-Jonas & Dirk)
Platform: Windows 8.1 Pro (Update) (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Device Health\DhMachineSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Device Health\PluginManager\DhPluginMgr.exe
(Microsoft Corporation) C:\Windows\System32\WirelessKB850NotificationService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.895\SSScheduler.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_ep64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.895\SSScheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8029576 2016-10-17] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [261512 2019-01-04] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Communicator] => C:\Program Files (x86)\Microsoft Lync\communicator.exe [12120104 2017-08-15] (Microsoft Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [527864 2012-12-10] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58584 2017-05-30] (Raptr, Inc)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [261512 2019-01-04] (AVAST Software)
HKU\S-1-5-21-1220723716-4126832292-3965305388-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3113768 2018-12-04] (Electronic Arts)
HKU\S-1-5-21-1220723716-4126832292-3965305388-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18630056 2018-09-06] (Piriform Ltd)
HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [912480 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3113768 2018-12-04] (Electronic Arts)
HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\...\Run: [Amazon Music] => C:\Users\Fee-Jonas\AppData\Local\Amazon Music\Amazon Music.exe [23183848 2017-09-19] (Amazon Services LLC)
HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\...\Run: [MiPhoneManager] => C:\Users\Fee-Jonas\AppData\Local\MiPhoneManager\main\MiPhoneHelper.exe [449464 2016-04-07] ()
HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\...\Run: [Amazon Music Helper] => C:\Users\Fee-Jonas\AppData\Local\Amazon Music\Amazon Music Helper.exe [3977704 2017-09-19] (Amazon Services LLC)
HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [49803112 2018-09-21] (Skype Technologies S.A.)
HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18630056 2018-09-06] (Piriform Ltd)
HKU\S-1-5-21-1220723716-4126832292-3965305388-1115\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-11-21] (Microsoft Corporation)
HKLM\...\Drivers32-x32: [vidc.VP60] => C:\Windows\SysWOW64\vp6vfw.dll [447752 2011-02-18] (On2.com)
HKLM\...\Drivers32-x32: [vidc.VP61] => C:\Windows\SysWOW64\vp6vfw.dll [447752 2011-02-18] (On2.com)
HKLM\...\Drivers32-x32: [msacm.l3codecp] => C:\Windows\SysWOW64\l3codecp.acm [186368 2014-11-21] (Fraunhofer Institut Integrierte Schaltungen IIS)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] -> C:\Program Files\Windows Mail\WinMail.exe [2014-11-21] (Microsoft Corporation)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] -> C:\Program Files (x86)\Windows Mail\WinMail.exe [2014-11-21] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2018-12-13]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.895\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2014-05-18]
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
Startup: C:\Users\Fee-Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2016-12-21]
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-10-07] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-10-07] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-10-07] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-10-07] (Lavasoft Limited)
Winsock: Catalog9-x64 05 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-10-07] (Lavasoft Limited)
Hosts: 0.0.0.1        mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2
Tcpip\..\Interfaces\{E84189D4-3B18-4181-AC1D-0B9941A551E5}: [DhcpNameServer] 192.168.0.1 192.168.0.2

Internet Explorer:
==================
HKU\S-1-5-21-1220723716-4126832292-3965305388-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-1220723716-4126832292-3965305388-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://startpage.com/
HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1377645329489&tguid=66920-6787-1377645329489-73988A8FA453A62848B9595AB8BC7DA3&st=chrome&q=
HKU\S-1-5-21-1220723716-4126832292-3965305388-1115\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKLM-x32 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.certified-toolbar.com?si=&st=bs&tid=6787&ver=4.4&ts=1377645329489&tguid=66920-6787-1377645329489-73988A8FA453A62848B9595AB8BC7DA3&q={searchTerms}
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1377645329489&tguid=66920-6787-1377645329489-73988A8FA453A62848B9595AB8BC7DA3&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1220723716-4126832292-3965305388-1001 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-1220723716-4126832292-3965305388-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D100715-A166D148A50&form=CONBDF&conlogo=CT3334470&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1220723716-4126832292-3965305388-1001 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = hxxps://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1220723716-4126832292-3965305388-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-1220723716-4126832292-3965305388-1001 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dnldstr_14_37_ff&cd=2XzuyEtN2Y1L1Qzu0B0CyD0F0FyEyByCzyyE0EyByByB0DzytN0D0Tzu0SzyzzzztN1L2XzutAtFtAtFtAtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDzy0DtB0BzyyCyDtGzy0F0CtAtGtAtAtAyBtG0E0DzytDtGtBzzyC0C0CyDtC0B0CzytA0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0D0F0F0DtDyByCtGtByE0FtBtGyEyEzz0DtGzytAyCtAtGtA0CtBtCtD0EyDtCtBtBzytB2Q&cr=1404310169&ir=
SearchScopes: HKU\S-1-5-21-1220723716-4126832292-3965305388-1001 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1377645329489&tguid=66920-6787-1377645329489-73988A8FA453A62848B9595AB8BC7DA3&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1220723716-4126832292-3965305388-1002 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1377645329489&tguid=66920-6787-1377645329489-73988A8FA453A62848B9595AB8BC7DA3&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Lync\OCHelper.dll [2010-11-03] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-08-22] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-08-22] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  Keine Datei
Toolbar: HKLM - Kein Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  Keine Datei
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP5-14362/webex/ieatgpc.cab

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e1j5k7a3.default [2019-01-04]
FF Homepage: Mozilla\Firefox\Profiles\e1j5k7a3.default -> hxxps://startpage.com
FF NewTab: Mozilla\Firefox\Profiles\e1j5k7a3.default -> hxxps://startpage.com
FF Extension: (Avast Online Security) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e1j5k7a3.default\Extensions\wrc@avast.com.xpi [2018-11-19]
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e1j5k7a3.default\searchplugins\bing-lavasoft.xml [2015-10-07]
FF HKU\S-1-5-21-1220723716-4126832292-3965305388-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => nicht gefunden
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_101.dll [2018-12-06] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_101.dll [2018-12-06] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-08-22] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1220723716-4126832292-3965305388-1002: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2018-12-29] ()

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <nicht gefunden>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <nicht gefunden>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2016-10-17] (Advanced Micro Devices) [Datei ist nicht signiert]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [7834368 2019-01-04] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [357816 2019-01-04] (AVAST Software)
R2 DeviceHealth; C:\Program Files (x86)\Microsoft Device Health\DhMachineSvc.exe [196760 2015-01-30] (Microsoft Corporation)
R2 DeviceHealthPluginMgr; C:\Program Files (x86)\Microsoft Device Health\PluginManager\DhPluginMgr.exe [244376 2015-01-30] (Microsoft Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.895\McCHSvc.exe [405392 2018-12-11] (McAfee, Inc.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2270528 2018-12-04] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3131208 2018-12-04] (Electronic Arts)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
R2 WirelessKB850NotificationService; C:\WINDOWS\system32\WirelessKB850NotificationService.exe [176632 2018-05-14] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 amdacpksd; C:\WINDOWS\system32\drivers\amdacpksd.sys [305544 2016-10-18] (Advanced Micro Devices)
R0 amdide64; C:\WINDOWS\System32\drivers\amdide64.sys [11944 2012-12-03] (Advanced Micro Devices Inc.)
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37304 2019-01-04] (AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [203488 2019-01-04] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [220688 2019-01-04] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [196264 2019-01-04] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswblog.sys [320888 2019-01-04] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [58160 2019-01-04] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [239808 2019-01-04] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46584 2019-01-04] (AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42488 2019-01-04] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [166472 2019-01-04] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111992 2019-01-04] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [88144 2019-01-04] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1034056 2019-01-04] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [474648 2019-01-04] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [218056 2019-01-04] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [380144 2019-01-04] (AVAST Software)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWB6.sys [118848 2016-08-09] (Advanced Micro Devices)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 vpnva; C:\WINDOWS\system32\DRIVERS\vpnva64-6.sys [50128 2012-12-10] (Cisco Systems, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)
R1 {c5e48979-bd7f-4cf7-9b73-2482a67a4f37}w64; C:\WINDOWS\System32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}w64.sys [44688 2014-09-19] (StdLib)
S2 APXACC; \SystemRoot\system32\DRIVERS\appexDrv.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2019-01-04 22:20 - 2019-01-04 22:20 - 000021634 _____ C:\Users\Admin\Desktop\FRST.txt
2019-01-04 22:19 - 2019-01-04 22:01 - 002426368 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2019-01-04 22:02 - 2019-01-04 22:03 - 000065511 _____ C:\Users\Fee-Jonas\Desktop\Addition.txt
2019-01-04 22:01 - 2019-01-04 22:20 - 000000000 ____D C:\FRST
2019-01-04 22:01 - 2019-01-04 22:03 - 000035312 _____ C:\Users\Fee-Jonas\Desktop\FRST.txt
2019-01-04 22:01 - 2019-01-04 22:01 - 002426368 _____ (Farbar) C:\Users\Fee-Jonas\Desktop\FRST64.exe
2019-01-04 21:51 - 2019-01-04 21:51 - 000361352 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2019-01-04 21:51 - 2019-01-04 21:50 - 000320888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswblog.sys
2019-01-04 21:51 - 2019-01-04 21:50 - 000220688 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2019-01-04 21:51 - 2019-01-04 21:50 - 000196264 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2019-01-04 21:51 - 2019-01-04 21:50 - 000058160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2019-01-04 21:51 - 2019-01-04 21:50 - 000037304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2018-12-28 00:30 - 2018-12-28 19:29 - 000000000 ____D C:\Users\Fee-Jonas\Documents\Shadow of the Tomb Raider
2018-12-28 00:30 - 2018-12-28 00:30 - 000000000 ____D C:\Users\Fee-Jonas\AppData\Roaming\Eidos Montreal
2018-12-28 00:30 - 2018-12-28 00:30 - 000000000 ____D C:\Users\Fee-Jonas\AppData\Local\NVIDIA Corporation
2018-12-20 13:53 - 2018-12-14 08:38 - 000790016 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-12-20 13:53 - 2018-12-14 07:33 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-12-16 18:05 - 2018-12-16 18:05 - 000002115 _____ C:\Users\Public\Desktop\WISO steuer Sparbuch 2019.lnk
2018-12-16 18:05 - 2018-12-16 18:05 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Buhl
2018-12-16 18:05 - 2018-12-16 18:05 - 000000000 ____D C:\Users\Admin\AppData\Local\wmain19
2018-12-16 18:05 - 2018-12-16 18:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO steuer Sparbuch 2019
2018-12-14 16:08 - 2018-12-14 16:08 - 000001047 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2018-12-14 16:08 - 2018-12-14 16:08 - 000000000 ____D C:\Users\Fee-Jonas\AppData\Local\Notepad++
2018-12-14 16:08 - 2018-12-14 16:08 - 000000000 ____D C:\Users\Admin\AppData\Local\Notepad++
2018-12-14 11:06 - 2018-11-28 10:39 - 004168704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2018-12-14 11:06 - 2018-11-28 09:08 - 015441408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-12-14 11:06 - 2018-11-28 09:04 - 013322240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-12-14 11:06 - 2018-11-15 04:00 - 025735680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-12-14 11:06 - 2018-11-15 03:34 - 020281856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-12-14 11:06 - 2018-11-15 02:51 - 000498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-12-14 11:06 - 2018-11-15 02:50 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-12-14 11:06 - 2018-11-13 05:35 - 005778944 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-12-14 11:06 - 2018-11-13 05:00 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-12-14 11:06 - 2018-11-13 04:52 - 000809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-12-14 11:06 - 2018-11-13 04:51 - 015284736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-12-14 11:06 - 2018-11-13 04:43 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-12-14 11:06 - 2018-11-13 04:42 - 004494848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-12-14 11:06 - 2018-11-13 04:38 - 013681152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-12-14 11:06 - 2018-11-13 04:38 - 004859904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-12-14 11:06 - 2018-11-13 04:37 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-12-14 11:06 - 2018-11-13 04:27 - 001555968 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-12-14 11:06 - 2018-11-13 04:18 - 004386816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-12-14 11:06 - 2018-11-13 04:16 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-12-14 11:06 - 2018-11-13 04:15 - 001330176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-12-14 11:06 - 2018-11-13 04:14 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-12-14 11:06 - 2018-11-10 20:42 - 001368584 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2018-12-14 11:06 - 2018-11-10 20:36 - 007371720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-12-14 11:06 - 2018-11-10 20:25 - 000121288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2018-12-14 11:06 - 2018-11-10 19:54 - 001308456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-12-14 11:06 - 2018-11-10 19:53 - 000356088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-12-14 11:06 - 2018-11-10 17:34 - 001754112 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2018-12-14 11:06 - 2018-11-10 17:25 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2018-12-14 11:06 - 2018-11-10 17:22 - 000747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-12-14 11:06 - 2018-11-10 17:15 - 001491968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2018-12-14 11:06 - 2018-11-03 19:28 - 002532344 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-12-14 11:06 - 2018-11-03 18:41 - 001903456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-12-14 11:06 - 2018-11-03 16:25 - 002348032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-12-14 11:06 - 2018-11-03 16:11 - 001556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-12-14 11:06 - 2018-10-06 17:43 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-12-14 11:06 - 2018-10-06 17:13 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-12-14 11:06 - 2018-10-05 18:06 - 001200640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2018-12-14 11:06 - 2018-10-05 18:06 - 000323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2018-12-14 11:06 - 2018-10-05 17:20 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2018-12-14 11:06 - 2018-10-05 17:20 - 000200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2018-12-14 11:06 - 2018-10-05 16:18 - 000513376 _____ C:\WINDOWS\SysWOW64\locale.nls
2018-12-14 11:06 - 2018-10-05 16:18 - 000513376 _____ C:\WINDOWS\system32\locale.nls
2018-12-13 11:42 - 2018-12-13 11:42 - 000001980 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2018-12-13 11:42 - 2018-12-13 11:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2018-12-13 11:41 - 2018-12-27 17:03 - 000000000 ____D C:\ProgramData\McAfee Security Scan
2018-12-09 07:24 - 2019-01-03 22:37 - 000000000 ____D C:\Users\Fee-Jonas\AppData\Local\CrashDumps
2018-12-06 14:37 - 2018-12-06 14:37 - 006351872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2019-01-04 22:15 - 2012-12-30 06:25 - 000003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1220723716-4126832292-3965305388-1001
2019-01-04 22:10 - 2015-11-28 00:24 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Raptr
2019-01-04 21:55 - 2016-11-18 21:36 - 000000000 ____D C:\Users\Fee-Jonas\AppData\LocalLow\Mozilla
2019-01-04 21:54 - 2015-11-28 00:27 - 000000000 ____D C:\Users\Fee-Jonas\AppData\Roaming\Raptr
2019-01-04 21:54 - 2014-11-14 22:14 - 000000454 _____ C:\WINDOWS\Tasks\微软设备健康助手开机检测.job
2019-01-04 21:54 - 2013-08-22 15:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-01-04 21:53 - 2015-11-28 00:44 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2019-01-04 21:52 - 2017-04-22 06:43 - 000003910 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2019-01-04 21:51 - 2018-05-05 05:58 - 000239808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2019-01-04 21:51 - 2018-05-05 05:58 - 000203488 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2019-01-04 21:51 - 2016-03-28 23:42 - 000042488 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2019-01-04 21:51 - 2014-05-04 20:22 - 000046584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2019-01-04 21:51 - 2013-12-23 16:20 - 000218056 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2019-01-04 21:51 - 2013-04-11 21:56 - 000474648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2019-01-04 21:51 - 2013-04-11 21:56 - 000380144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2019-01-04 21:51 - 2013-04-11 21:56 - 000166472 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2019-01-04 21:51 - 2013-04-11 21:56 - 000111992 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2019-01-04 21:51 - 2013-04-11 21:56 - 000088144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2019-01-04 21:50 - 2013-04-11 21:56 - 001034056 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2019-01-04 21:44 - 2014-08-11 20:22 - 000000470 _____ C:\WINDOWS\Tasks\微软设备健康助手自动更新.job
2019-01-04 21:30 - 2015-02-14 07:54 - 000000476 _____ C:\WINDOWS\Tasks\微软设备健康助手设备检查.job
2019-01-04 21:13 - 2018-09-06 17:06 - 000003870 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-01-04 21:13 - 2017-08-13 07:26 - 000002778 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2019-01-04 21:13 - 2016-10-25 21:21 - 000004238 _____ C:\WINDOWS\System32\Tasks\AMD Updater
2019-01-04 21:13 - 2016-10-25 18:55 - 000003906 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{BCFF598A-9863-4AE8-8D7E-FDDA574760FE}
2019-01-04 21:13 - 2016-10-24 22:54 - 000003922 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{83FB303E-983C-49AF-9DF9-B4C660AC815C}
2019-01-04 21:13 - 2016-06-11 20:12 - 000000000 ____D C:\Users\Fee-Jonas\AppData\Roaming\Factorio
2019-01-04 21:13 - 2015-12-03 17:40 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2019-01-04 21:13 - 2015-02-14 07:54 - 000003386 _____ C:\WINDOWS\System32\Tasks\微软设备健康助手设备检查
2019-01-04 21:13 - 2014-11-14 22:14 - 000002790 _____ C:\WINDOWS\System32\Tasks\微软设备健康助手开机检测
2019-01-04 21:13 - 2014-09-14 16:48 - 000003290 _____ C:\WINDOWS\System32\Tasks\ASP
2019-01-04 21:13 - 2014-08-11 20:22 - 000003380 _____ C:\WINDOWS\System32\Tasks\微软设备健康助手自动更新
2019-01-04 21:13 - 2014-01-23 17:21 - 000004136 _____ C:\WINDOWS\System32\Tasks\Software Updater Ui
2019-01-04 21:13 - 2014-01-12 13:04 - 000003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1220723716-4126832292-3965305388-1115
2019-01-04 21:13 - 2013-08-28 00:15 - 000004196 _____ C:\WINDOWS\System32\Tasks\Software Updater
2019-01-04 21:13 - 2012-12-29 23:48 - 000004342 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2019-01-04 20:50 - 2013-12-28 13:55 - 000000000 ____D C:\Program Files (x86)\Steam
2019-01-04 14:18 - 2016-10-24 22:26 - 000433648 _____ C:\WINDOWS\system32\prfh0804.dat
2019-01-04 14:18 - 2016-10-24 22:26 - 000132582 _____ C:\WINDOWS\system32\prfc0804.dat
2019-01-04 14:18 - 2014-11-21 04:35 - 002335906 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-01-04 14:18 - 2014-11-21 03:45 - 000758136 _____ C:\WINDOWS\system32\perfh007.dat
2019-01-04 14:18 - 2014-11-21 03:45 - 000156398 _____ C:\WINDOWS\system32\perfc007.dat
2019-01-04 14:18 - 2013-08-22 14:36 - 000000000 ____D C:\WINDOWS\Inf
2019-01-03 23:14 - 2013-08-22 14:25 - 000524288 ___SH C:\WINDOWS\system32\config\BBI
2019-01-03 11:15 - 2013-07-22 18:37 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-12-30 00:07 - 2012-12-30 00:31 - 000000000 ____D C:\Users\Fee-Jonas\AppData\Local\Ubisoft Game Launcher
2018-12-20 14:38 - 2012-07-26 08:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-12-20 13:47 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-12-18 19:58 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\rescache
2018-12-18 18:47 - 2012-12-30 13:10 - 000000000 ____D C:\ProgramData\Origin
2018-12-18 18:47 - 2012-12-30 13:10 - 000000000 ____D C:\Program Files (x86)\Origin
2018-12-17 18:06 - 2012-12-30 06:29 - 000003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1220723716-4126832292-3965305388-1002
2018-12-16 18:05 - 2016-10-25 21:10 - 000000000 ____D C:\Users\Admin\AppData\Local\AMD
2018-12-16 18:05 - 2014-05-18 14:25 - 000000000 ____D C:\Users\Admin\AppData\Local\Buhl
2018-12-16 18:00 - 2014-05-18 14:23 - 000000000 ____D C:\Program Files (x86)\WISO
2018-12-16 18:00 - 2012-12-29 23:42 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-12-16 17:55 - 2014-05-18 14:22 - 000000000 ____D C:\ProgramData\Buhl Data Service GmbH
2018-12-16 15:31 - 2015-12-20 21:40 - 000000000 ____D C:\Users\Fee-Jonas\Documents\Paradox Interactive
2018-12-16 15:18 - 2016-11-17 20:52 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-12-16 15:18 - 2012-12-29 23:44 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-12-14 19:10 - 2012-12-29 23:44 - 000001077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-12-14 16:34 - 2013-08-22 15:44 - 000527816 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-12-14 16:08 - 2016-02-03 22:14 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Notepad++
2018-12-13 14:32 - 2012-12-29 23:38 - 137260640 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-12-13 14:27 - 2012-07-26 06:26 - 000000269 _____ C:\WINDOWS\win.ini
2018-12-13 11:42 - 2015-11-25 19:16 - 000000000 ____D C:\Program Files\McAfee Security Scan
2018-12-06 14:37 - 2018-03-16 18:48 - 000004514 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-12-06 14:37 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-12-06 14:37 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\system32\Macromed

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-04-13 12:58 - 2014-04-13 12:58 - 000001078 _____ () C:\Users\Admin\AppData\Roaming\base64.cer
2016-10-24 20:48 - 2016-10-24 20:48 - 000000046 _____ () C:\Users\Admin\AppData\Roaming\WB.CFG
2013-06-03 15:18 - 2013-06-03 15:18 - 000001244 _____ () C:\Users\Admin\AppData\Local\recently-used.xbel

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2019-01-03 23:38

==================== Ende von FRST.txt ============================
und die Addition.txt

Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 01.01.2019
durchgeführt von Admin (04-01-2019 22:21:22)
Gestartet von C:\Users\Admin\Desktop
Windows 8.1 Pro (Update) (X64) (2016-10-24 21:38:50)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Admin (S-1-5-21-1220723716-4126832292-3965305388-1001 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-1220723716-4126832292-3965305388-500 - Administrator - Disabled)
Dirk (S-1-5-21-1220723716-4126832292-3965305388-1115 - Limited - Enabled) => C:\Users\Dirk
Fee-Jonas (S-1-5-21-1220723716-4126832292-3965305388-1002 - Limited - Enabled) => C:\Users\Fee-Jonas
Gast (S-1-5-21-1220723716-4126832292-3965305388-501 - Limited - Disabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
ACP Application (HKLM\...\{7887FB96-80EA-BDAE-A5E4-A9C8C3ED7093}) (Version: 2016.1017.2209.52 - Advanced Micro Devices, Inc.) Hidden
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.101 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\...\Amazon Amazon Music) (Version: 6.0.1.1166 - Amazon Services LLC)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
Angry Birds (HKLM-x32\...\{A353543A-B1EB-48E1-A719-A88A68BFA555}) (Version: 4.0.0 - Rovio Entertainment Ltd.)
Angry Birds (HKLM-x32\...\{DE96EDE7-7D0A-49D7-9C11-121BA91F84E0}) (Version: 3.3.0 - Rovio Entertainment Ltd.)
ANNO 2070 (HKLM-x32\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.1.2360 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Catalyst Control Center Next Localization BR (HKLM\...\{30BEC4F9-FB2F-3C5D-FBB4-B47DB23271C9}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{9B9E3989-EB86-7D86-39C8-64795A9F30D9}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{E8316EE7-97E5-80F1-B8BE-DDCC225244AC}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{8D9B427F-697E-D95F-059A-1E3E669998A1}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{9DE7A3B1-4B80-8F11-1A0B-F92CC2B06781}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{84035ED3-8E29-59E2-F648-8F07212078C8}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{2A3AE3B3-4E31-A203-8D27-655D950805C1}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{FC32D676-C95A-01BE-037E-98E0259094CC}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{362F7ED0-CC19-BDDE-F804-A718C49797E0}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{88F8B3EF-6947-A693-BEA6-D6A51466371F}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{A0FD84CD-6E95-7D76-2D96-7233B58D0ABD}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{C5A8698A-F510-5BF3-538C-6721D373D274}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{FCC2674A-94F1-A4ED-2CE1-FC2401E559CC}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{F65E03FF-F1ED-D59A-507A-F3D3F1AEED43}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{BB4D999E-5199-D422-0B07-015E97E0E0A0}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{98E1DA10-0656-3266-C88E-1E2F49E9FE19}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{F8082754-11C3-F178-08BD-0F91E89C14C6}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{E3884E2A-224E-8238-EC3F-8F2850D5A1FF}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{BE4FCA73-4411-6FA9-DFA9-B29A8F1E4B36}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{8A63B449-330C-CE77-3D2C-1BC6FA9CD511}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{EC463366-E74D-2630-72D9-74228C2190D9}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.0.11042 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{4B3AF51F-830F-409F-AE05-FB67040C90B6}) (Version: 3.0.11042 - Cisco Systems, Inc.) Hidden
Cisco WebEx Meetings (HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Die Siedler 7 (HKLM-x32\...\{63860309-DA8A-4BAE-9EAE-CE1D6D79340C}) (Version: 1.12.1396 - Ubisoft)
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.69.43.024017 - Electronic Arts Inc.)
Die Sims™ 3 70er, 80er & 90er Accessoires (HKLM-x32\...\{E1868CAE-E3B9-4099-8C18-AA8944D336FD}) (Version: 17.0.77 - Electronic Arts)
Die Sims™ 3 Design-Garten-Accessoires (HKLM-x32\...\{117B6BF6-82C3-420C-B284-9247C8568E53}) (Version: 7.3.2 - Electronic Arts)
Die Sims™ 3 Diesel Accessoires (HKLM-x32\...\{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}) (Version: 14.0.48 - Electronic Arts)
Die Sims™ 3 Einfach tierisch (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
Die Sims™ 3 Gib Gas-Accessoires (HKLM-x32\...\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}) (Version: 5.0.44 - Electronic Arts)
Die Sims™ 3 Inselparadies (HKLM-x32\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts)
Die Sims™ 3 Into the Future (HKLM-x32\...\{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}) (Version: 21.0.150 - Electronic Arts)
Die Sims™ 3 Jahreszeiten (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
Die Sims™ 3 Katy Perry Süße Welt (HKLM-x32\...\{9B2506E3-9A3F-45B5-96BF-509CAD584650}) (Version: 13.0.62 - Electronic Arts)
Die Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.5.1 - Electronic Arts)
Die Sims™ 3 Lebensfreude (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
Die Sims™ 3 Luxus-Accessoires (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.13.1 - Electronic Arts)
Die Sims™ 3 Reiseabenteuer (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
Die Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
Die Sims™ 3 Stadt-Accessoires (HKLM-x32\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)
Die Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
Die Sims™ 3 Traumkarrieren (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.10.1 - Electronic Arts)
Die Sims™ 3 Traumsuite-Accessoires (HKLM-x32\...\{08A25478-C5DD-4EA7-B168-3D687CA987FF}) (Version: 11.0.84 - Electronic Arts)
Die Sims™ 3 Wildes Studentenleben (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.44.83.1020 - Electronic Arts Inc.)
Extended Asian Language font pack for Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-A00000000004}) (Version: 11.0.0 - Adobe Systems Incorporated)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
Greenshot 1.1.5.2643 (HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\...\Greenshot_is1) (Version: 1.1.5.2643 - Greenshot)
GSview 5.0 (HKLM\...\GSview 5.0) (Version: 5.0 - Ghostgum Software Pty Ltd)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Inkscape 0.48.4 (HKLM-x32\...\Inkscape) (Version: 0.48.4 - )
JabRef 2.9.2 (HKLM-x32\...\JabRef 2.9.2) (Version: 2.9.2 - JabRef Team)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
KODAK Create@Home Software (für dm) (HKLM-x32\...\{398AC289-E8BE-4FC2-99B5-AC6DB0640FC7}) (Version: 9.1.0392 - Kodak Alaris Inc.)
Leisure Suit Larry Reloaded (HKLM-x32\...\{E58E79EB-96BC-4BC2-A0E7-9CC28ECF4E1A}) (Version: 1.0.0.0 - Replay Games Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.895.1 - McAfee, Inc.)
Microsoft Lync 2010 (HKLM\...\{58A013B1-1613-4978-881A-FCA43710C84A}) (Version: 4.0.7577.4540 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.11.25325 (HKLM-x32\...\{404c9c27-8377-4fd1-b607-7ca635db4e49}) (Version: 14.11.25325.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MiKTeX 2.9 (HKLM-x32\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mozilla Firefox 64.0 (x64 de) (HKLM\...\Mozilla Firefox 64.0 (x64 de)) (Version: 64.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 63.0.3 - Mozilla)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.9 - Notepad++ Team)
Origin (HKLM-x32\...\Origin) (Version: 10.5.32.18460 - Electronic Arts, Inc.)
PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio)
Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
R for Windows 3.0.0 (HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\...\R for Windows 3.0.0_is1) (Version: 3.0.0 - R Core Team)
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.10-r123135-release - Raptr, Inc)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.9 - Rockstar Games)
RollerCoaster Tycoon 2 Triple Thrill Pack (HKLM-x32\...\{4C5D15D2-5351-4F05-A96E-56C20554F977}) (Version: 1.00.000 - )
s3pe - Sims3 Package Editor (HKLM-x32\...\s3pe) (Version: 12-1225-1206 - Peter L Jones)
SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
Secure Download Manager (HKLM-x32\...\{AA57D6F1-6360-4397-B2D9-B21C69863D97}) (Version: 3.1.0 - Kivuto Solutions Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.98.0213 - Electronic Arts)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype Version 8.31 (HKLM-x32\...\Skype_is1) (Version: 8.31 - Skype Technologies S.A.)
Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeXnicCenter Version 2.0 Beta 1 (HKLM\...\TeXnicCenter_is1) (Version: 2.0 Beta 1 - The TeXnicCenter Team)
Theme Hospital (HKLM-x32\...\{5118A4C2-C8A4-4CE5-AC37-F3E51C25402F}) (Version: 3.0.0.5 - Electronic Arts)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Uplay (HKLM-x32\...\Uplay) (Version: 14.0 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.21.0 (HKLM\...\VulkanRT1.0.21.0) (Version: 1.0.21.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0-10) (Version: 1.0.26.0 - LunarG, Inc.)
WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)
Windows-Treiberpaket - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WISO steuer:Sparbuch 2016 (HKLM-x32\...\{08459FDC-0106-4B93-AD0F-4111DA9C4FD3}) (Version: 23.00.1146 - Buhl Data Service GmbH)
WISO steuer:Sparbuch 2017 (HKLM-x32\...\{8B75DEB9-A7A3-4E7E-A80B-C982B8894E7F}) (Version: 24.05.1582 - Buhl Data Service GmbH)
WISO steuer:Sparbuch 2018 (HKLM-x32\...\{061BEF8E-5B59-45C6-A598-EDB81FC38AFB}) (Version: 25.03.1550 - Buhl Data Service GmbH)
WISO steuer:Sparbuch 2019 (HKLM-x32\...\{42E59B2F-EA74-4898-AACF-A62F7C90EEE2}) (Version: 26.00.1560 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{8FDA5FAB-BF29-4744-B9BD-9C3F9A26F0B6}) (Version: 21.00.8480 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2015 (HKLM-x32\...\{8A6497B9-EF0C-48F9-9D82-7EE4511FA6B4}) (Version: 22.08.9051 - Buhl Data Service GmbH)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)
小米助手 (HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\...\MiPhoneManager) (Version:  - 小米移动软件有限公司)
微软设备健康助手 (HKLM-x32\...\{2EAC4B0F-6E44-4FF6-AA5E-5D100F2BAA59}) (Version: 1.5.3.1 - Microsoft Corporation)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-04] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-04] (AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2011-04-18] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2015-04-15] ()
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-04] (AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-05] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-05] (Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-04] (AVAST Software)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2011-04-18] (Igor Pavlov)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2016-10-17] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-04] (AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-05] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-05] (Alexander Roshal)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {29BAEA52-F7C7-4A2E-94F9-4457AD0E5201} - System32\Tasks\微软设备健康助手设备检查 => C:\Program Files (x86)\Microsoft Device Health\PluginManager\DhPluginMgrScheduler.exe [2015-01-30] (Microsoft Corporation)
Task: {348188BD-B2FF-486F-847C-D14B5DEBAE16} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-09-06] (Piriform Ltd)
Task: {4CEBAF22-9EBD-4BD3-8E7C-B4991475DA89} - System32\Tasks\ASP => C:\Program Files (x86)\RCP\systweakasp.exe
Task: {5A26CFFB-388F-4F96-9B9E-DD8AF02DDA56} - System32\Tasks\微软设备健康助手开机检测 => C:\Program Files (x86)\Microsoft Device Health\DhUpdate.exe [2015-01-30] (Microsoft Corporation)
Task: {68D72534-72E8-46D6-989F-F78C44CED384} - \Microsoft\Windows\Setup\EOSNotify -> Keine Datei <==== ACHTUNG
Task: {7A986F2A-4B42-4A7E-9C90-0BD6BB8F3651} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2019-01-04] (AVAST Software)
Task: {853AEED7-EBAD-4FDC-824E-953303A9D6A0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-12-06] (Adobe Systems Incorporated)
Task: {AC885A5D-128A-4B56-88C9-01560593E036} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-09-06] (Piriform Ltd)
Task: {ACF07987-306C-4031-BFBC-04337D1AD8E8} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_101_Plugin.exe [2018-12-06] (Adobe Systems Incorporated)
Task: {BD7EB177-0D70-45AA-92F7-167D126E29C4} - System32\Tasks\Software Updater Ui => C:\Program Files\SoftwareUpdater\SoftwareUpdater.Ui.exe [2013-12-18] () <==== ACHTUNG
Task: {BD8F20F8-0DCA-46DD-A2E0-D7ABC9DEED39} - System32\Tasks\微软设备健康助手自动更新 => C:\Program Files (x86)\Microsoft Device Health\DhUpdate.exe [2015-01-30] (Microsoft Corporation)
Task: {D44489A7-7A11-4E92-B824-5AE24E839A69} - System32\Tasks\Software Updater => C:\Program Files\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe [2013-12-19] () <==== ACHTUNG
Task: {D7616AB8-6967-47CE-BECD-AC3618293336} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-10-17] (Advanced Micro Devices, Inc.)
Task: {D9E770AE-466E-4AA7-BD27-8A2F4078C917} - System32\Tasks\FreeDriverScout => C:\Program Files\Covus Freemium\Free Driver Scout\1Click.exe
Task: {E4493513-980A-4B9C-A25A-9A0AF78A26E3} - System32\Tasks\SafeZone scheduled Autoupdate 1459280326 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
Task: {F799ABC8-7C43-427E-8AE1-FB4AECFDDC42} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe [2018-11-18] (AVAST Software)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\微软设备健康助手开机检测.job => C:\Program Files (x86)\Microsoft Device Health\DhUpdate.exe/EnableDHWORKGROUP\DJ$H此任务用于微软设备健康助手的状态检测和自我修复。了解更多请查阅hxxp:/support.microsoft.com
Task: C:\WINDOWS\Tasks\微软设备健康助手自动更新.job => C:\Program Files (x86)\Microsoft Device Health\DhUpdate.exeWORKGROUP\DJ$Z此服务属于微软设备健康助手用于获取最新的版本有助于提高设备健康度及保障支付安全。了解更多请查阅hxxp:/support.microsoft.com
Task: C:\WINDOWS\Tasks\微软设备健康助手设备检查.job => C:\Program Files (x86)\Microsoft Device Health\PluginManager\DhPluginMgrScheduler.exeWORKGROUP\DJ$C此任务用于微软设备健康助手的设备检查。了解更多请查阅hxxp:/support.microsoft.com

==================== Verknüpfungen & WMI ========================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)


==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2018-11-20 04:46 - 2018-11-20 04:46 - 004310296 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2016-09-14 02:20 - 2016-09-14 02:20 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-14 02:20 - 2016-09-14 02:20 - 000739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-14 02:20 - 2016-09-14 02:20 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-09-14 02:20 - 2016-09-14 02:20 - 000071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-14 02:20 - 2016-09-14 02:20 - 000011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-14 02:20 - 2016-09-14 02:20 - 002013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2019-01-04 21:51 - 2019-01-04 21:51 - 093695912 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2019-01-04 21:51 - 2019-01-04 21:51 - 000667016 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2015-05-08 02:37 - 2015-05-08 02:37 - 000087040 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_ctypes.pyd
2015-05-08 02:37 - 2015-05-08 02:37 - 000043008 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_socket.pyd
2015-05-08 02:37 - 2015-05-08 02:37 - 000805376 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_ssl.pyd
2015-05-08 02:39 - 2015-05-08 02:39 - 005812736 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtGui.pyd
2017-05-04 20:01 - 2017-05-04 20:01 - 000067584 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\sip.pyd
2015-05-08 02:39 - 2015-05-08 02:39 - 001662464 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtCore.pyd
2015-05-08 02:39 - 2015-05-08 02:39 - 000494592 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtNetwork.pyd
2015-05-08 02:39 - 2015-05-08 02:39 - 000096256 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32api.pyd
2015-05-08 02:38 - 2015-05-08 02:38 - 000110592 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pywintypes26.dll
2015-05-08 02:37 - 2015-05-08 02:37 - 000010240 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\select.pyd
2015-05-08 02:37 - 2015-05-08 02:37 - 000356864 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_hashlib.pyd
2015-05-08 02:39 - 2015-05-08 02:39 - 000036352 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32process.pyd
2015-05-08 02:39 - 2015-05-08 02:39 - 000111104 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32file.pyd
2015-05-08 02:37 - 2015-05-08 02:37 - 000044544 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_sqlite3.pyd
2015-05-08 02:49 - 2015-05-08 02:49 - 000417501 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\sqlite3.dll
2015-05-08 02:39 - 2015-05-08 02:39 - 000167936 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32gui.pyd
2015-05-08 02:39 - 2015-05-08 02:39 - 000313856 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtWebKit.pyd
2015-05-08 02:37 - 2015-05-08 02:37 - 000127488 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pyexpat.pyd
2015-05-08 02:37 - 2015-05-08 02:37 - 000009216 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\winsound.pyd
2015-11-13 22:59 - 2015-11-13 22:59 - 000113171 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libvlc.dll
2015-11-13 22:59 - 2015-11-13 22:59 - 002396691 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libvlccore.dll
2015-05-08 02:37 - 2015-05-08 02:37 - 000583680 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\unicodedata.pyd
2015-05-08 02:38 - 2015-05-08 02:38 - 000354304 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pythoncom26.dll
2015-05-08 02:38 - 2015-05-08 02:38 - 000263168 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32com.shell.shell.pyd
2015-05-08 02:39 - 2015-05-08 02:39 - 000141312 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\gobject._gobject.pyd
2017-05-04 18:33 - 2017-05-04 18:33 - 002717595 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\heliotrope._purple.pyd
2015-05-08 02:49 - 2015-05-08 02:49 - 001213633 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libxml2-2.dll
2015-05-08 02:55 - 2015-05-08 02:55 - 000055808 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\zlib1.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 000495680 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libaim.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 001183699 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\liboscar.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 000483306 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libicq.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 000655356 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libirc.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 001306387 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libmsn.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 000565461 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libxmpp.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 001640221 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libjabber.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 000506276 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libyahoo.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 001053730 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libymsg.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 000497782 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libyahoojp.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 000603326 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\ssl-nss.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 000474199 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\ssl.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData:BDSDRMHK [64]
AlternateDataStreams: C:\Users\All Users:BDSDRMHK [64]
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:BDSDRMHK [64]
AlternateDataStreams: C:\ProgramData\Application Data:BDSDRMHK [64]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-1220723716-4126832292-3965305388-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1220723716-4126832292-3965305388-1001\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2012-07-26 06:26 - 2019-01-04 10:49 - 000000909 _____ C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.1        mssplus.mcafee.com

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1220723716-4126832292-3965305388-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme2\img9.jpg
HKU\S-1-5-21-1220723716-4126832292-3965305388-1115\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme1\img2.jpg
DNS Servers: Datenträger ist nicht mit dem Internet verbunden.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (Keine Datei)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.

HKLM\...\StartupApproved\StartupFolder: => "WISO Mein Steuer-Sparbuch heute.lnk"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "ApnTBMon"
HKLM\...\StartupApproved\Run32: => "BingDesktop"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Communicator"
HKLM\...\StartupApproved\Run32: => "PowerDVD13Agent"
HKLM\...\StartupApproved\Run32: => "PlaysTV"
HKU\S-1-5-21-1220723716-4126832292-3965305388-1001\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\...\StartupApproved\Run: => "Amazon Music"
HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\...\StartupApproved\Run: => "MiPhoneManager"
HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\...\StartupApproved\Run: => "Amazon Music Helper"
HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\...\StartupApproved\Run: => "Skype for Desktop"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{35C567F3-7CF1-40E9-89A3-31DB2F0F22D4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe (Firaxis Games)
FirewallRules: [{9B1CDE4D-46BB-40BD-ACCA-1FCC1DA7C2E8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe (Firaxis Games)
FirewallRules: [{4B85539D-04FF-4373-8389-93A64883293D}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe (Raptr, Inc)
FirewallRules: [{08A0A7E9-A27F-4F88-9DE1-DA2A2948CF9D}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe (Raptr, Inc)
FirewallRules: [{C2928E61-ADCE-4603-BEA9-986A8C202ED1}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe (Raptr, Inc)
FirewallRules: [{A3CC7995-FBBB-4162-8F12-F10A0FA8B125}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe (Raptr, Inc)
FirewallRules: [{46376749-B120-44FC-913A-EA065B71DD23}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Factorio\bin\x64\factorio.exe (Wube Software)
FirewallRules: [{849B267E-F9A0-47B1-87B7-21817D77BA4B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Factorio\bin\x64\factorio.exe (Wube Software)
FirewallRules: [{5BE81491-6998-4C34-9E64-EF92A27F2ADF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stardew Valley\Stardew Valley.exe (ConcernedApe)
FirewallRules: [{6FDF3ACA-8CF0-41E7-9DB0-4D0D7A397044}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stardew Valley\Stardew Valley.exe (ConcernedApe)
FirewallRules: [{A6BCAB39-747D-4D57-B164-8D599C351E6B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Europa Universalis IV\eu4.exe (Paradox Interactive)
FirewallRules: [{4F3ED3C0-90D8-4AC7-B724-675218A3923D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Europa Universalis IV\eu4.exe (Paradox Interactive)
FirewallRules: [{CA34D051-FD94-49C8-A2F4-DE0BA452C4EF}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts Inc.)
FirewallRules: [{8CD08CC4-BBA5-4A01-B924-65203713203D}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts Inc.)
FirewallRules: [{7BCA1CD4-A960-408A-A410-9AC94575425F}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe (Electronic Arts Inc.)
FirewallRules: [{D0EF42A2-2798-4C49-B1BE-144C457E88D6}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe (Electronic Arts Inc.)
FirewallRules: [UDP Query User{8EE7D225-6D80-4194-89DF-A150FFD5999E}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games)
FirewallRules: [TCP Query User{6F8569D3-D981-4D79-8C6A-095D5087F3AE}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games)
FirewallRules: [{B80B4D8F-E2F9-4DA4-8AAA-6EBFA82632F1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe (Rockstar Games)
FirewallRules: [{A9A4CEDD-0AC2-447B-988D-4B69A57B0875}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe (Rockstar Games)
FirewallRules: [{D5F5886E-1899-437F-8B87-DC8F9D3B8A66}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe (Kalloc Studios)
FirewallRules: [{E765B512-B8D4-4104-A0CD-F848EB1F6DA4}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe (Kalloc Studios)
FirewallRules: [{A7D7F089-AB99-4C55-AEA5-CBA6C2D2BC99}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V SDK\Sid Meier's Civilization V SDK.exe (Firaxis Games)
FirewallRules: [{A0F4EDE8-C2A9-4FE9-9291-A988196EA9CE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V SDK\Sid Meier's Civilization V SDK.exe (Firaxis Games)
FirewallRules: [{5180F337-DD43-4415-871B-8C980D3AEF16}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
FirewallRules: [{A0F27069-F03B-4121-A36A-D74A7E0678EC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
FirewallRules: [{2ABF4180-E2A2-40A2-B47D-B1054A159443}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{C0313060-1A1C-4784-BF6B-80A220C87559}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{98568E65-842B-4371-BE3E-DFEA03E61D8C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Rollercoaster Tycoon 2\rct2.exe ()
FirewallRules: [{69F3A20E-317C-4DB0-B9FB-B988F9374BA8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Rollercoaster Tycoon 2\rct2.exe ()
FirewallRules: [UDP Query User{59C4E3E5-70FC-4AEE-99B6-C815A020DB5D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [TCP Query User{69B1CE15-78E9-4353-8539-86F7BC0C889B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{BF91454A-EDE4-42FB-A813-1AA3F41B586F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{2EC79FDE-76CE-4DE0-AEB6-D2758D7E951D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{6AC96074-B814-45A7-8905-8A995EC46A28}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Majesty 2 Collection\M2Editor.exe (Paradox Interactive)
FirewallRules: [{E27A6668-454C-429D-916C-E0CFBAFDA894}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Majesty 2 Collection\M2Editor.exe (Paradox Interactive)
FirewallRules: [{B4DBA89C-B59C-423C-B142-8AC74987D6B2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Majesty 2 Collection\majesty2.exe (Paradox Interactive)
FirewallRules: [{C5892ABF-05F1-4857-8FC6-424ED98D75D3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Majesty 2 Collection\majesty2.exe (Paradox Interactive)
FirewallRules: [{8A48104C-352A-4FC2-932E-6595BD3EAEE5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe (Firaxis Games)
FirewallRules: [{49B1A5F7-94FE-434A-B558-65C879448A03}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe (Firaxis Games)
FirewallRules: [{794C7B5F-CA7E-439A-A8AB-297DE4708F81}] => (Allow) C:\games\world_of_tanks\wotlauncher.exe (Wargaming.net)
FirewallRules: [{36A68294-606C-46AA-AB53-89EDFBDA3963}] => (Allow) C:\games\world_of_tanks\wotlauncher.exe (Wargaming.net)
FirewallRules: [{1ED55816-E41F-43C2-A22E-A5DB1401E3C4}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe (Electronic Arts Inc.)
FirewallRules: [{A8E8F4B9-DE35-47B8-BF7A-117C10B2A801}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe (Electronic Arts Inc.)
FirewallRules: [UDP Query User{5F33D9D7-60F2-4E22-BA1C-59C61822D158}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe (Wargaming.net)
FirewallRules: [TCP Query User{9DD4BE5B-DDFE-4751-9C8D-4600C40EB6B7}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe (Wargaming.net)
FirewallRules: [UDP Query User{EC323057-C2D8-4165-A426-859EBE0B2BD2}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe (Wargaming.net)
FirewallRules: [TCP Query User{9C6801B4-699A-4C80-9B46-1F1A4C557CCA}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe (Wargaming.net)
FirewallRules: [{517AB619-62F3-434E-A709-902C2C445003}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe ()
FirewallRules: [{7C40BB27-9C05-4F72-81EF-630C8B223C0A}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe ()
FirewallRules: [UDP Query User{F6B506EB-3A67-4737-BA6F-15CD1F43D00F}C:\users\fee-jonas\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe] => (Allow) C:\users\fee-jonas\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe (深圳市迅雷网络技术有限公司)
FirewallRules: [TCP Query User{62067B4F-63AC-4156-A3D8-0225F927DB27}C:\users\fee-jonas\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe] => (Allow) C:\users\fee-jonas\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe (深圳市迅雷网络技术有限公司)
FirewallRules: [UDP Query User{2ADE8DB1-A6F0-4374-A72D-AF49ED685818}C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe (Firaxis Games)
FirewallRules: [TCP Query User{97AE8AB3-0709-41C0-8AD1-3A7B11AEE071}C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe (Firaxis Games)
FirewallRules: [{12011AD8-3027-435F-B83E-42523A317F08}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Broken Sword 5\BS5.exe ()
FirewallRules: [{86B3EE9D-0FCA-448C-AFDC-B3A4E33C7EAB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Broken Sword 5\BS5.exe ()
FirewallRules: [{D04ECCE2-6300-4D86-9275-1791D9A16909}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Child of Light\ChildofLight.exe (Ubisoft Entertainment)
FirewallRules: [{FA4B3C7E-175D-406D-9583-63958ED4058A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Child of Light\ChildofLight.exe (Ubisoft Entertainment)
FirewallRules: [{2B07A67C-93A1-4DA9-8742-FF7C90630F69}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Child of Light\ChildofLight.exe (Ubisoft Entertainment)
FirewallRules: [{8F60659D-F648-40C0-A6C5-3CC6AF18E177}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Child of Light\ChildofLight.exe (Ubisoft Entertainment)
FirewallRules: [{E8903BD4-DFC3-4C44-858A-5865B03C32C8}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe (Blizzard Entertainment)
FirewallRules: [{3505F9AC-29FF-4E02-837C-39F54416209A}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe (Blizzard Entertainment)
FirewallRules: [{0158AC7C-B0D4-4980-94BC-C99D3702A9B7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe (Blizzard Entertainment)
FirewallRules: [{5B7FC0E3-EF69-4777-A798-B3D0B8145BC7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe (Blizzard Entertainment)
FirewallRules: [{8B957F90-B01B-4CC1-B5F1-00B970A6CFA4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Banished\Application-steam-x64.exe ()
FirewallRules: [{1F872B3F-64D8-4603-89FB-6DE719E229D3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Banished\Application-steam-x64.exe ()
FirewallRules: [{95F6C533-BDD7-421A-8EE1-D0EF09320BB1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization III Complete\Conquests\Civ3Conquests.exe (© 2001-2004 Atari Inc.)
FirewallRules: [{D8391D95-77BC-4DE2-9AFE-DAED847D81D0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization III Complete\Conquests\Civ3Conquests.exe (© 2001-2004 Atari Inc.)
FirewallRules: [{E6E5D0E1-D522-4C4D-8D3F-572BA8A1EA23}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
FirewallRules: [{7BA32A37-35FE-4F92-AC54-DAF315441905}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
FirewallRules: [{77F6D77A-57E6-40F6-B43D-396572877D5F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Patrician III\Patrician3.exe ()
FirewallRules: [{8598849B-5692-44B1-A535-78F06DDC5860}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Patrician III\Patrician3.exe ()
FirewallRules: [{A51980E4-8EB7-48B8-8208-DFAC17790DCD}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
FirewallRules: [{A4903764-3E0B-4A45-9C36-11AC0DE3B404}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider\TombRaider.exe (Square Enix)
FirewallRules: [{F92D22E8-AE53-4965-BC69-5570AC7C2FAA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider\TombRaider.exe (Square Enix)
FirewallRules: [{6AAF5026-9A11-4C48-8370-F8A708A44D3E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider\TombRaider.exe (Square Enix)
FirewallRules: [{B27EB7EF-70C9-4B86-8276-35C629484CA5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider\TombRaider.exe (Square Enix)
FirewallRules: [{EE6DC100-0555-4055-A6EC-A0752D917554}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
FirewallRules: [{5090822F-3D48-4AC5-9A5D-BC5B831936D8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
FirewallRules: [{5E730218-813F-4B82-8E0E-900A04DD231E}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 2070\InitEngine.exe ()
FirewallRules: [{6FB6B92F-C350-4951-A646-104C0C9806EF}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 2070\InitEngine.exe ()
FirewallRules: [{0497AD3F-437A-46D0-8F64-48F16D32BBF6}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 2070\AutoPatcher.exe (Related Designs Software)
FirewallRules: [{E9AB5ACC-F372-4DB8-BC37-C9FBE8FE29E3}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 2070\AutoPatcher.exe (Related Designs Software)
FirewallRules: [{D80FB71C-8FE3-44EF-9CBA-B2CF84A4CAA2}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 2070\Anno5.exe (Related Designs)
FirewallRules: [{0B311919-FB5F-418A-A7DA-90EB39A09F3E}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 2070\Anno5.exe (Related Designs)
FirewallRules: [{0440C23E-D2C1-4385-B451-C04B6DDC151E}] => (Allow) C:\Program Files (x86)\Origin Games\Leisure Suit Larry Reloaded\LarryReloaded.exe ()
FirewallRules: [{9807388E-9413-418A-8A48-49EB01F77C2C}] => (Allow) C:\Program Files (x86)\Origin Games\Leisure Suit Larry Reloaded\LarryReloaded.exe ()
FirewallRules: [{9EB501F7-35E2-41DE-9D76-EDB765F71D72}] => (Allow) C:\Program Files\Microsoft Lync\UcMapi64.exe (Microsoft Corporation)
FirewallRules: [{1197133B-F0B3-43D7-A0AF-629699D2E30C}] => (Allow) C:\Program Files (x86)\Microsoft Lync\UcMapi.exe (Microsoft Corporation)
FirewallRules: [{B20E9C77-03EC-4606-82FE-557F147B2B68}] => (Allow) C:\Program Files (x86)\Microsoft Lync\communicator.exe (Microsoft Corporation)
FirewallRules: [{C1EADE61-F16F-4408-985E-1BEF2E829F3F}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe Keine Datei
FirewallRules: [{0EC2D455-E54A-4BCF-B47F-B38EE2DF3AA0}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe Keine Datei
FirewallRules: [{964592D3-7FD3-407B-BA6A-6417032DC3F1}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe (Blizzard Entertainment)
FirewallRules: [{D1F23160-5444-4D0C-A107-142709C0BF5A}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe (Blizzard Entertainment)
FirewallRules: [{3D8B7995-AC56-4231-B0BE-5E471B8CD67D}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe ()
FirewallRules: [{88A5029B-7699-4C8A-B5A6-1B325BF94EA1}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe ()
FirewallRules: [{CF5B8186-E0F9-48D8-92AE-022EBC68D5E6}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe (Blizzard Entertainment)
FirewallRules: [{49D218F6-2711-4B0F-BC6A-FE39852EE275}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe (Blizzard Entertainment)
FirewallRules: [{C6A2CE4C-4209-4BD0-9CF2-7FD805EA79B0}] => (Allow) C:\Program Files (x86)\Ubisoft\Die Siedler 7\Data\Base\_Dbg\Bin\Release\Settlers7R.exe (Blue Byte GmbH)
FirewallRules: [{475BA0BD-7941-48AF-9268-78013566E689}] => (Allow) C:\Program Files (x86)\Ubisoft\Die Siedler 7\Data\Base\_Dbg\Bin\Release\Settlers7R.exe (Blue Byte GmbH)
FirewallRules: [{450F3EB1-77B8-4087-8ADF-468FA4568D35}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe (Ubisoft)
FirewallRules: [{A66BDF75-89AA-4C2C-ADEE-175A5319D3DA}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe (Ubisoft)
FirewallRules: [TCP Query User{A62A1FB7-6398-4CF6-B776-80EF377ED3CB}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe (Wargaming.net)
FirewallRules: [UDP Query User{4B0D32E9-D3CA-49A8-BB6C-6DCC50A61A07}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe (Wargaming.net)
FirewallRules: [{3E83A775-1350-4BB1-98C3-FEA43746BEEC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation)
FirewallRules: [{07790045-0A6F-4450-B2BD-297C9E3807C3}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation)
FirewallRules: [{5F869C59-C40F-4BDA-A0D4-93B250BF4BA2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stronghold Crusader 2\bin\win32_release\Crusader2.exe ()
FirewallRules: [{67EBC907-1667-4BDD-8847-C092E27276D2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stronghold Crusader 2\bin\win32_release\Crusader2.exe ()
FirewallRules: [{D8940C63-C63D-4053-BD0C-B2F496484620}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stronghold 2\Stronghold2.exe (Firefly Studios)
FirewallRules: [{9A44F270-2F93-47F4-B134-630F6FCAE0F2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stronghold 2\Stronghold2.exe (Firefly Studios)
FirewallRules: [{79904BBE-E3DC-427B-8EF6-87DE6DDED3EA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry Primal\bin\FCPrimal.exe (Ubisoft Entertainment)
FirewallRules: [{971D8AA2-1646-4F03-9E5A-A4CA31D1B230}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry Primal\bin\FCPrimal.exe (Ubisoft Entertainment)
FirewallRules: [{5CEAAD65-E997-42CD-80EB-9F99CFA18863}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kerbal Space Program\KSP_x64.exe ()
FirewallRules: [{7D0B70A0-4B8F-450C-B262-5D435DC3ED77}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kerbal Space Program\KSP_x64.exe ()
FirewallRules: [{1BD335CB-ADCA-4D32-B508-952C8DFFDFCF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Civilization IV Colonization\Colonization.exe (Firaxis Games)
FirewallRules: [{7E9AC2C7-830A-4EFC-83EE-331ADFC2A662}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Civilization IV Colonization\Colonization.exe (Firaxis Games)
FirewallRules: [{576801E8-57B8-458E-8C3F-BA205ECE33B8}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.607\SZBrowser.exe (Avast Software)
FirewallRules: [{89E26E6C-8F42-4BAB-962F-5CA2D24B4DFC}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe (Electronic Arts Inc.)
FirewallRules: [{F6A6A599-8DC2-4FBA-91C1-BFCD7AB7908E}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe (Electronic Arts Inc.)
FirewallRules: [TCP Query User{B2D35378-B363-40C7-8F76-8404D0BEC10A}C:\users\fee-jonas\appdata\local\amazon music\amazon music helper.exe] => (Block) C:\users\fee-jonas\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC)
FirewallRules: [UDP Query User{02B22BAA-7FD4-41B0-B573-65DF8AF6AC31}C:\users\fee-jonas\appdata\local\amazon music\amazon music helper.exe] => (Block) C:\users\fee-jonas\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC)
FirewallRules: [{CE356DD3-D434-4881-89D4-A0415812E92A}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe (Raptr, Inc)
FirewallRules: [{F890B59A-B5DB-46FE-A778-DE094CB5219B}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe (Raptr, Inc)
FirewallRules: [{5C03D892-6E13-4D58-88EE-528FEFDD4DF3}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe (Raptr, Inc)
FirewallRules: [{787A07C5-957C-4DA5-9382-1C5BFF442268}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe (Raptr, Inc)
FirewallRules: [{233FEF99-71E6-48C4-A57E-1B04FD007005}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red)
FirewallRules: [{5B5EEE6C-7D60-46EB-A19F-07BE6E711DA2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red)
FirewallRules: [{627FE93D-D85B-4C17-A8ED-9F587F3475A6}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe (Avast Software)
FirewallRules: [TCP Query User{3FE76B17-EB49-40B9-9B95-7F2B9DC5FD2E}C:\program files\microsoft office\office14\groove.exe] => (Block) C:\program files\microsoft office\office14\groove.exe (Microsoft Corporation)
FirewallRules: [UDP Query User{183A6812-BB55-4F78-B970-55E2F6129711}C:\program files\microsoft office\office14\groove.exe] => (Block) C:\program files\microsoft office\office14\groove.exe (Microsoft Corporation)
FirewallRules: [{E9E564C7-C8D5-401D-B2E1-36B793E541E1}] => (Allow) C:\Program Files (x86)\Origin Games\Theme Hospital\data\Game\DOSBox\EALaunchHelper.exe (Electronic Arts)
FirewallRules: [{BD4E96EF-7BC4-441B-B688-A43BF88300F9}] => (Allow) C:\Program Files (x86)\Origin Games\Theme Hospital\data\Game\DOSBox\EALaunchHelper.exe (Electronic Arts)
FirewallRules: [{062E6668-167E-4D09-92E2-F774E7E6D4CF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stronghold 2\FFLauncher.exe ()
FirewallRules: [{19646928-DAF0-4C64-AE05-39D2F310001F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stronghold 2\FFLauncher.exe ()
FirewallRules: [{8AF8A76F-BB04-450A-9465-469C710AC4A9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry Primal\bin\FCPrimal.exe (Ubisoft Entertainment)
FirewallRules: [{C3C1F866-4FDF-4B32-82CC-D6CE69FFB248}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry Primal\bin\FCPrimal.exe (Ubisoft Entertainment)
FirewallRules: [TCP Query User{30584249-A8FA-4226-AC69-2A4201FCEFC2}C:\users\fee-jonas\appdata\local\amazon music\amazon music helper.exe] => (Block) C:\users\fee-jonas\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC)
FirewallRules: [UDP Query User{E9ABB7B3-6642-45EB-B7CE-21FB2B16BB37}C:\users\fee-jonas\appdata\local\amazon music\amazon music helper.exe] => (Block) C:\users\fee-jonas\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC)
FirewallRules: [{D0ADA9D1-C122-47B6-B722-04184A6F7693}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cities_Skylines\Cities.exe ()
FirewallRules: [{93F522B6-50AB-4D3B-8E0C-4E03C4B666C2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cities_Skylines\Cities.exe ()
FirewallRules: [{73456120-CDD1-42EE-9BB0-BF6709711378}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Industry Giant 2\ig2_AddOn.exe (United Independent Entertainment GmbH)
FirewallRules: [{03F75FA7-2091-4580-97C8-80C7BFB27DB8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Industry Giant 2\ig2_AddOn.exe (United Independent Entertainment GmbH)
FirewallRules: [{10E28A7E-6051-4614-95AA-1A5EAD2C163B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\XCOM 2\Binaries\Win64\Launcher\ModLauncherWPF.exe (Microsoft)
FirewallRules: [{E0EA1A40-EF6A-461C-90DD-B368A4D8D4A2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\XCOM 2\Binaries\Win64\Launcher\ModLauncherWPF.exe (Microsoft)
FirewallRules: [TCP Query User{B29151AA-2AEA-41BD-AAB4-966FCD3D83D9}C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe (Firaxis Games)
FirewallRules: [UDP Query User{F2731B3F-E518-4C9F-8538-5A31E862C352}C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe (Firaxis Games)
FirewallRules: [{76320721-FC08-431C-AF44-2D5C9323F61A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Factorio\bin\x64\factorio.exe (Wube Software)
FirewallRules: [{E120D092-D08A-4DAE-9ADA-46BC0384CA75}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Factorio\bin\x64\factorio.exe (Wube Software)
FirewallRules: [{6816B626-A16A-4562-B930-8EFD43484AF5}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe (Electronic Arts Inc.)
FirewallRules: [{E08FE17A-1A37-4F6F-B59E-A9BCEA24A41C}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe (Electronic Arts Inc.)
FirewallRules: [{B8CC5228-73D5-4F19-9249-E95F336DAB1E}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts Inc.)
FirewallRules: [{19B5E915-9B64-4C59-ACE5-7731A9E33E49}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts Inc.)
FirewallRules: [{C4EE90AA-431D-4ABE-ADF6-BA6C89D723D0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe (Firaxis Games)
FirewallRules: [{B88C9348-0BF0-4B9C-874C-347987BEA66A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe (Firaxis Games)
FirewallRules: [{3EEF874E-2AA2-4B37-A6A8-5AAE1F2251A4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe (Firaxis Games)
FirewallRules: [{AECEE5ED-8F87-434F-8356-C2ACFA6F0B51}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe (Firaxis Games)
FirewallRules: [TCP Query User{44994FA2-6831-4594-AA9E-031D4A03BB8A}C:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe] => (Allow) C:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe (Blue Byte GmbH)
FirewallRules: [UDP Query User{9293AADF-43E1-4D71-9FB0-88247235307D}C:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe] => (Allow) C:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe (Blue Byte GmbH)
FirewallRules: [{A215A324-37FF-4595-996D-1348A8FEC10E}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
FirewallRules: [{E32948F0-4FAD-4704-B9AA-C7BA6B1142E3}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
FirewallRules: [{3B764539-BF20-4835-A39E-598AF9CEF614}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hearts of Iron IV\hoi4.exe (Paradox Interactive)
FirewallRules: [{A853CB92-E45C-46B8-A6D6-EB21004E08EB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hearts of Iron IV\hoi4.exe (Paradox Interactive)
FirewallRules: [{58C31393-E9DF-43D0-83FA-2DC53CB24324}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Technologies S.A.)
FirewallRules: [{14F66FEA-611F-49B1-957B-3F7353E1C26D}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Technologies S.A.)
FirewallRules: [{F0E7DB56-AD76-4858-9069-06D0FF5B387E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe ()
FirewallRules: [{2EF7B2EA-1A8D-49D6-9EC0-C5F5C2E8BE2D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe ()
FirewallRules: [{F3657BD6-5E02-4A9B-AAFB-8BC8A5485B06}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe ()
FirewallRules: [{70F4E1CE-8B97-47D0-BA3F-181AB0098393}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe ()
FirewallRules: [{DE4AB790-4C40-4417-98AE-F8FA9164A0C8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Crusader Kings II\CK2game.exe (Paradox Interactive)
FirewallRules: [{3D136507-38B0-4AAA-9675-8B60E3A49C03}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Crusader Kings II\CK2game.exe (Paradox Interactive)
FirewallRules: [{DFCF60D1-B8D5-4B8E-B0AE-20A68292D725}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software)
FirewallRules: [{74869600-35E5-4379-A1D6-3CD72BB9C925}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software)

==================== Wiederherstellungspunkte =========================

13-12-2018 14:26:13 Windows Update
16-12-2018 17:59:56 Installiert WISO steuer:Sparbuch 2019
20-12-2018 14:36:14 Windows Update
03-01-2019 23:38:34 Windows Update

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (01/03/2019 11:40:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Steam.exe, Version 4.83.53.91 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 980

Startzeit: 01d4a3b2ea85c727

Endzeit: 15

Anwendungspfad: C:\Program Files (x86)\Steam\Steam.exe

Berichts-ID: 91353099-0fa8-11e9-8132-bc5ff47694e7

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (01/03/2019 11:38:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (01/03/2019 11:14:09 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2118-12-10T22:14:09Z. Fehlercode: 0x80040154.

Error: (01/03/2019 11:13:39 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2118-12-10T22:13:39Z. Fehlercode: 0x80040154.

Error: (01/03/2019 11:13:09 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2118-12-10T22:13:09Z. Fehlercode: 0x80040154.

Error: (01/03/2019 11:12:39 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2118-12-10T22:12:39Z. Fehlercode: 0x80040154.

Error: (01/03/2019 11:12:09 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2118-12-10T22:12:09Z. Fehlercode: 0x80040154.

Error: (01/03/2019 11:11:39 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2118-12-10T22:11:39Z. Fehlercode: 0x80040154.


Systemfehler:
=============
Error: (01/04/2019 10:21:50 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246013 fehlgeschlagen: microsoft.windowscommunicationsapps

Error: (01/04/2019 10:21:39 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246013 fehlgeschlagen: Microsoft.Reader

Error: (01/04/2019 10:18:23 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (01/04/2019 09:54:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Origin Web Helper Service" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (01/04/2019 09:54:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Origin Web Helper Service erreicht.

Error: (01/04/2019 09:54:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AppEx Networks Accelerator LWF" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.

Error: (01/04/2019 09:53:05 PM) (Source: DCOM) (EventID: 10010) (User: DJ)
Description: Der Server "{9BA05972-F6A8-11CF-A442-00A0C90A8F39}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (01/04/2019 09:24:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AppEx Networks Accelerator LWF" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.


Windows Defender:
===================================
Date: 2013-03-08 12:48:06.137
Description:
Die Windows Defender-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {CE77E50C-6F4F-4C63-B1C2-181706E9A2C7}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM

Date: 2013-02-02 17:16:31.827
Description:
Die Windows Defender-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {6D0A8998-6BEF-48F9-A25D-8B839C367F24}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM

Date: 2013-01-05 00:12:33.150
Description:
Die Windows Defender-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {02CC17D8-2F71-49EB-8574-410B230987B5}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM

Date: 2016-10-07 16:44:03.697
Description:
Fehler von Windows Defender beim Laden von Signaturen. Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen.
Betroffene Signaturen: Sicherung
Fehlercode: 0x80073aba
Fehlerbeschreibung: Die Ressource ist zu alt und daher nicht mehr kompatibel.
Signaturversion: 1.147.1246.0;1.147.1246.0
Modulversion: 1.1.9302.0

Date: 2016-10-07 16:44:01.825
Description:
Fehler von Windows Defender beim Laden von Signaturen. Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen.
Betroffene Signaturen: Aktuell
Fehlercode: 0x80073aba
Fehlerbeschreibung: Die Ressource ist zu alt und daher nicht mehr kompatibel.
Signaturversion: 1.147.1631.0;1.147.1631.0
Modulversion: 1.1.9302.0

Date: 2013-04-11 21:40:15.013
Description:
Fehler von Windows Defender beim Aktualisieren von Signaturen.
Neue Signaturversion:
Vorherige Signaturversion: 1.147.1246.0
Updatequelle: Microsoft Update-Server
Signaturtyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion:
Vorherige Modulversion: 1.1.9302.0
Fehlercode: 0x80240016
Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie unter "Hilfe und Support".

Date: 2013-04-11 21:40:15.013
Description:
Fehler von Windows Defender beim Aktualisieren von Signaturen.
Neue Signaturversion:
Vorherige Signaturversion: 1.147.1246.0
Updatequelle: Microsoft Update-Server
Signaturtyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion:
Vorherige Modulversion: 1.1.9302.0
Fehlercode: 0x80240016
Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie unter "Hilfe und Support".

Date: 2013-04-11 21:40:15.013
Description:
Fehler von Windows Defender beim Aktualisieren von Signaturen.
Neue Signaturversion:
Vorherige Signaturversion: 1.147.1246.0
Updatequelle: Microsoft Update-Server
Signaturtyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion:
Vorherige Modulversion: 1.1.9302.0
Fehlercode: 0x80240016
Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie unter "Hilfe und Support".

==================== Speicherinformationen ===========================

Prozessor: AMD A10-5800K APU with Radeon(tm) HD Graphics
Prozentuale Nutzung des RAM: 27%
Installierter physikalischer RAM: 8146.26 MB
Verfügbarer physikalischer RAM: 5900.02 MB
Summe virtueller Speicher: 10002.26 MB
Verfügbarer virtueller Speicher: 7739.33 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:1667.7 GB) (Free:913.51 GB) NTFS
Drive d: (Daten) (Fixed) (Total:97.31 GB) (Free:92.6 GB) NTFS

\\?\Volume{95d81160-523f-11e2-be65-806e6f6e6963}\ (System-reserviert) (Fixed) (Total:0.34 GB) (Free:0.29 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: B3AEF03F)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=97.7 GB) - (Type=06)
Partition 4: (Not Active) - (Size=1667.7 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================
Danke Euch, Dirk

M-K-D-B 04.01.2019 23:00
:hallo:



Mein Name ist Matthias und ich werde dir bei der Analyse und der eventuell notwendigen Bereinigung deines Computers helfen.


Bitte vergewissere dich zuerst, dass du die folgenden Regeln und Hinweise für eine Analyse inklusive Bereinigung gelesen und verstanden hast:
Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?





Zitat:
beim Versuch das Spiel Factorio im Multiplayer zu spielen scheint es zu Komplikationen mit der LavasoftTcpService64.dll zu kommen. Keine Ahnung wo die herkommt ;-)
Dabei handelt es sich um PUP (Potentionally Unwanted Program), das ist aber eher dein geringeres Problem. Du bist mit Adware infiziert... und das schon seit Jahren... :D ;)

Da sieht man mal wieder, dass Avast im Bereich PUP und Adware einfach mangelhaft ist... :headbang:








Schritt 1
Downloade Dir bitte AdwCleaner auf deinen Desktop (Bebilderte Anleitung).
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Einstellungen, scrolle nach unten und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • Tracing Schlüssel löschen
    • Prefetch-Dateien löschen
    • Proxy wiederherstellen
    • IE-Policies wiederherstellen
    • Chrome-Policies wiederherstellen
    • Winsock wiederherstellen
  • Klicke nun auf Dashboard, dann auf Jetzt scannen und warte bis der Suchlauf abgeschlossen ist.
  • Klicke nun auf Bereinigen & Reparieren und bestätige mit Bereinigen & Neu Starten.
  • WICHTIG:
    Sollte AdwCleaner nichts finden, klicke auf Grundlegende Reparatur ausführen und anschließend auf Bereinigen & Neu Starten.
  • Nach dem Neustart öffnet sich AdwCleaner automatisch. Klicke auf Log-Datei ansehen.
  • Poste mir deren Inhalt der Log-Datei mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt. (xx = fortlaufende Nummer).







Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware.
  • Installiere das Programm in den vorgegebenen Pfad.
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scan, wähle den Bedrohungs-Scan aus und klicke auf Scan starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Ausgewählte Elemente in die Quarantäne verschieben.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM nach dem Neustart, klicke auf Berichte.
  • Wähle den neuesten Scan-Bericht aus, klicke auf Bericht anzeigen und dann auf Export.
  • Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.







Schritt 3
  • Starte die FRST.exe erneut. Vergewissere dich, dass vor Addition.txt ein Haken gesetzt ist und drücke auf Untersuchen.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.







Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von MBAM,
  • die zwei neuen Logdateien von FRST.

dirk_92 04.01.2019 23:50
Erledigt :-)
 
Hallo Matthias,
danke Dir ganz herzlich für die schnelle Hilfe.

Hier sind die Logs der letzten Schritte:
adw cleaner:
Code:
# -------------------------------
# Malwarebytes AdwCleaner 7.2.6.0
# -------------------------------
# Build:    12-18-2018
# Database: 2019-01-02.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    01-04-2019
# Duration: 00:00:09
# OS:      Windows 8.1 Pro
# Cleaned:  96
# Failed:  0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted      C:\Users\Admin\AppData\Roaming\UpdaterEX
Deleted      C:\Program Files (x86)\AskPartnerNetwork
Deleted      C:\Users\Admin\AppData\Local\Astromenda
Deleted      C:\Program Files (x86)\ClearThink
Deleted      C:\Users\Fee-Jonas\AppData\Local\DownloadGuide
Deleted      C:\ProgramData\FreeDriverScout
Deleted      C:\Users\Fee-Jonas\AppData\Roaming\MPC
Deleted      C:\Users\Admin\AppData\LocalLow\SimplyTech
Deleted      C:\Users\Fee-Jonas\AppData\LocalLow\SimplyTech
Deleted      C:\Users\Admin\AppData\Roaming\WSE_Astromenda
Deleted      C:\Users\Admin\AppData\Roaming\OpenCandy
Deleted      C:\Program Files\SoftwareUpdater
Deleted      C:\Program Files (x86)\SoftwareUpdater
Deleted      C:\Windows\System32\config\systemprofile\AppData\Local\SoftwareUpdater
Deleted      C:\Users\Admin\AppData\Roaming\Systweak
Deleted      C:\ProgramData\apn

***** [ Files ] *****

Deleted      C:\Windows\System32\drivers\{C5E48979-BD7F-4CF7-9B73-2482A67A4F37}W64.SYS
Deleted      C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e1j5k7a3.default\searchplugins\bing-lavasoft.xml
Deleted      C:\Windows\System32\LavasoftTcpService64.dll
Deleted      C:\Windows\launcher.exe
Deleted      C:\Windows\System32\roboot64.exe

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted      C:\Windows\System32\Tasks\FreeDriverScout
Deleted      C:\Windows\System32\Tasks\Software Updater Ui
Deleted      C:\Windows\System32\Tasks\ASP
Deleted      C:\Windows\System32\Tasks\Software Updater

***** [ Registry ] *****

Deleted      HKCU\Software\UpdaterEX
Deleted      HKLM\Software\Wow6432Node\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Deleted      HKLM\Software\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Deleted      HKLM\Software\Wow6432Node\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Deleted      HKLM\Software\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Deleted      HKLM\Software\Wow6432Node\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Deleted      HKLM\Software\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Deleted      HKLM\Software\Wow6432Node\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Deleted      HKLM\Software\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Deleted      HKU\S-1-5-18\Software\AskPartnerNetwork
Deleted      HKU\.DEFAULT\Software\AskPartnerNetwork
Deleted      HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\Software\ClearThink
Deleted      HKLM\Software\Wow6432Node\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Deleted      HKCU\Software\Reg\Clean
Deleted      HKLM\Software\Wow6432Node\Reg\Clean
Deleted      HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Deleted      HKCU\Software\InstallCore
Deleted      HKLM\Software\Wow6432Node\InstallCore
Deleted      HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|ApnTBMon
Deleted      HKCU\Software\StartSearch
Deleted      HKCU\Software\BRS
Deleted      HKCU\Software\foxydeal
Deleted      HKCU\Software\WSE_Astromenda
Deleted      HKLM\Software\Wow6432Node\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}
Deleted      HKLM\Software\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}
Deleted      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Deleted      HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A25E7121-3DD8-41B3-855B-756C5BC45449}
Deleted      HKLM\Software\Wow6432Node\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Deleted      HKLM\Software\Wow6432Node\Classes\AppID\{9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A}
Deleted      HKLM\Software\Classes\AppID\{9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A}
Deleted      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D9E770AE-466E-4AA7-BD27-8A2F4078C917}
Deleted      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D9E770AE-466E-4AA7-BD27-8A2F4078C917}
Deleted      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FreeDriverScout
Deleted      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD7EB177-0D70-45AA-92F7-167D126E29C4}
Deleted      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Software Updater Ui
Deleted      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4CEBAF22-9EBD-4BD3-8E7C-B4991475DA89}
Deleted      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASP
Deleted      HKLM\System\CurrentControlSet\Services\EventLog\Application\SystemStoreService
Deleted      HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Deleted      HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Deleted      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Deleted      HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Deleted      HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Deleted      HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Deleted      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Deleted      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Deleted      HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\Software\Microsoft\Internet Explorer\SearchURI|(Default)
Deleted      HKCU\Software\Microsoft\Internet Explorer\SearchURI|(Default)
Deleted      HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\Software\Microsoft\Internet Explorer\SearchUrl|(Default)
Deleted      HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\Software\Microsoft\Internet Explorer\Search|Search Page
Deleted      HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\Software\Microsoft\Internet Explorer\Search|Search Bar
Deleted      HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\Software\Microsoft\Internet Explorer\Search|Default_Search_URL
Deleted      HKCU\Software\Microsoft\Internet Explorer\Search|Search Page
Deleted      HKCU\Software\Microsoft\Internet Explorer\Search|Search Bar
Deleted      HKCU\Software\Microsoft\Internet Explorer\Search|Default_Search_URL
Deleted      HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\Software\Microsoft\Internet Explorer\Main|Search Bar
Deleted      HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\Software\Microsoft\Internet Explorer\Main|Default_Search_URL
Deleted      HKLM\Software\Classes\Software\Microsoft\Internet Explorer\SearchURI|(Default)
Deleted      HKLM\Software\Classes\Software\Microsoft\Internet Explorer\SearchUrl|(Default)
Deleted      HKLM\Software\Classes\Software\Microsoft\Internet Explorer\Search|Search Page
Deleted      HKLM\Software\Classes\Software\Microsoft\Internet Explorer\Search|Search Bar
Deleted      HKLM\Software\Classes\Software\Microsoft\Internet Explorer\Search|Default_Search_URL
Deleted      HKLM\Software\Classes\Software\Microsoft\Internet Explorer\Main|Search Page
Deleted      HKLM\Software\Classes\Software\Microsoft\Internet Explorer\Main|Search Bar
Deleted      HKLM\Software\Classes\Software\Microsoft\Internet Explorer\Main|Default_Search_URL
Deleted      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D44489A7-7A11-4E92-B824-5AE24E839A69}
Deleted      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Software Updater
Deleted      HKCU\Software\systweak
Deleted      HKLM\Software\Wow6432Node\systweak
Deleted      HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted      HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Prefetch
[+] Delete Tracing Keys
[+] Reset Chromium Policies
[+] Reset IE Policies
[+] Reset Proxy Settings
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [11127 octets] - [04/01/2019 23:08:18]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
Anti-Malware:
Code:
Malwarebytes
www.malwarebytes.com

-Protokolldetails-
Scan-Datum: 04.01.19
Scan-Zeit: 23:17
Protokolldatei: 9424516e-106e-11e9-933f-bc5ff47694e7.json

-Softwaredaten-
Version: 3.6.1.2711
Komponentenversion: 1.0.508
Version des Aktualisierungspakets: 1.0.8631
Lizenz: Testversion

-Systemdaten-
Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: DJ\Fee-Jonas

-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Scan gestartet von: Manuell
Ergebnis: Abgeschlossen
Gescannte Objekte: 326041
Erkannte Bedrohungen: 36
In die Quarantäne verschobene Bedrohungen: 36
Abgelaufene Zeit: 9 Min., 12 Sek.

-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung

-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)

Modul: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 3
PUP.Optional.Sanbreel, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}w64, In Quarantäne, [5107], [242524],1.0.8631
PUP.Optional.Yontoo, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Update ClearThink, In Quarantäne, [33], [253966],1.0.8631
PUP.Optional.Yontoo, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Util ClearThink, In Quarantäne, [33], [253966],1.0.8631

Registrierungswert: 1
PUP.Optional.Astromenda, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|APPPATH, In Quarantäne, [274], [235613],1.0.8631

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Daten-Stream: 0
(keine bösartigen Elemente erkannt)

Ordner: 2
PUP.Optional.Astromenda, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e1j5k7a3.default\astrmndant\fav_thumbs, In Quarantäne, [274], [175531],1.0.8631
PUP.Optional.Astromenda, C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\E1J5K7A3.DEFAULT\ASTRMNDANT, In Quarantäne, [274], [175531],1.0.8631

Datei: 30
PUP.Optional.Astromenda, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e1j5k7a3.default\astrmndant\fav_thumbs\61599c9bba650e31c8afab2c304e5f6c, In Quarantäne, [274], [175531],1.0.8631
PUP.Optional.Astromenda, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e1j5k7a3.default\astrmndant\fav_thumbs\ba27bd25bc9d7bc8e7bd492311bb0419, In Quarantäne, [274], [175531],1.0.8631
PUP.Optional.Astromenda, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e1j5k7a3.default\astrmndant\fav_thumbs\059ab19d6d1f1ea5a303c25f053d2b58, In Quarantäne, [274], [175531],1.0.8631
PUP.Optional.Astromenda, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e1j5k7a3.default\astrmndant\fav_thumbs\0770b1d204debf356d5c3f3fccd3f873, In Quarantäne, [274], [175531],1.0.8631
PUP.Optional.Astromenda, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e1j5k7a3.default\astrmndant\fav_thumbs\0af821e132bef7593d1b0815df3f29f8, In Quarantäne, [274], [175531],1.0.8631
PUP.Optional.Astromenda, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e1j5k7a3.default\astrmndant\fav_thumbs\2470471a70053a5e14e71b31eb69f818, In Quarantäne, [274], [175531],1.0.8631
PUP.Optional.Astromenda, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e1j5k7a3.default\astrmndant\fav_thumbs\2654ee659c17dd811237292fc64aeee2, In Quarantäne, [274], [175531],1.0.8631
PUP.Optional.Astromenda, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e1j5k7a3.default\astrmndant\fav_thumbs\27b0bc053ad89d7d58b7f92d3743ee75, In Quarantäne, [274], [175531],1.0.8631
PUP.Optional.Astromenda, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e1j5k7a3.default\astrmndant\fav_thumbs\2e5446c875088dad4aae1c612ff64e1d, In Quarantäne, [274], [175531],1.0.8631
PUP.Optional.Astromenda, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e1j5k7a3.default\astrmndant\fav_thumbs\3afddd56a7b32412433a4818cb6647df, In Quarantäne, [274], [175531],1.0.8631
PUP.Optional.Astromenda, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e1j5k7a3.default\astrmndant\fav_thumbs\46ddd9866e28d8d3461f728d01c56a97, In Quarantäne, [274], [175531],1.0.8631
PUP.Optional.Astromenda, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e1j5k7a3.default\astrmndant\fav_thumbs\d5cf393edfbdc0cad73c15dfe9e9cebd, In Quarantäne, [274], [175531],1.0.8631
PUP.Optional.Astromenda, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e1j5k7a3.default\astrmndant\fav_thumbs\e766c65e0b30a620adcb314ed3ec998a, In Quarantäne, [274], [175531],1.0.8631
PUP.Optional.Astromenda, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e1j5k7a3.default\astrmndant\fav_thumbs\e90183c9fbeb5e924225cb25cf953648, In Quarantäne, [274], [175531],1.0.8631
PUP.Optional.Astromenda, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e1j5k7a3.default\astrmndant\fav_thumbs\ebc1c035829e1b1b89c32ef2cb9cc3e4, In Quarantäne, [274], [175531],1.0.8631
PUP.Optional.Astromenda, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e1j5k7a3.default\astrmndant\fav_thumbs\ee7d51af22a41bf9430c9890458f0831, In Quarantäne, [274], [175531],1.0.8631
PUP.Optional.Astromenda, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e1j5k7a3.default\astrmndant\fav_thumbs\f36a304f5ed6fcb680758915ed8d1a17, In Quarantäne, [274], [175531],1.0.8631
PUP.Optional.Astromenda, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e1j5k7a3.default\astrmndant\fav_thumbs\f3e3646c98763a769fad4b05b6534403, In Quarantäne, [274], [175531],1.0.8631
PUP.Optional.Astromenda, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e1j5k7a3.default\astrmndant\fav_thumbs\fbad55b6c1f00e144e1341f24398ec4c, In Quarantäne, [274], [175531],1.0.8631
PUP.Optional.Astromenda, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e1j5k7a3.default\astrmndant\fav_thumbs\6d70af52075e68e63efc1726d47e1ea5, In Quarantäne, [274], [175531],1.0.8631
PUP.Optional.Astromenda, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e1j5k7a3.default\astrmndant\fav_thumbs\72d173e8e7f085a9e9f6db7722727192, In Quarantäne, [274], [175531],1.0.8631
PUP.Optional.Astromenda, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e1j5k7a3.default\astrmndant\fav_thumbs\7d49d5a8c23257b520052b7f1b3426fa, In Quarantäne, [274], [175531],1.0.8631
PUP.Optional.Astromenda, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e1j5k7a3.default\astrmndant\fav_thumbs\8ddb0c2b30ca3a9b910d74cf3edb2f08, In Quarantäne, [274], [175531],1.0.8631
PUP.Optional.Astromenda, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e1j5k7a3.default\astrmndant\fav_thumbs\9190c0743063be2c0067054c6049c821, In Quarantäne, [274], [175531],1.0.8631
PUP.Optional.Astromenda, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e1j5k7a3.default\astrmndant\fav_thumbs\9a4ee2fec026429257f5ec00353e11fa, In Quarantäne, [274], [175531],1.0.8631
PUP.Optional.Astromenda, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e1j5k7a3.default\astrmndant\fav_thumbs\a4e23c43388adb4275eb51731e2c617d, In Quarantäne, [274], [175531],1.0.8631
PUP.Optional.Astromenda, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e1j5k7a3.default\astrmndant\fav-groups, In Quarantäne, [274], [175531],1.0.8631
PUP.Optional.Astromenda, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e1j5k7a3.default\astrmndant\favs##64476ccc4730fdda48b75709f5f0e091, In Quarantäne, [274], [175531],1.0.8631
PUP.Optional.Astromenda, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e1j5k7a3.default\astrmndant\favs##c4524c5c7de989ae2b92468bc84d7e37, In Quarantäne, [274], [175531],1.0.8631
PUP.Optional.ChipDe, C:\USERS\ADMIN\DOWNLOADS\AMD CLEANUNINSTALL UTILITY - CHIP-INSTALLER.EXE, In Quarantäne, [488], [557991],1.0.8631

Physischer Sektor: 0
(keine bösartigen Elemente erkannt)

WMI: 0
(keine bösartigen Elemente erkannt)


(end)
FRST:

FRST Logfile:
Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 01.01.2019
durchgeführt von Admin (Administrator) auf DJ (04-01-2019 23:37:43)
Gestartet von C:\Users\Admin\Desktop
Geladene Profile: Admin & Fee-Jonas (Verfügbare Profile: Admin & Fee-Jonas & Dirk)
Platform: Windows 8.1 Pro (Update) (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Device Health\DhMachineSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Device Health\PluginManager\DhPluginMgr.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(Microsoft Corporation) C:\Windows\System32\WirelessKB850NotificationService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.895\SSScheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_ep64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\ProgramData\AVAST Software\Avast\SecureBrowser\avast_browser_setup_checker.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvLaunch.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Users\Admin\AppData\Local\Temp\nsqB1AB.tmp\avast-checker-update.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.895\SSScheduler.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8029576 2016-10-17] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [261512 2019-01-04] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Communicator] => C:\Program Files (x86)\Microsoft Lync\communicator.exe [12120104 2017-08-15] (Microsoft Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [527864 2012-12-10] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58584 2017-05-30] (Raptr, Inc)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [261512 2019-01-04] (AVAST Software)
HKLM\...\RunOnce: [SBrowserCheck] => C:\ProgramData\Avast Software\Avast\SecureBrowser\avast_browser_setup_checker.exe [4788840 2018-05-06] ()
HKU\S-1-5-21-1220723716-4126832292-3965305388-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3113768 2018-12-04] (Electronic Arts)
HKU\S-1-5-21-1220723716-4126832292-3965305388-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18630056 2018-09-06] (Piriform Ltd)
HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [912480 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3113768 2018-12-04] (Electronic Arts)
HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\...\Run: [Amazon Music] => C:\Users\Fee-Jonas\AppData\Local\Amazon Music\Amazon Music.exe [23183848 2017-09-19] (Amazon Services LLC)
HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\...\Run: [MiPhoneManager] => C:\Users\Fee-Jonas\AppData\Local\MiPhoneManager\main\MiPhoneHelper.exe [449464 2016-04-07] ()
HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\...\Run: [Amazon Music Helper] => C:\Users\Fee-Jonas\AppData\Local\Amazon Music\Amazon Music Helper.exe [3977704 2017-09-19] (Amazon Services LLC)
HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [49803112 2018-09-21] (Skype Technologies S.A.)
HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18630056 2018-09-06] (Piriform Ltd)
HKLM\...\Drivers32-x32: [vidc.VP60] => C:\Windows\SysWOW64\vp6vfw.dll [447752 2011-02-18] (On2.com)
HKLM\...\Drivers32-x32: [vidc.VP61] => C:\Windows\SysWOW64\vp6vfw.dll [447752 2011-02-18] (On2.com)
HKLM\...\Drivers32-x32: [msacm.l3codecp] => C:\Windows\SysWOW64\l3codecp.acm [186368 2014-11-21] (Fraunhofer Institut Integrierte Schaltungen IIS)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] -> C:\Program Files\Windows Mail\WinMail.exe [2014-11-21] (Microsoft Corporation)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] -> C:\Program Files (x86)\Windows Mail\WinMail.exe [2014-11-21] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2018-12-13]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.895\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2014-05-18]
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
Startup: C:\Users\Fee-Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2016-12-21]
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: 0.0.0.1        mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2
Tcpip\..\Interfaces\{E84189D4-3B18-4181-AC1D-0B9941A551E5}: [DhcpNameServer] 192.168.0.1 192.168.0.2

Internet Explorer:
==================
HKU\S-1-5-21-1220723716-4126832292-3965305388-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-1220723716-4126832292-3965305388-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://startpage.com/
HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKLM-x32 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-1220723716-4126832292-3965305388-1001 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-1220723716-4126832292-3965305388-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-1220723716-4126832292-3965305388-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Lync\OCHelper.dll [2010-11-03] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-08-22] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-08-22] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  Keine Datei
Toolbar: HKLM - Kein Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  Keine Datei
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP5-14362/webex/ieatgpc.cab

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e1j5k7a3.default [2019-01-04]
FF Homepage: Mozilla\Firefox\Profiles\e1j5k7a3.default -> hxxps://startpage.com
FF NewTab: Mozilla\Firefox\Profiles\e1j5k7a3.default -> hxxps://startpage.com
FF Extension: (Avast Online Security) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e1j5k7a3.default\Extensions\wrc@avast.com.xpi [2018-11-19]
FF HKU\S-1-5-21-1220723716-4126832292-3965305388-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => nicht gefunden
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_101.dll [2018-12-06] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_101.dll [2018-12-06] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-08-22] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1220723716-4126832292-3965305388-1002: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2018-12-29] ()

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <nicht gefunden>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <nicht gefunden>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2016-10-17] (Advanced Micro Devices) [Datei ist nicht signiert]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [7834368 2019-01-04] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [357816 2019-01-04] (AVAST Software)
R2 DeviceHealth; C:\Program Files (x86)\Microsoft Device Health\DhMachineSvc.exe [196760 2015-01-30] (Microsoft Corporation)
R2 DeviceHealth; C:\Program Files (x86)\Microsoft Device Health\DhMachineSvc.exe [196760 2015-01-30] (Microsoft Corporation)
R2 DeviceHealth; C:\Program Files (x86)\Microsoft Device Health\DhMachineSvc.exe [196760 2015-01-30] (Microsoft Corporation)
R2 DeviceHealthPluginMgr; C:\Program Files (x86)\Microsoft Device Health\PluginManager\DhPluginMgr.exe [244376 2015-01-30] (Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.895\McCHSvc.exe [405392 2018-12-11] (McAfee, Inc.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2270528 2018-12-04] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3131208 2018-12-04] (Electronic Arts)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
R2 WirelessKB850NotificationService; C:\WINDOWS\system32\WirelessKB850NotificationService.exe [176632 2018-05-14] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 amdacpksd; C:\WINDOWS\system32\drivers\amdacpksd.sys [305544 2016-10-18] (Advanced Micro Devices)
R0 amdide64; C:\WINDOWS\System32\drivers\amdide64.sys [11944 2012-12-03] (Advanced Micro Devices Inc.)
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37304 2019-01-04] (AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [203488 2019-01-04] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [220688 2019-01-04] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [196264 2019-01-04] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswblog.sys [320888 2019-01-04] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [58160 2019-01-04] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [239808 2019-01-04] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46584 2019-01-04] (AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42488 2019-01-04] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [166472 2019-01-04] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111992 2019-01-04] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [88144 2019-01-04] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1034056 2019-01-04] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [474648 2019-01-04] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [218056 2019-01-04] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [380144 2019-01-04] (AVAST Software)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWB6.sys [118848 2016-08-09] (Advanced Micro Devices)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152688 2018-12-04] (Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198512 2019-01-04] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [126624 2019-01-04] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [72536 2019-01-04] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [261032 2019-01-04] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [113016 2019-01-04] (Malwarebytes)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 vpnva; C:\WINDOWS\system32\DRIVERS\vpnva64-6.sys [50128 2012-12-10] (Cisco Systems, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)
S2 APXACC; \SystemRoot\system32\DRIVERS\appexDrv.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2019-01-04 23:38 - 2019-01-04 23:38 - 000002509 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2019-01-04 23:38 - 2019-01-04 23:38 - 000002474 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2019-01-04 23:37 - 2019-01-04 23:38 - 000019750 _____ C:\Users\Admin\Desktop\FRST.txt
2019-01-04 23:37 - 2019-01-04 23:37 - 000003586 _____ C:\WINDOWS\System32\Tasks\AvastUpdateTaskMachineUA
2019-01-04 23:37 - 2019-01-04 23:37 - 000003458 _____ C:\WINDOWS\System32\Tasks\AvastUpdateTaskMachineCore
2019-01-04 23:37 - 2019-01-04 23:37 - 000000000 ____D C:\Users\Admin\AppData\Local\mbamtray
2019-01-04 23:37 - 2019-01-04 23:37 - 000000000 ____D C:\Users\Admin\AppData\Local\AVAST Software
2019-01-04 23:37 - 2019-01-04 23:37 - 000000000 ____D C:\Program Files (x86)\AVAST Software
2019-01-04 23:36 - 2019-01-04 23:36 - 000007926 _____ C:\Users\Fee-Jonas\Desktop\mbam.txt
2019-01-04 23:31 - 2019-01-04 23:31 - 000126624 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-01-04 23:31 - 2019-01-04 23:31 - 000113016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-01-04 23:31 - 2019-01-04 23:31 - 000072536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-01-04 23:17 - 2019-01-04 23:17 - 000000000 ____D C:\Users\Fee-Jonas\AppData\Local\mbam
2019-01-04 23:16 - 2019-01-04 23:31 - 000261032 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-01-04 23:16 - 2019-01-04 23:16 - 000198512 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-01-04 23:16 - 2019-01-04 23:16 - 000001883 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-01-04 23:16 - 2019-01-04 23:16 - 000000000 ____D C:\Users\Fee-Jonas\AppData\Local\mbamtray
2019-01-04 23:16 - 2019-01-04 23:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-01-04 23:16 - 2019-01-04 23:16 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-01-04 23:16 - 2019-01-04 23:16 - 000000000 ____D C:\Program Files\Malwarebytes
2019-01-04 23:16 - 2018-12-04 08:09 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-01-04 23:15 - 2019-01-04 23:16 - 081227760 _____ (Malwarebytes ) C:\Users\Fee-Jonas\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.508-1.0.8211.exe
2019-01-04 23:13 - 2019-01-04 23:13 - 000009665 _____ C:\Users\Admin\Desktop\AdwCleaner[C00].txt
2019-01-04 23:07 - 2019-01-04 23:08 - 000000000 ____D C:\AdwCleaner
2019-01-04 23:06 - 2019-01-04 23:03 - 007320272 _____ (Malwarebytes) C:\Users\Admin\Desktop\adwcleaner_7.2.6.0.exe
2019-01-04 23:03 - 2019-01-04 23:03 - 007320272 _____ (Malwarebytes) C:\Users\Fee-Jonas\Downloads\adwcleaner_7.2.6.0.exe
2019-01-04 22:21 - 2019-01-04 22:21 - 000074896 _____ C:\Users\Admin\Desktop\Addition_vorher.txt
2019-01-04 22:20 - 2019-01-04 22:21 - 000038315 _____ C:\Users\Admin\Desktop\FRST_vorher.txt
2019-01-04 22:19 - 2019-01-04 22:01 - 002426368 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2019-01-04 22:02 - 2019-01-04 22:03 - 000065511 _____ C:\Users\Fee-Jonas\Desktop\Addition.txt
2019-01-04 22:01 - 2019-01-04 23:37 - 000000000 ____D C:\FRST
2019-01-04 22:01 - 2019-01-04 22:03 - 000035312 _____ C:\Users\Fee-Jonas\Desktop\FRST.txt
2019-01-04 22:01 - 2019-01-04 22:01 - 002426368 _____ (Farbar) C:\Users\Fee-Jonas\Desktop\FRST64.exe
2019-01-04 21:51 - 2019-01-04 21:51 - 000361352 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2019-01-04 21:51 - 2019-01-04 21:50 - 000320888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswblog.sys
2019-01-04 21:51 - 2019-01-04 21:50 - 000220688 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2019-01-04 21:51 - 2019-01-04 21:50 - 000196264 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2019-01-04 21:51 - 2019-01-04 21:50 - 000058160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2019-01-04 21:51 - 2019-01-04 21:50 - 000037304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2018-12-28 00:30 - 2018-12-28 19:29 - 000000000 ____D C:\Users\Fee-Jonas\Documents\Shadow of the Tomb Raider
2018-12-28 00:30 - 2018-12-28 00:30 - 000000000 ____D C:\Users\Fee-Jonas\AppData\Roaming\Eidos Montreal
2018-12-28 00:30 - 2018-12-28 00:30 - 000000000 ____D C:\Users\Fee-Jonas\AppData\Local\NVIDIA Corporation
2018-12-20 13:53 - 2018-12-14 08:38 - 000790016 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-12-20 13:53 - 2018-12-14 07:33 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-12-16 18:05 - 2018-12-16 18:05 - 000002115 _____ C:\Users\Public\Desktop\WISO steuer Sparbuch 2019.lnk
2018-12-16 18:05 - 2018-12-16 18:05 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Buhl
2018-12-16 18:05 - 2018-12-16 18:05 - 000000000 ____D C:\Users\Admin\AppData\Local\wmain19
2018-12-16 18:05 - 2018-12-16 18:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO steuer Sparbuch 2019
2018-12-14 16:08 - 2018-12-14 16:08 - 000001047 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2018-12-14 16:08 - 2018-12-14 16:08 - 000000000 ____D C:\Users\Fee-Jonas\AppData\Local\Notepad++
2018-12-14 16:08 - 2018-12-14 16:08 - 000000000 ____D C:\Users\Admin\AppData\Local\Notepad++
2018-12-14 11:06 - 2018-11-28 10:39 - 004168704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2018-12-14 11:06 - 2018-11-28 09:08 - 015441408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-12-14 11:06 - 2018-11-28 09:04 - 013322240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-12-14 11:06 - 2018-11-15 04:00 - 025735680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-12-14 11:06 - 2018-11-15 03:34 - 020281856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-12-14 11:06 - 2018-11-15 02:51 - 000498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-12-14 11:06 - 2018-11-15 02:50 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-12-14 11:06 - 2018-11-13 05:35 - 005778944 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-12-14 11:06 - 2018-11-13 05:00 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-12-14 11:06 - 2018-11-13 04:52 - 000809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-12-14 11:06 - 2018-11-13 04:51 - 015284736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-12-14 11:06 - 2018-11-13 04:43 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-12-14 11:06 - 2018-11-13 04:42 - 004494848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-12-14 11:06 - 2018-11-13 04:38 - 013681152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-12-14 11:06 - 2018-11-13 04:38 - 004859904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-12-14 11:06 - 2018-11-13 04:37 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-12-14 11:06 - 2018-11-13 04:27 - 001555968 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-12-14 11:06 - 2018-11-13 04:18 - 004386816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-12-14 11:06 - 2018-11-13 04:16 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-12-14 11:06 - 2018-11-13 04:15 - 001330176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-12-14 11:06 - 2018-11-13 04:14 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-12-14 11:06 - 2018-11-10 20:42 - 001368584 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2018-12-14 11:06 - 2018-11-10 20:36 - 007371720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-12-14 11:06 - 2018-11-10 20:25 - 000121288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2018-12-14 11:06 - 2018-11-10 19:54 - 001308456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-12-14 11:06 - 2018-11-10 19:53 - 000356088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-12-14 11:06 - 2018-11-10 17:34 - 001754112 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2018-12-14 11:06 - 2018-11-10 17:25 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2018-12-14 11:06 - 2018-11-10 17:22 - 000747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-12-14 11:06 - 2018-11-10 17:15 - 001491968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2018-12-14 11:06 - 2018-11-03 19:28 - 002532344 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-12-14 11:06 - 2018-11-03 18:41 - 001903456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-12-14 11:06 - 2018-11-03 16:25 - 002348032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-12-14 11:06 - 2018-11-03 16:11 - 001556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-12-14 11:06 - 2018-10-06 17:43 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-12-14 11:06 - 2018-10-06 17:13 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-12-14 11:06 - 2018-10-05 18:06 - 001200640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2018-12-14 11:06 - 2018-10-05 18:06 - 000323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2018-12-14 11:06 - 2018-10-05 17:20 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2018-12-14 11:06 - 2018-10-05 17:20 - 000200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2018-12-14 11:06 - 2018-10-05 16:18 - 000513376 _____ C:\WINDOWS\SysWOW64\locale.nls
2018-12-14 11:06 - 2018-10-05 16:18 - 000513376 _____ C:\WINDOWS\system32\locale.nls
2018-12-13 11:42 - 2018-12-13 11:42 - 000001980 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2018-12-13 11:42 - 2018-12-13 11:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2018-12-13 11:41 - 2018-12-27 17:03 - 000000000 ____D C:\ProgramData\McAfee Security Scan
2018-12-09 07:24 - 2019-01-03 22:37 - 000000000 ____D C:\Users\Fee-Jonas\AppData\Local\CrashDumps
2018-12-06 14:37 - 2018-12-06 14:37 - 006351872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2019-01-04 23:37 - 2015-11-28 00:24 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Raptr
2019-01-04 23:31 - 2015-11-28 00:27 - 000000000 ____D C:\Users\Fee-Jonas\AppData\Roaming\Raptr
2019-01-04 23:30 - 2015-02-14 07:54 - 000000476 _____ C:\WINDOWS\Tasks\微软设备健康助手设备检查.job
2019-01-04 23:29 - 2014-11-14 22:14 - 000000454 _____ C:\WINDOWS\Tasks\微软设备健康助手开机检测.job
2019-01-04 23:29 - 2013-08-22 15:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-01-04 23:28 - 2015-11-28 00:44 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2019-01-04 23:28 - 2013-08-22 14:25 - 000524288 ___SH C:\WINDOWS\system32\config\BBI
2019-01-04 23:26 - 2012-12-30 06:25 - 000003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1220723716-4126832292-3965305388-1001
2019-01-04 23:24 - 2016-10-24 22:54 - 000003922 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{83FB303E-983C-49AF-9DF9-B4C660AC815C}
2019-01-04 23:22 - 2013-08-22 16:36 - 000000000 ___HD C:\Program Files\WindowsApps
2019-01-04 23:22 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-01-04 23:21 - 2016-10-25 18:55 - 000003906 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{BCFF598A-9863-4AE8-8D7E-FDDA574760FE}
2019-01-04 23:14 - 2016-11-18 21:36 - 000000000 ____D C:\Users\Fee-Jonas\AppData\LocalLow\Mozilla
2019-01-04 23:10 - 2014-08-11 20:22 - 000000470 _____ C:\WINDOWS\Tasks\微软设备健康助手自动更新.job
2019-01-04 22:59 - 2018-09-06 17:06 - 000003870 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-01-04 22:59 - 2017-08-13 07:26 - 000002778 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2019-01-04 22:59 - 2016-10-25 21:21 - 000004238 _____ C:\WINDOWS\System32\Tasks\AMD Updater
2019-01-04 22:59 - 2015-02-14 07:54 - 000003386 _____ C:\WINDOWS\System32\Tasks\微软设备健康助手设备检查
2019-01-04 22:59 - 2014-11-14 22:14 - 000002790 _____ C:\WINDOWS\System32\Tasks\微软设备健康助手开机检测
2019-01-04 22:59 - 2014-08-11 20:22 - 000003380 _____ C:\WINDOWS\System32\Tasks\微软设备健康助手自动更新
2019-01-04 22:59 - 2014-01-12 13:04 - 000003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1220723716-4126832292-3965305388-1115
2019-01-04 22:59 - 2012-12-29 23:48 - 000004342 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2019-01-04 22:58 - 2015-12-03 17:40 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2019-01-04 22:56 - 2013-12-28 13:55 - 000000000 ____D C:\Program Files (x86)\Steam
2019-01-04 22:21 - 2013-08-22 14:36 - 000000000 ____D C:\WINDOWS\Inf
2019-01-04 21:52 - 2017-04-22 06:43 - 000003910 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2019-01-04 21:51 - 2018-05-05 05:58 - 000239808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2019-01-04 21:51 - 2018-05-05 05:58 - 000203488 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2019-01-04 21:51 - 2016-03-28 23:42 - 000042488 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2019-01-04 21:51 - 2014-05-04 20:22 - 000046584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2019-01-04 21:51 - 2013-12-23 16:20 - 000218056 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2019-01-04 21:51 - 2013-04-11 21:56 - 000474648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2019-01-04 21:51 - 2013-04-11 21:56 - 000380144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2019-01-04 21:51 - 2013-04-11 21:56 - 000166472 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2019-01-04 21:51 - 2013-04-11 21:56 - 000111992 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2019-01-04 21:51 - 2013-04-11 21:56 - 000088144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2019-01-04 21:50 - 2013-04-11 21:56 - 001034056 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2019-01-04 21:13 - 2016-06-11 20:12 - 000000000 ____D C:\Users\Fee-Jonas\AppData\Roaming\Factorio
2019-01-04 14:18 - 2016-10-24 22:26 - 000433648 _____ C:\WINDOWS\system32\prfh0804.dat
2019-01-04 14:18 - 2016-10-24 22:26 - 000132582 _____ C:\WINDOWS\system32\prfc0804.dat
2019-01-04 14:18 - 2014-11-21 04:35 - 002335906 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-01-04 14:18 - 2014-11-21 03:45 - 000758136 _____ C:\WINDOWS\system32\perfh007.dat
2019-01-04 14:18 - 2014-11-21 03:45 - 000156398 _____ C:\WINDOWS\system32\perfc007.dat
2019-01-03 11:15 - 2013-07-22 18:37 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-12-30 00:07 - 2012-12-30 00:31 - 000000000 ____D C:\Users\Fee-Jonas\AppData\Local\Ubisoft Game Launcher
2018-12-20 14:38 - 2012-07-26 08:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-12-18 19:58 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\rescache
2018-12-18 18:47 - 2012-12-30 13:10 - 000000000 ____D C:\ProgramData\Origin
2018-12-18 18:47 - 2012-12-30 13:10 - 000000000 ____D C:\Program Files (x86)\Origin
2018-12-17 18:06 - 2012-12-30 06:29 - 000003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1220723716-4126832292-3965305388-1002
2018-12-16 18:05 - 2016-10-25 21:10 - 000000000 ____D C:\Users\Admin\AppData\Local\AMD
2018-12-16 18:05 - 2014-05-18 14:25 - 000000000 ____D C:\Users\Admin\AppData\Local\Buhl
2018-12-16 18:00 - 2014-05-18 14:23 - 000000000 ____D C:\Program Files (x86)\WISO
2018-12-16 18:00 - 2012-12-29 23:42 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-12-16 17:55 - 2014-05-18 14:22 - 000000000 ____D C:\ProgramData\Buhl Data Service GmbH
2018-12-16 15:31 - 2015-12-20 21:40 - 000000000 ____D C:\Users\Fee-Jonas\Documents\Paradox Interactive
2018-12-16 15:18 - 2016-11-17 20:52 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-12-16 15:18 - 2012-12-29 23:44 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-12-14 19:10 - 2012-12-29 23:44 - 000001077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-12-14 16:34 - 2013-08-22 15:44 - 000527816 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-12-14 16:08 - 2016-02-03 22:14 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Notepad++
2018-12-13 14:32 - 2012-12-29 23:38 - 137260640 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-12-13 14:27 - 2012-07-26 06:26 - 000000269 _____ C:\WINDOWS\win.ini
2018-12-13 11:42 - 2015-11-25 19:16 - 000000000 ____D C:\Program Files\McAfee Security Scan
2018-12-06 14:37 - 2018-03-16 18:48 - 000004514 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-12-06 14:37 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-12-06 14:37 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\system32\Macromed

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-04-13 12:58 - 2014-04-13 12:58 - 000001078 _____ () C:\Users\Admin\AppData\Roaming\base64.cer
2016-10-24 20:48 - 2016-10-24 20:48 - 000000046 _____ () C:\Users\Admin\AppData\Roaming\WB.CFG
2013-06-03 15:18 - 2013-06-03 15:18 - 000001244 _____ () C:\Users\Admin\AppData\Local\recently-used.xbel

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2019-01-03 23:38

==================== Ende von FRST.txt ============================
--- --- ---

dirk_92 04.01.2019 23:50
addition
 
FRST addition:
Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 01.01.2019
durchgeführt von Admin (04-01-2019 23:39:05)
Gestartet von C:\Users\Admin\Desktop
Windows 8.1 Pro (Update) (X64) (2016-10-24 21:38:50)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Admin (S-1-5-21-1220723716-4126832292-3965305388-1001 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-1220723716-4126832292-3965305388-500 - Administrator - Disabled)
Dirk (S-1-5-21-1220723716-4126832292-3965305388-1115 - Limited - Enabled) => C:\Users\Dirk
Fee-Jonas (S-1-5-21-1220723716-4126832292-3965305388-1002 - Limited - Enabled) => C:\Users\Fee-Jonas
Gast (S-1-5-21-1220723716-4126832292-3965305388-501 - Limited - Disabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
ACP Application (HKLM\...\{7887FB96-80EA-BDAE-A5E4-A9C8C3ED7093}) (Version: 2016.1017.2209.52 - Advanced Micro Devices, Inc.) Hidden
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.101 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\...\Amazon Amazon Music) (Version: 6.0.1.1166 - Amazon Services LLC)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
Angry Birds (HKLM-x32\...\{A353543A-B1EB-48E1-A719-A88A68BFA555}) (Version: 4.0.0 - Rovio Entertainment Ltd.)
Angry Birds (HKLM-x32\...\{DE96EDE7-7D0A-49D7-9C11-121BA91F84E0}) (Version: 3.3.0 - Rovio Entertainment Ltd.)
ANNO 2070 (HKLM-x32\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.1.2360 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 70.1.973.110 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Catalyst Control Center Next Localization BR (HKLM\...\{30BEC4F9-FB2F-3C5D-FBB4-B47DB23271C9}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{9B9E3989-EB86-7D86-39C8-64795A9F30D9}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{E8316EE7-97E5-80F1-B8BE-DDCC225244AC}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{8D9B427F-697E-D95F-059A-1E3E669998A1}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{9DE7A3B1-4B80-8F11-1A0B-F92CC2B06781}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{84035ED3-8E29-59E2-F648-8F07212078C8}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{2A3AE3B3-4E31-A203-8D27-655D950805C1}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{FC32D676-C95A-01BE-037E-98E0259094CC}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{362F7ED0-CC19-BDDE-F804-A718C49797E0}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{88F8B3EF-6947-A693-BEA6-D6A51466371F}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{A0FD84CD-6E95-7D76-2D96-7233B58D0ABD}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{C5A8698A-F510-5BF3-538C-6721D373D274}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{FCC2674A-94F1-A4ED-2CE1-FC2401E559CC}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{F65E03FF-F1ED-D59A-507A-F3D3F1AEED43}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{BB4D999E-5199-D422-0B07-015E97E0E0A0}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{98E1DA10-0656-3266-C88E-1E2F49E9FE19}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{F8082754-11C3-F178-08BD-0F91E89C14C6}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{E3884E2A-224E-8238-EC3F-8F2850D5A1FF}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{BE4FCA73-4411-6FA9-DFA9-B29A8F1E4B36}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{8A63B449-330C-CE77-3D2C-1BC6FA9CD511}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{EC463366-E74D-2630-72D9-74228C2190D9}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.0.11042 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{4B3AF51F-830F-409F-AE05-FB67040C90B6}) (Version: 3.0.11042 - Cisco Systems, Inc.) Hidden
Cisco WebEx Meetings (HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Die Siedler 7 (HKLM-x32\...\{63860309-DA8A-4BAE-9EAE-CE1D6D79340C}) (Version: 1.12.1396 - Ubisoft)
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.69.43.024017 - Electronic Arts Inc.)
Die Sims™ 3 70er, 80er & 90er Accessoires (HKLM-x32\...\{E1868CAE-E3B9-4099-8C18-AA8944D336FD}) (Version: 17.0.77 - Electronic Arts)
Die Sims™ 3 Design-Garten-Accessoires (HKLM-x32\...\{117B6BF6-82C3-420C-B284-9247C8568E53}) (Version: 7.3.2 - Electronic Arts)
Die Sims™ 3 Diesel Accessoires (HKLM-x32\...\{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}) (Version: 14.0.48 - Electronic Arts)
Die Sims™ 3 Einfach tierisch (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
Die Sims™ 3 Gib Gas-Accessoires (HKLM-x32\...\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}) (Version: 5.0.44 - Electronic Arts)
Die Sims™ 3 Inselparadies (HKLM-x32\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts)
Die Sims™ 3 Into the Future (HKLM-x32\...\{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}) (Version: 21.0.150 - Electronic Arts)
Die Sims™ 3 Jahreszeiten (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
Die Sims™ 3 Katy Perry Süße Welt (HKLM-x32\...\{9B2506E3-9A3F-45B5-96BF-509CAD584650}) (Version: 13.0.62 - Electronic Arts)
Die Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.5.1 - Electronic Arts)
Die Sims™ 3 Lebensfreude (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
Die Sims™ 3 Luxus-Accessoires (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.13.1 - Electronic Arts)
Die Sims™ 3 Reiseabenteuer (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
Die Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
Die Sims™ 3 Stadt-Accessoires (HKLM-x32\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)
Die Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
Die Sims™ 3 Traumkarrieren (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.10.1 - Electronic Arts)
Die Sims™ 3 Traumsuite-Accessoires (HKLM-x32\...\{08A25478-C5DD-4EA7-B168-3D687CA987FF}) (Version: 11.0.84 - Electronic Arts)
Die Sims™ 3 Wildes Studentenleben (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.44.83.1020 - Electronic Arts Inc.)
Extended Asian Language font pack for Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-A00000000004}) (Version: 11.0.0 - Adobe Systems Incorporated)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
Greenshot 1.1.5.2643 (HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\...\Greenshot_is1) (Version: 1.1.5.2643 - Greenshot)
GSview 5.0 (HKLM\...\GSview 5.0) (Version: 5.0 - Ghostgum Software Pty Ltd)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Inkscape 0.48.4 (HKLM-x32\...\Inkscape) (Version: 0.48.4 - )
JabRef 2.9.2 (HKLM-x32\...\JabRef 2.9.2) (Version: 2.9.2 - JabRef Team)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
KODAK Create@Home Software (für dm) (HKLM-x32\...\{398AC289-E8BE-4FC2-99B5-AC6DB0640FC7}) (Version: 9.1.0392 - Kodak Alaris Inc.)
Leisure Suit Larry Reloaded (HKLM-x32\...\{E58E79EB-96BC-4BC2-A0E7-9CC28ECF4E1A}) (Version: 1.0.0.0 - Replay Games Inc.)
Malwarebytes Version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.895.1 - McAfee, Inc.)
Microsoft Lync 2010 (HKLM\...\{58A013B1-1613-4978-881A-FCA43710C84A}) (Version: 4.0.7577.4540 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.11.25325 (HKLM-x32\...\{404c9c27-8377-4fd1-b607-7ca635db4e49}) (Version: 14.11.25325.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MiKTeX 2.9 (HKLM-x32\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mozilla Firefox 64.0 (x64 de) (HKLM\...\Mozilla Firefox 64.0 (x64 de)) (Version: 64.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 63.0.3 - Mozilla)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.9 - Notepad++ Team)
Origin (HKLM-x32\...\Origin) (Version: 10.5.32.18460 - Electronic Arts, Inc.)
PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio)
Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
R for Windows 3.0.0 (HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\...\R for Windows 3.0.0_is1) (Version: 3.0.0 - R Core Team)
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.10-r123135-release - Raptr, Inc)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.9 - Rockstar Games)
RollerCoaster Tycoon 2 Triple Thrill Pack (HKLM-x32\...\{4C5D15D2-5351-4F05-A96E-56C20554F977}) (Version: 1.00.000 - )
s3pe - Sims3 Package Editor (HKLM-x32\...\s3pe) (Version: 12-1225-1206 - Peter L Jones)
SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
Secure Download Manager (HKLM-x32\...\{AA57D6F1-6360-4397-B2D9-B21C69863D97}) (Version: 3.1.0 - Kivuto Solutions Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.98.0213 - Electronic Arts)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype Version 8.31 (HKLM-x32\...\Skype_is1) (Version: 8.31 - Skype Technologies S.A.)
Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeXnicCenter Version 2.0 Beta 1 (HKLM\...\TeXnicCenter_is1) (Version: 2.0 Beta 1 - The TeXnicCenter Team)
Theme Hospital (HKLM-x32\...\{5118A4C2-C8A4-4CE5-AC37-F3E51C25402F}) (Version: 3.0.0.5 - Electronic Arts)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Uplay (HKLM-x32\...\Uplay) (Version: 14.0 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.21.0 (HKLM\...\VulkanRT1.0.21.0) (Version: 1.0.21.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0-10) (Version: 1.0.26.0 - LunarG, Inc.)
WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)
Windows-Treiberpaket - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WISO steuer:Sparbuch 2016 (HKLM-x32\...\{08459FDC-0106-4B93-AD0F-4111DA9C4FD3}) (Version: 23.00.1146 - Buhl Data Service GmbH)
WISO steuer:Sparbuch 2017 (HKLM-x32\...\{8B75DEB9-A7A3-4E7E-A80B-C982B8894E7F}) (Version: 24.05.1582 - Buhl Data Service GmbH)
WISO steuer:Sparbuch 2018 (HKLM-x32\...\{061BEF8E-5B59-45C6-A598-EDB81FC38AFB}) (Version: 25.03.1550 - Buhl Data Service GmbH)
WISO steuer:Sparbuch 2019 (HKLM-x32\...\{42E59B2F-EA74-4898-AACF-A62F7C90EEE2}) (Version: 26.00.1560 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{8FDA5FAB-BF29-4744-B9BD-9C3F9A26F0B6}) (Version: 21.00.8480 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2015 (HKLM-x32\...\{8A6497B9-EF0C-48F9-9D82-7EE4511FA6B4}) (Version: 22.08.9051 - Buhl Data Service GmbH)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)
小米助手 (HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\...\MiPhoneManager) (Version:  - 小米移动软件有限公司)
微软设备健康助手 (HKLM-x32\...\{2EAC4B0F-6E44-4FF6-AA5E-5D100F2BAA59}) (Version: 1.5.3.1 - Microsoft Corporation)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-04] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-04] (AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2011-04-18] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2015-04-15] ()
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-04] (AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-05] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-05] (Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-04] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2011-04-18] (Igor Pavlov)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2016-10-17] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-04] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-05] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-05] (Alexander Roshal)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {21B76B13-E78C-477A-9521-429FD3373732} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2019-01-04] (AVAST Software)
Task: {29BAEA52-F7C7-4A2E-94F9-4457AD0E5201} - System32\Tasks\微软设备健康助手设备检查 => C:\Program Files (x86)\Microsoft Device Health\PluginManager\DhPluginMgrScheduler.exe [2015-01-30] (Microsoft Corporation)
Task: {348188BD-B2FF-486F-847C-D14B5DEBAE16} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-09-06] (Piriform Ltd)
Task: {5A26CFFB-388F-4F96-9B9E-DD8AF02DDA56} - System32\Tasks\微软设备健康助手开机检测 => C:\Program Files (x86)\Microsoft Device Health\DhUpdate.exe [2015-01-30] (Microsoft Corporation)
Task: {68D72534-72E8-46D6-989F-F78C44CED384} - \Microsoft\Windows\Setup\EOSNotify -> Keine Datei <==== ACHTUNG
Task: {7A986F2A-4B42-4A7E-9C90-0BD6BB8F3651} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2019-01-04] (AVAST Software)
Task: {853AEED7-EBAD-4FDC-824E-953303A9D6A0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-12-06] (Adobe Systems Incorporated)
Task: {AC885A5D-128A-4B56-88C9-01560593E036} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-09-06] (Piriform Ltd)
Task: {ACF07987-306C-4031-BFBC-04337D1AD8E8} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_101_Plugin.exe [2018-12-06] (Adobe Systems Incorporated)
Task: {BD8F20F8-0DCA-46DD-A2E0-D7ABC9DEED39} - System32\Tasks\微软设备健康助手自动更新 => C:\Program Files (x86)\Microsoft Device Health\DhUpdate.exe [2015-01-30] (Microsoft Corporation)
Task: {C7CA4FAB-E38D-4006-866A-D977E68E65E2} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2019-01-04] (AVAST Software)
Task: {D7616AB8-6967-47CE-BECD-AC3618293336} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-10-17] (Advanced Micro Devices, Inc.)
Task: {E4493513-980A-4B9C-A25A-9A0AF78A26E3} - System32\Tasks\SafeZone scheduled Autoupdate 1459280326 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
Task: {F799ABC8-7C43-427E-8AE1-FB4AECFDDC42} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe [2018-11-18] (AVAST Software)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\微软设备健康助手开机检测.job => C:\Program Files (x86)\Microsoft Device Health\DhUpdate.exe/EnableDHWORKGROUP\DJ$H此任务用于微软设备健康助手的状态检测和自我修复。了解更多请查阅hxxp:/support.microsoft.com
Task: C:\WINDOWS\Tasks\微软设备健康助手自动更新.job => C:\Program Files (x86)\Microsoft Device Health\DhUpdate.exeWORKGROUP\DJ$Z此服务属于微软设备健康助手用于获取最新的版本有助于提高设备健康度及保障支付安全。了解更多请查阅hxxp:/support.microsoft.com
Task: C:\WINDOWS\Tasks\微软设备健康助手设备检查.job => C:\Program Files (x86)\Microsoft Device Health\PluginManager\DhPluginMgrScheduler.exeWORKGROUP\DJ$C此任务用于微软设备健康助手的设备检查。了解更多请查阅hxxp:/support.microsoft.com

==================== Verknüpfungen & WMI ========================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)


==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2018-11-20 04:46 - 2018-11-20 04:46 - 004310296 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2019-01-04 23:16 - 2018-11-21 11:07 - 002842608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2019-01-04 23:16 - 2018-11-15 11:01 - 002712432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2016-09-14 02:20 - 2016-09-14 02:20 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-14 02:20 - 2016-09-14 02:20 - 000739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-14 02:20 - 2016-09-14 02:20 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-09-14 02:20 - 2016-09-14 02:20 - 000071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-14 02:20 - 2016-09-14 02:20 - 000011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-14 02:20 - 2016-09-14 02:20 - 002013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2019-01-04 21:51 - 2019-01-04 21:51 - 093695912 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2019-01-04 21:51 - 2019-01-04 21:51 - 000667016 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-05-06 05:36 - 2018-05-06 05:36 - 004788840 _____ () C:\ProgramData\AVAST Software\Avast\SecureBrowser\avast_browser_setup_checker.exe
2019-01-04 23:37 - 2019-01-04 23:37 - 002781464 _____ () C:\Users\Admin\AppData\Local\Temp\nsqB1AB.tmp\avast-checker-update.exe
2015-05-08 02:37 - 2015-05-08 02:37 - 000087040 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_ctypes.pyd
2015-05-08 02:37 - 2015-05-08 02:37 - 000043008 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_socket.pyd
2015-05-08 02:37 - 2015-05-08 02:37 - 000805376 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_ssl.pyd
2015-05-08 02:39 - 2015-05-08 02:39 - 005812736 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtGui.pyd
2017-05-04 20:01 - 2017-05-04 20:01 - 000067584 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\sip.pyd
2015-05-08 02:39 - 2015-05-08 02:39 - 001662464 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtCore.pyd
2015-05-08 02:39 - 2015-05-08 02:39 - 000494592 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtNetwork.pyd
2015-05-08 02:39 - 2015-05-08 02:39 - 000096256 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32api.pyd
2015-05-08 02:38 - 2015-05-08 02:38 - 000110592 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pywintypes26.dll
2015-05-08 02:37 - 2015-05-08 02:37 - 000010240 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\select.pyd
2015-05-08 02:37 - 2015-05-08 02:37 - 000356864 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_hashlib.pyd
2015-05-08 02:39 - 2015-05-08 02:39 - 000036352 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32process.pyd
2015-05-08 02:39 - 2015-05-08 02:39 - 000111104 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32file.pyd
2015-05-08 02:37 - 2015-05-08 02:37 - 000044544 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_sqlite3.pyd
2015-05-08 02:49 - 2015-05-08 02:49 - 000417501 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\sqlite3.dll
2015-05-08 02:39 - 2015-05-08 02:39 - 000167936 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32gui.pyd
2015-05-08 02:39 - 2015-05-08 02:39 - 000313856 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtWebKit.pyd
2015-05-08 02:37 - 2015-05-08 02:37 - 000127488 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pyexpat.pyd
2015-05-08 02:37 - 2015-05-08 02:37 - 000009216 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\winsound.pyd
2015-11-13 22:59 - 2015-11-13 22:59 - 000113171 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libvlc.dll
2015-11-13 22:59 - 2015-11-13 22:59 - 002396691 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libvlccore.dll
2015-05-08 02:37 - 2015-05-08 02:37 - 000583680 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\unicodedata.pyd
2015-05-08 02:39 - 2015-05-08 02:39 - 000141312 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\gobject._gobject.pyd
2017-05-04 18:33 - 2017-05-04 18:33 - 002717595 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\heliotrope._purple.pyd
2015-05-08 02:49 - 2015-05-08 02:49 - 001213633 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libxml2-2.dll
2015-05-08 02:55 - 2015-05-08 02:55 - 000055808 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\zlib1.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 000495680 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libaim.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 001183699 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\liboscar.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 000483306 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libicq.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 000655356 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libirc.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 001306387 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libmsn.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 000565461 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libxmpp.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 001640221 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libjabber.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 000506276 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libyahoo.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 001053730 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libymsg.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 000497782 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libyahoojp.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 000603326 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\ssl-nss.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 000474199 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\ssl.dll
2019-01-04 23:37 - 2019-01-04 23:37 - 000049192 _____ () C:\Users\Admin\AppData\Local\Temp\nsqB1AB.tmp\debug.dll
2019-01-04 23:37 - 2019-01-04 23:37 - 000011776 _____ () C:\Users\Admin\AppData\Local\Temp\nsqB1AB.tmp\System.dll
2019-01-04 23:37 - 2019-01-04 23:37 - 000022016 _____ () C:\Users\Admin\AppData\Local\Temp\nsqB1AB.tmp\nsJSON.dll
2019-01-04 23:37 - 2019-01-04 23:37 - 000015872 _____ () C:\Users\Admin\AppData\Local\Temp\nsqB1AB.tmp\stack.dll
2019-01-04 23:37 - 2019-01-04 23:37 - 000028464 _____ () C:\Users\Admin\AppData\Local\Temp\nsqB1AB.tmp\process.dll
2019-01-04 23:37 - 2019-01-04 23:37 - 000047144 _____ () C:\Users\Admin\AppData\Local\Temp\nszEDBB.tmp\debug.dll
2019-01-04 23:37 - 2019-01-04 23:37 - 000011776 _____ () C:\Users\Admin\AppData\Local\Temp\nszEDBB.tmp\System.dll
2019-01-04 23:37 - 2019-01-04 23:37 - 000022016 _____ () C:\Users\Admin\AppData\Local\Temp\nszEDBB.tmp\nsJSON.dll
2019-01-04 23:37 - 2019-01-04 23:37 - 000015872 _____ () C:\Users\Admin\AppData\Local\Temp\nszEDBB.tmp\stack.dll
2018-12-04 16:05 - 2018-12-04 16:05 - 000032048 _____ () C:\Users\Admin\AppData\Local\Temp\nszEDBB.tmp\jsisdl.dll
2018-12-04 16:03 - 2018-12-04 16:03 - 000004608 _____ () C:\Users\Admin\AppData\Local\Temp\nszEDBB.tmp\nsProcess.dll
2019-01-04 23:37 - 2019-01-04 23:37 - 000028464 _____ () C:\Users\Admin\AppData\Local\Temp\nszEDBB.tmp\process.dll
2018-12-04 16:04 - 2018-12-04 16:04 - 000027440 _____ () C:\Users\Admin\AppData\Local\Temp\nszEDBB.tmp\fs.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData:BDSDRMHK [64]
AlternateDataStreams: C:\Users\All Users:BDSDRMHK [64]
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:BDSDRMHK [64]
AlternateDataStreams: C:\ProgramData\Application Data:BDSDRMHK [64]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-1220723716-4126832292-3965305388-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\...\localhost -> localhost

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2012-07-26 06:26 - 2019-01-04 10:49 - 000000909 _____ C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.1        mssplus.mcafee.com

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1220723716-4126832292-3965305388-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme2\img9.jpg
DNS Servers: 192.168.0.1 - 192.168.0.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (Keine Datei)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.

HKLM\...\StartupApproved\StartupFolder: => "WISO Mein Steuer-Sparbuch heute.lnk"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "BingDesktop"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Communicator"
HKLM\...\StartupApproved\Run32: => "PowerDVD13Agent"
HKLM\...\StartupApproved\Run32: => "PlaysTV"
HKU\S-1-5-21-1220723716-4126832292-3965305388-1001\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\...\StartupApproved\Run: => "Amazon Music"
HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\...\StartupApproved\Run: => "MiPhoneManager"
HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\...\StartupApproved\Run: => "Amazon Music Helper"
HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\...\StartupApproved\Run: => "Skype for Desktop"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{35C567F3-7CF1-40E9-89A3-31DB2F0F22D4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe (Firaxis Games)
FirewallRules: [{9B1CDE4D-46BB-40BD-ACCA-1FCC1DA7C2E8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe (Firaxis Games)
FirewallRules: [{4B85539D-04FF-4373-8389-93A64883293D}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe (Raptr, Inc)
FirewallRules: [{08A0A7E9-A27F-4F88-9DE1-DA2A2948CF9D}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe (Raptr, Inc)
FirewallRules: [{C2928E61-ADCE-4603-BEA9-986A8C202ED1}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe (Raptr, Inc)
FirewallRules: [{A3CC7995-FBBB-4162-8F12-F10A0FA8B125}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe (Raptr, Inc)
FirewallRules: [{46376749-B120-44FC-913A-EA065B71DD23}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Factorio\bin\x64\factorio.exe (Wube Software)
FirewallRules: [{849B267E-F9A0-47B1-87B7-21817D77BA4B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Factorio\bin\x64\factorio.exe (Wube Software)
FirewallRules: [{5BE81491-6998-4C34-9E64-EF92A27F2ADF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stardew Valley\Stardew Valley.exe (ConcernedApe)
FirewallRules: [{6FDF3ACA-8CF0-41E7-9DB0-4D0D7A397044}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stardew Valley\Stardew Valley.exe (ConcernedApe)
FirewallRules: [{A6BCAB39-747D-4D57-B164-8D599C351E6B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Europa Universalis IV\eu4.exe (Paradox Interactive)
FirewallRules: [{4F3ED3C0-90D8-4AC7-B724-675218A3923D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Europa Universalis IV\eu4.exe (Paradox Interactive)
FirewallRules: [{CA34D051-FD94-49C8-A2F4-DE0BA452C4EF}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts Inc.)
FirewallRules: [{8CD08CC4-BBA5-4A01-B924-65203713203D}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts Inc.)
FirewallRules: [{7BCA1CD4-A960-408A-A410-9AC94575425F}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe (Electronic Arts Inc.)
FirewallRules: [{D0EF42A2-2798-4C49-B1BE-144C457E88D6}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe (Electronic Arts Inc.)
FirewallRules: [UDP Query User{8EE7D225-6D80-4194-89DF-A150FFD5999E}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games)
FirewallRules: [TCP Query User{6F8569D3-D981-4D79-8C6A-095D5087F3AE}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games)
FirewallRules: [{B80B4D8F-E2F9-4DA4-8AAA-6EBFA82632F1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe (Rockstar Games)
FirewallRules: [{A9A4CEDD-0AC2-447B-988D-4B69A57B0875}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe (Rockstar Games)
FirewallRules: [{D5F5886E-1899-437F-8B87-DC8F9D3B8A66}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe (Kalloc Studios)
FirewallRules: [{E765B512-B8D4-4104-A0CD-F848EB1F6DA4}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe (Kalloc Studios)
FirewallRules: [{A7D7F089-AB99-4C55-AEA5-CBA6C2D2BC99}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V SDK\Sid Meier's Civilization V SDK.exe (Firaxis Games)
FirewallRules: [{A0F4EDE8-C2A9-4FE9-9291-A988196EA9CE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V SDK\Sid Meier's Civilization V SDK.exe (Firaxis Games)
FirewallRules: [{5180F337-DD43-4415-871B-8C980D3AEF16}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
FirewallRules: [{A0F27069-F03B-4121-A36A-D74A7E0678EC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
FirewallRules: [{2ABF4180-E2A2-40A2-B47D-B1054A159443}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{C0313060-1A1C-4784-BF6B-80A220C87559}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{98568E65-842B-4371-BE3E-DFEA03E61D8C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Rollercoaster Tycoon 2\rct2.exe ()
FirewallRules: [{69F3A20E-317C-4DB0-B9FB-B988F9374BA8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Rollercoaster Tycoon 2\rct2.exe ()
FirewallRules: [UDP Query User{59C4E3E5-70FC-4AEE-99B6-C815A020DB5D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [TCP Query User{69B1CE15-78E9-4353-8539-86F7BC0C889B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{BF91454A-EDE4-42FB-A813-1AA3F41B586F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{2EC79FDE-76CE-4DE0-AEB6-D2758D7E951D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{6AC96074-B814-45A7-8905-8A995EC46A28}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Majesty 2 Collection\M2Editor.exe (Paradox Interactive)
FirewallRules: [{E27A6668-454C-429D-916C-E0CFBAFDA894}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Majesty 2 Collection\M2Editor.exe (Paradox Interactive)
FirewallRules: [{B4DBA89C-B59C-423C-B142-8AC74987D6B2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Majesty 2 Collection\majesty2.exe (Paradox Interactive)
FirewallRules: [{C5892ABF-05F1-4857-8FC6-424ED98D75D3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Majesty 2 Collection\majesty2.exe (Paradox Interactive)
FirewallRules: [{8A48104C-352A-4FC2-932E-6595BD3EAEE5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe (Firaxis Games)
FirewallRules: [{49B1A5F7-94FE-434A-B558-65C879448A03}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe (Firaxis Games)
FirewallRules: [{794C7B5F-CA7E-439A-A8AB-297DE4708F81}] => (Allow) C:\games\world_of_tanks\wotlauncher.exe (Wargaming.net)
FirewallRules: [{36A68294-606C-46AA-AB53-89EDFBDA3963}] => (Allow) C:\games\world_of_tanks\wotlauncher.exe (Wargaming.net)
FirewallRules: [{1ED55816-E41F-43C2-A22E-A5DB1401E3C4}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe (Electronic Arts Inc.)
FirewallRules: [{A8E8F4B9-DE35-47B8-BF7A-117C10B2A801}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe (Electronic Arts Inc.)
FirewallRules: [UDP Query User{5F33D9D7-60F2-4E22-BA1C-59C61822D158}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe (Wargaming.net)
FirewallRules: [TCP Query User{9DD4BE5B-DDFE-4751-9C8D-4600C40EB6B7}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe (Wargaming.net)
FirewallRules: [UDP Query User{EC323057-C2D8-4165-A426-859EBE0B2BD2}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe (Wargaming.net)
FirewallRules: [TCP Query User{9C6801B4-699A-4C80-9B46-1F1A4C557CCA}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe (Wargaming.net)
FirewallRules: [{517AB619-62F3-434E-A709-902C2C445003}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe ()
FirewallRules: [{7C40BB27-9C05-4F72-81EF-630C8B223C0A}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe ()
FirewallRules: [UDP Query User{F6B506EB-3A67-4737-BA6F-15CD1F43D00F}C:\users\fee-jonas\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe] => (Allow) C:\users\fee-jonas\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe (深圳市迅雷网络技术有限公司)
FirewallRules: [TCP Query User{62067B4F-63AC-4156-A3D8-0225F927DB27}C:\users\fee-jonas\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe] => (Allow) C:\users\fee-jonas\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe (深圳市迅雷网络技术有限公司)
FirewallRules: [UDP Query User{2ADE8DB1-A6F0-4374-A72D-AF49ED685818}C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe (Firaxis Games)
FirewallRules: [TCP Query User{97AE8AB3-0709-41C0-8AD1-3A7B11AEE071}C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe (Firaxis Games)
FirewallRules: [{12011AD8-3027-435F-B83E-42523A317F08}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Broken Sword 5\BS5.exe ()
FirewallRules: [{86B3EE9D-0FCA-448C-AFDC-B3A4E33C7EAB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Broken Sword 5\BS5.exe ()
FirewallRules: [{D04ECCE2-6300-4D86-9275-1791D9A16909}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Child of Light\ChildofLight.exe (Ubisoft Entertainment)
FirewallRules: [{FA4B3C7E-175D-406D-9583-63958ED4058A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Child of Light\ChildofLight.exe (Ubisoft Entertainment)
FirewallRules: [{2B07A67C-93A1-4DA9-8742-FF7C90630F69}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Child of Light\ChildofLight.exe (Ubisoft Entertainment)
FirewallRules: [{8F60659D-F648-40C0-A6C5-3CC6AF18E177}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Child of Light\ChildofLight.exe (Ubisoft Entertainment)
FirewallRules: [{E8903BD4-DFC3-4C44-858A-5865B03C32C8}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe (Blizzard Entertainment)
FirewallRules: [{3505F9AC-29FF-4E02-837C-39F54416209A}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe (Blizzard Entertainment)
FirewallRules: [{0158AC7C-B0D4-4980-94BC-C99D3702A9B7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe (Blizzard Entertainment)
FirewallRules: [{5B7FC0E3-EF69-4777-A798-B3D0B8145BC7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe (Blizzard Entertainment)
FirewallRules: [{8B957F90-B01B-4CC1-B5F1-00B970A6CFA4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Banished\Application-steam-x64.exe ()
FirewallRules: [{1F872B3F-64D8-4603-89FB-6DE719E229D3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Banished\Application-steam-x64.exe ()
FirewallRules: [{95F6C533-BDD7-421A-8EE1-D0EF09320BB1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization III Complete\Conquests\Civ3Conquests.exe (© 2001-2004 Atari Inc.)
FirewallRules: [{D8391D95-77BC-4DE2-9AFE-DAED847D81D0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization III Complete\Conquests\Civ3Conquests.exe (© 2001-2004 Atari Inc.)
FirewallRules: [{E6E5D0E1-D522-4C4D-8D3F-572BA8A1EA23}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
FirewallRules: [{7BA32A37-35FE-4F92-AC54-DAF315441905}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
FirewallRules: [{77F6D77A-57E6-40F6-B43D-396572877D5F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Patrician III\Patrician3.exe ()
FirewallRules: [{8598849B-5692-44B1-A535-78F06DDC5860}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Patrician III\Patrician3.exe ()
FirewallRules: [{A51980E4-8EB7-48B8-8208-DFAC17790DCD}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
FirewallRules: [{A4903764-3E0B-4A45-9C36-11AC0DE3B404}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider\TombRaider.exe (Square Enix)
FirewallRules: [{F92D22E8-AE53-4965-BC69-5570AC7C2FAA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider\TombRaider.exe (Square Enix)
FirewallRules: [{6AAF5026-9A11-4C48-8370-F8A708A44D3E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider\TombRaider.exe (Square Enix)
FirewallRules: [{B27EB7EF-70C9-4B86-8276-35C629484CA5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider\TombRaider.exe (Square Enix)
FirewallRules: [{EE6DC100-0555-4055-A6EC-A0752D917554}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
FirewallRules: [{5090822F-3D48-4AC5-9A5D-BC5B831936D8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
FirewallRules: [{5E730218-813F-4B82-8E0E-900A04DD231E}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 2070\InitEngine.exe ()
FirewallRules: [{6FB6B92F-C350-4951-A646-104C0C9806EF}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 2070\InitEngine.exe ()
FirewallRules: [{0497AD3F-437A-46D0-8F64-48F16D32BBF6}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 2070\AutoPatcher.exe (Related Designs Software)
FirewallRules: [{E9AB5ACC-F372-4DB8-BC37-C9FBE8FE29E3}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 2070\AutoPatcher.exe (Related Designs Software)
FirewallRules: [{D80FB71C-8FE3-44EF-9CBA-B2CF84A4CAA2}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 2070\Anno5.exe (Related Designs)
FirewallRules: [{0B311919-FB5F-418A-A7DA-90EB39A09F3E}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 2070\Anno5.exe (Related Designs)
FirewallRules: [{0440C23E-D2C1-4385-B451-C04B6DDC151E}] => (Allow) C:\Program Files (x86)\Origin Games\Leisure Suit Larry Reloaded\LarryReloaded.exe ()
FirewallRules: [{9807388E-9413-418A-8A48-49EB01F77C2C}] => (Allow) C:\Program Files (x86)\Origin Games\Leisure Suit Larry Reloaded\LarryReloaded.exe ()
FirewallRules: [{9EB501F7-35E2-41DE-9D76-EDB765F71D72}] => (Allow) C:\Program Files\Microsoft Lync\UcMapi64.exe (Microsoft Corporation)
FirewallRules: [{1197133B-F0B3-43D7-A0AF-629699D2E30C}] => (Allow) C:\Program Files (x86)\Microsoft Lync\UcMapi.exe (Microsoft Corporation)
FirewallRules: [{B20E9C77-03EC-4606-82FE-557F147B2B68}] => (Allow) C:\Program Files (x86)\Microsoft Lync\communicator.exe (Microsoft Corporation)
FirewallRules: [{C1EADE61-F16F-4408-985E-1BEF2E829F3F}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe Keine Datei
FirewallRules: [{0EC2D455-E54A-4BCF-B47F-B38EE2DF3AA0}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe Keine Datei
FirewallRules: [{964592D3-7FD3-407B-BA6A-6417032DC3F1}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe (Blizzard Entertainment)
FirewallRules: [{D1F23160-5444-4D0C-A107-142709C0BF5A}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe (Blizzard Entertainment)
FirewallRules: [{3D8B7995-AC56-4231-B0BE-5E471B8CD67D}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe ()
FirewallRules: [{88A5029B-7699-4C8A-B5A6-1B325BF94EA1}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe ()
FirewallRules: [{CF5B8186-E0F9-48D8-92AE-022EBC68D5E6}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe (Blizzard Entertainment)
FirewallRules: [{49D218F6-2711-4B0F-BC6A-FE39852EE275}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe (Blizzard Entertainment)
FirewallRules: [{C6A2CE4C-4209-4BD0-9CF2-7FD805EA79B0}] => (Allow) C:\Program Files (x86)\Ubisoft\Die Siedler 7\Data\Base\_Dbg\Bin\Release\Settlers7R.exe (Blue Byte GmbH)
FirewallRules: [{475BA0BD-7941-48AF-9268-78013566E689}] => (Allow) C:\Program Files (x86)\Ubisoft\Die Siedler 7\Data\Base\_Dbg\Bin\Release\Settlers7R.exe (Blue Byte GmbH)
FirewallRules: [{450F3EB1-77B8-4087-8ADF-468FA4568D35}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe (Ubisoft)
FirewallRules: [{A66BDF75-89AA-4C2C-ADEE-175A5319D3DA}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe (Ubisoft)
FirewallRules: [TCP Query User{A62A1FB7-6398-4CF6-B776-80EF377ED3CB}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe (Wargaming.net)
FirewallRules: [UDP Query User{4B0D32E9-D3CA-49A8-BB6C-6DCC50A61A07}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe (Wargaming.net)
FirewallRules: [{3E83A775-1350-4BB1-98C3-FEA43746BEEC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation)
FirewallRules: [{07790045-0A6F-4450-B2BD-297C9E3807C3}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation)
FirewallRules: [{5F869C59-C40F-4BDA-A0D4-93B250BF4BA2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stronghold Crusader 2\bin\win32_release\Crusader2.exe ()
FirewallRules: [{67EBC907-1667-4BDD-8847-C092E27276D2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stronghold Crusader 2\bin\win32_release\Crusader2.exe ()
FirewallRules: [{D8940C63-C63D-4053-BD0C-B2F496484620}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stronghold 2\Stronghold2.exe (Firefly Studios)
FirewallRules: [{9A44F270-2F93-47F4-B134-630F6FCAE0F2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stronghold 2\Stronghold2.exe (Firefly Studios)
FirewallRules: [{79904BBE-E3DC-427B-8EF6-87DE6DDED3EA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry Primal\bin\FCPrimal.exe (Ubisoft Entertainment)
FirewallRules: [{971D8AA2-1646-4F03-9E5A-A4CA31D1B230}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry Primal\bin\FCPrimal.exe (Ubisoft Entertainment)
FirewallRules: [{5CEAAD65-E997-42CD-80EB-9F99CFA18863}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kerbal Space Program\KSP_x64.exe ()
FirewallRules: [{7D0B70A0-4B8F-450C-B262-5D435DC3ED77}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kerbal Space Program\KSP_x64.exe ()
FirewallRules: [{1BD335CB-ADCA-4D32-B508-952C8DFFDFCF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Civilization IV Colonization\Colonization.exe (Firaxis Games)
FirewallRules: [{7E9AC2C7-830A-4EFC-83EE-331ADFC2A662}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Civilization IV Colonization\Colonization.exe (Firaxis Games)
FirewallRules: [{576801E8-57B8-458E-8C3F-BA205ECE33B8}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.607\SZBrowser.exe (Avast Software)
FirewallRules: [{89E26E6C-8F42-4BAB-962F-5CA2D24B4DFC}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe (Electronic Arts Inc.)
FirewallRules: [{F6A6A599-8DC2-4FBA-91C1-BFCD7AB7908E}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe (Electronic Arts Inc.)
FirewallRules: [TCP Query User{B2D35378-B363-40C7-8F76-8404D0BEC10A}C:\users\fee-jonas\appdata\local\amazon music\amazon music helper.exe] => (Block) C:\users\fee-jonas\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC)
FirewallRules: [UDP Query User{02B22BAA-7FD4-41B0-B573-65DF8AF6AC31}C:\users\fee-jonas\appdata\local\amazon music\amazon music helper.exe] => (Block) C:\users\fee-jonas\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC)
FirewallRules: [{CE356DD3-D434-4881-89D4-A0415812E92A}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe (Raptr, Inc)
FirewallRules: [{F890B59A-B5DB-46FE-A778-DE094CB5219B}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe (Raptr, Inc)
FirewallRules: [{5C03D892-6E13-4D58-88EE-528FEFDD4DF3}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe (Raptr, Inc)
FirewallRules: [{787A07C5-957C-4DA5-9382-1C5BFF442268}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe (Raptr, Inc)
FirewallRules: [{233FEF99-71E6-48C4-A57E-1B04FD007005}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red)
FirewallRules: [{5B5EEE6C-7D60-46EB-A19F-07BE6E711DA2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red)
FirewallRules: [{627FE93D-D85B-4C17-A8ED-9F587F3475A6}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe (Avast Software)
FirewallRules: [TCP Query User{3FE76B17-EB49-40B9-9B95-7F2B9DC5FD2E}C:\program files\microsoft office\office14\groove.exe] => (Block) C:\program files\microsoft office\office14\groove.exe (Microsoft Corporation)
FirewallRules: [UDP Query User{183A6812-BB55-4F78-B970-55E2F6129711}C:\program files\microsoft office\office14\groove.exe] => (Block) C:\program files\microsoft office\office14\groove.exe (Microsoft Corporation)
FirewallRules: [{E9E564C7-C8D5-401D-B2E1-36B793E541E1}] => (Allow) C:\Program Files (x86)\Origin Games\Theme Hospital\data\Game\DOSBox\EALaunchHelper.exe (Electronic Arts)
FirewallRules: [{BD4E96EF-7BC4-441B-B688-A43BF88300F9}] => (Allow) C:\Program Files (x86)\Origin Games\Theme Hospital\data\Game\DOSBox\EALaunchHelper.exe (Electronic Arts)
FirewallRules: [{062E6668-167E-4D09-92E2-F774E7E6D4CF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stronghold 2\FFLauncher.exe ()
FirewallRules: [{19646928-DAF0-4C64-AE05-39D2F310001F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stronghold 2\FFLauncher.exe ()
FirewallRules: [{8AF8A76F-BB04-450A-9465-469C710AC4A9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry Primal\bin\FCPrimal.exe (Ubisoft Entertainment)
FirewallRules: [{C3C1F866-4FDF-4B32-82CC-D6CE69FFB248}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry Primal\bin\FCPrimal.exe (Ubisoft Entertainment)
FirewallRules: [TCP Query User{30584249-A8FA-4226-AC69-2A4201FCEFC2}C:\users\fee-jonas\appdata\local\amazon music\amazon music helper.exe] => (Block) C:\users\fee-jonas\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC)
FirewallRules: [UDP Query User{E9ABB7B3-6642-45EB-B7CE-21FB2B16BB37}C:\users\fee-jonas\appdata\local\amazon music\amazon music helper.exe] => (Block) C:\users\fee-jonas\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC)
FirewallRules: [{D0ADA9D1-C122-47B6-B722-04184A6F7693}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cities_Skylines\Cities.exe ()
FirewallRules: [{93F522B6-50AB-4D3B-8E0C-4E03C4B666C2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cities_Skylines\Cities.exe ()
FirewallRules: [{73456120-CDD1-42EE-9BB0-BF6709711378}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Industry Giant 2\ig2_AddOn.exe (United Independent Entertainment GmbH)
FirewallRules: [{03F75FA7-2091-4580-97C8-80C7BFB27DB8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Industry Giant 2\ig2_AddOn.exe (United Independent Entertainment GmbH)
FirewallRules: [{10E28A7E-6051-4614-95AA-1A5EAD2C163B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\XCOM 2\Binaries\Win64\Launcher\ModLauncherWPF.exe (Microsoft)
FirewallRules: [{E0EA1A40-EF6A-461C-90DD-B368A4D8D4A2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\XCOM 2\Binaries\Win64\Launcher\ModLauncherWPF.exe (Microsoft)
FirewallRules: [TCP Query User{B29151AA-2AEA-41BD-AAB4-966FCD3D83D9}C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe (Firaxis Games)
FirewallRules: [UDP Query User{F2731B3F-E518-4C9F-8538-5A31E862C352}C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe (Firaxis Games)
FirewallRules: [{76320721-FC08-431C-AF44-2D5C9323F61A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Factorio\bin\x64\factorio.exe (Wube Software)
FirewallRules: [{E120D092-D08A-4DAE-9ADA-46BC0384CA75}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Factorio\bin\x64\factorio.exe (Wube Software)
FirewallRules: [{6816B626-A16A-4562-B930-8EFD43484AF5}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe (Electronic Arts Inc.)
FirewallRules: [{E08FE17A-1A37-4F6F-B59E-A9BCEA24A41C}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe (Electronic Arts Inc.)
FirewallRules: [{B8CC5228-73D5-4F19-9249-E95F336DAB1E}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts Inc.)
FirewallRules: [{19B5E915-9B64-4C59-ACE5-7731A9E33E49}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts Inc.)
FirewallRules: [{C4EE90AA-431D-4ABE-ADF6-BA6C89D723D0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe (Firaxis Games)
FirewallRules: [{B88C9348-0BF0-4B9C-874C-347987BEA66A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe (Firaxis Games)
FirewallRules: [{3EEF874E-2AA2-4B37-A6A8-5AAE1F2251A4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe (Firaxis Games)
FirewallRules: [{AECEE5ED-8F87-434F-8356-C2ACFA6F0B51}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe (Firaxis Games)
FirewallRules: [TCP Query User{44994FA2-6831-4594-AA9E-031D4A03BB8A}C:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe] => (Allow) C:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe (Blue Byte GmbH)
FirewallRules: [UDP Query User{9293AADF-43E1-4D71-9FB0-88247235307D}C:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe] => (Allow) C:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe (Blue Byte GmbH)
FirewallRules: [{A215A324-37FF-4595-996D-1348A8FEC10E}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
FirewallRules: [{E32948F0-4FAD-4704-B9AA-C7BA6B1142E3}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
FirewallRules: [{3B764539-BF20-4835-A39E-598AF9CEF614}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hearts of Iron IV\hoi4.exe (Paradox Interactive)
FirewallRules: [{A853CB92-E45C-46B8-A6D6-EB21004E08EB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hearts of Iron IV\hoi4.exe (Paradox Interactive)
FirewallRules: [{58C31393-E9DF-43D0-83FA-2DC53CB24324}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Technologies S.A.)
FirewallRules: [{14F66FEA-611F-49B1-957B-3F7353E1C26D}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Technologies S.A.)
FirewallRules: [{F0E7DB56-AD76-4858-9069-06D0FF5B387E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe ()
FirewallRules: [{2EF7B2EA-1A8D-49D6-9EC0-C5F5C2E8BE2D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe ()
FirewallRules: [{F3657BD6-5E02-4A9B-AAFB-8BC8A5485B06}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe ()
FirewallRules: [{70F4E1CE-8B97-47D0-BA3F-181AB0098393}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe ()
FirewallRules: [{DE4AB790-4C40-4417-98AE-F8FA9164A0C8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Crusader Kings II\CK2game.exe (Paradox Interactive)
FirewallRules: [{3D136507-38B0-4AAA-9675-8B60E3A49C03}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Crusader Kings II\CK2game.exe (Paradox Interactive)
FirewallRules: [{DFCF60D1-B8D5-4B8E-B0AE-20A68292D725}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software)
FirewallRules: [{74869600-35E5-4379-A1D6-3CD72BB9C925}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software)
FirewallRules: [{8DE35911-A6FC-4EA2-997B-5071F5BE7E98}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software)

==================== Wiederherstellungspunkte =========================

13-12-2018 14:26:13 Windows Update
16-12-2018 17:59:56 Installiert WISO steuer:Sparbuch 2019
20-12-2018 14:36:14 Windows Update
03-01-2019 23:38:34 Windows Update

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (01/03/2019 11:40:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Steam.exe, Version 4.83.53.91 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 980

Startzeit: 01d4a3b2ea85c727

Endzeit: 15

Anwendungspfad: C:\Program Files (x86)\Steam\Steam.exe

Berichts-ID: 91353099-0fa8-11e9-8132-bc5ff47694e7

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (01/03/2019 11:38:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (01/03/2019 11:14:09 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2118-12-10T22:14:09Z. Fehlercode: 0x80040154.

Error: (01/03/2019 11:13:39 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2118-12-10T22:13:39Z. Fehlercode: 0x80040154.

Error: (01/03/2019 11:13:09 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2118-12-10T22:13:09Z. Fehlercode: 0x80040154.

Error: (01/03/2019 11:12:39 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2118-12-10T22:12:39Z. Fehlercode: 0x80040154.

Error: (01/03/2019 11:12:09 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2118-12-10T22:12:09Z. Fehlercode: 0x80040154.

Error: (01/03/2019 11:11:39 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2118-12-10T22:11:39Z. Fehlercode: 0x80040154.


Systemfehler:
=============
Error: (01/04/2019 11:29:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AppEx Networks Accelerator LWF" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.

Error: (01/04/2019 11:28:05 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (01/04/2019 11:10:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AppEx Networks Accelerator LWF" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.

Error: (01/04/2019 11:08:48 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (01/04/2019 11:08:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ACP User Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/04/2019 11:08:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Steam Client Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/04/2019 11:08:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Microsoft Device Health Machine Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/04/2019 11:08:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Windows Defender:
===================================
Date: 2013-03-08 12:48:06.137
Description:
Die Windows Defender-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {CE77E50C-6F4F-4C63-B1C2-181706E9A2C7}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM

Date: 2013-02-02 17:16:31.827
Description:
Die Windows Defender-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {6D0A8998-6BEF-48F9-A25D-8B839C367F24}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM

Date: 2013-01-05 00:12:33.150
Description:
Die Windows Defender-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {02CC17D8-2F71-49EB-8574-410B230987B5}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM

Date: 2016-10-07 16:44:03.697
Description:
Fehler von Windows Defender beim Laden von Signaturen. Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen.
Betroffene Signaturen: Sicherung
Fehlercode: 0x80073aba
Fehlerbeschreibung: Die Ressource ist zu alt und daher nicht mehr kompatibel.
Signaturversion: 1.147.1246.0;1.147.1246.0
Modulversion: 1.1.9302.0

Date: 2016-10-07 16:44:01.825
Description:
Fehler von Windows Defender beim Laden von Signaturen. Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen.
Betroffene Signaturen: Aktuell
Fehlercode: 0x80073aba
Fehlerbeschreibung: Die Ressource ist zu alt und daher nicht mehr kompatibel.
Signaturversion: 1.147.1631.0;1.147.1631.0
Modulversion: 1.1.9302.0

Date: 2013-04-11 21:40:15.013
Description:
Fehler von Windows Defender beim Aktualisieren von Signaturen.
Neue Signaturversion:
Vorherige Signaturversion: 1.147.1246.0
Updatequelle: Microsoft Update-Server
Signaturtyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion:
Vorherige Modulversion: 1.1.9302.0
Fehlercode: 0x80240016
Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie unter "Hilfe und Support".

Date: 2013-04-11 21:40:15.013
Description:
Fehler von Windows Defender beim Aktualisieren von Signaturen.
Neue Signaturversion:
Vorherige Signaturversion: 1.147.1246.0
Updatequelle: Microsoft Update-Server
Signaturtyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion:
Vorherige Modulversion: 1.1.9302.0
Fehlercode: 0x80240016
Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie unter "Hilfe und Support".

Date: 2013-04-11 21:40:15.013
Description:
Fehler von Windows Defender beim Aktualisieren von Signaturen.
Neue Signaturversion:
Vorherige Signaturversion: 1.147.1246.0
Updatequelle: Microsoft Update-Server
Signaturtyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion:
Vorherige Modulversion: 1.1.9302.0
Fehlercode: 0x80240016
Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie unter "Hilfe und Support".

==================== Speicherinformationen ===========================

Prozessor: AMD A10-5800K APU with Radeon(tm) HD Graphics
Prozentuale Nutzung des RAM: 31%
Installierter physikalischer RAM: 8146.26 MB
Verfügbarer physikalischer RAM: 5586.78 MB
Summe virtueller Speicher: 10002.26 MB
Verfügbarer virtueller Speicher: 6692.97 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:1667.7 GB) (Free:912.68 GB) NTFS
Drive d: (Daten) (Fixed) (Total:97.31 GB) (Free:92.59 GB) NTFS

\\?\Volume{95d81160-523f-11e2-be65-806e6f6e6963}\ (System-reserviert) (Fixed) (Total:0.34 GB) (Free:0.29 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: B3AEF03F)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=97.7 GB) - (Type=06)
Partition 4: (Not Active) - (Size=1667.7 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================

M-K-D-B 05.01.2019 12:06
Servus,





Schritt 1
  • Kopiere den gesamten Inhalt der folgenden Code-Box:
    Code:
    Start::
    Hosts: 0.0.0.1        mssplus.mcafee.com
    HKU\S-1-5-21-1220723716-4126832292-3965305388-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    HKU\S-1-5-21-1220723716-4126832292-3965305388-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://startpage.com/
    HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
    SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    SearchScopes: HKU\S-1-5-21-1220723716-4126832292-3965305388-1001 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    SearchScopes: HKU\S-1-5-21-1220723716-4126832292-3965305388-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    SearchScopes: HKU\S-1-5-21-1220723716-4126832292-3965305388-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  Keine Datei
    Toolbar: HKLM - Kein Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  Keine Datei
    R1 {c5e48979-bd7f-4cf7-9b73-2482a67a4f37}w64; C:\WINDOWS\System32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}w64.sys [44688 2014-09-19] (StdLib)
    Task: {68D72534-72E8-46D6-989F-F78C44CED384} - \Microsoft\Windows\Setup\EOSNotify -> Keine Datei <==== ACHTUNG
    CMD: dir "%ProgramFiles%"
    CMD: dir "%ProgramFiles(x86)%"
    CMD: dir "%ProgramData%"
    CMD: dir "%Appdata%"
    CMD: dir "%LocalAppdata%"
    CMD: dir "%CommonProgramFiles(x86)%"
    CMD: dir "%CommonProgramW6432%"
    CMD: dir "%UserProfile%"
    CMD: dir "C:\"
    CMD: dir "%systemprofile%\users"
    CMD: dir /AH "%SYSTEMDRIVE%\users"
    ExportKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions
    CMD: ipconfig /flushdns
    CMD: netsh winsock reset
    RemoveProxy:
    EmptyTemp:
    End::
  • Starte nun FRST und klicke direkt den Entfernen Button. Wichtig: Du brauchst den Inhalt der Code-Box nirgends einfügen, da sich FRST den Code aus der Zwischenablage holt!
  • Das Tool führt die gewünschten Schritte aus und erstellt eine fixlog.txt im selben Verzeichnis, in dem sich die FRST/FRST64.exe befindet.
  • Gegebenenfalls muss dein Rechner dafür neu gestartet werden.
  • Poste mir den Inhalt der fixlog.txt mit deiner nächsten Antwort.







Schritt 2
  • Starte FRST erneut. Kopiere den Inhalt der folgenden Code-Box oben in das Suchfeld:
    Code:
    SearchAll: AskPartnerNetwork;Astromenda;ClearThink;FreeDriverScout;SimplyTech;SoftwareUpdater;Systweak;LavasoftTcpService;InstallCore;astrmndant
  • Klicke auf den Button Datei-Suche.
  • FRST beginnt mit dem Suchlauf. Dieser kann einige Zeit dauern, bitte gedulde dich!
  • Am Ende wird eine Textdatei Search.txt erstellt.
  • Poste mir deren Inhalt mit deiner nächsten Antwort.







Schritt 3
  • Starte die FRST.exe erneut. Vergewissere dich, dass vor Addition.txt ein Haken gesetzt ist und drücke auf Untersuchen.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.







Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix (fixlog.txt),
  • die Logdatei des FRST-Suchlaufs (Search.txt),
  • die beiden neuen Logdateien von FRST (FRST.txt und Addition.txt).

dirk_92 05.01.2019 15:10
Uodate
 
Hallo Matthias, danke Dir für die Hilfe bis jetzt!
Ein Gutes hat unsere Aufräumaktion schon: Factorio Multiplayer geht wieder... :-)

Hier die Updates zu Deinen Vorschlägen:

1) die fixlog.txt
Code:
Entfernungsergebnis von Farbar Recovery Scan Tool (x64) Version: 01.01.2019
durchgeführt von Admin (05-01-2019 14:23:46) Run:1
Gestartet von C:\Users\Admin\Desktop
Geladene Profile: Admin & Fee-Jonas & Dirk (Verfügbare Profile: Admin & Fee-Jonas & Dirk)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
Hosts: 0.0.0.1        mssplus.mcafee.com
HKU\S-1-5-21-1220723716-4126832292-3965305388-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-1220723716-4126832292-3965305388-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://startpage.com/
HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKLM-x32 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-1220723716-4126832292-3965305388-1001 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-1220723716-4126832292-3965305388-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-1220723716-4126832292-3965305388-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  Keine Datei
Toolbar: HKLM - Kein Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  Keine Datei
R1 {c5e48979-bd7f-4cf7-9b73-2482a67a4f37}w64; C:\WINDOWS\System32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}w64.sys [44688 2014-09-19] (StdLib)
Task: {68D72534-72E8-46D6-989F-F78C44CED384} - \Microsoft\Windows\Setup\EOSNotify -> Keine Datei <==== ACHTUNG
CMD: dir "%ProgramFiles%"
CMD: dir "%ProgramFiles(x86)%"
CMD: dir "%ProgramData%"
CMD: dir "%Appdata%"
CMD: dir "%LocalAppdata%"
CMD: dir "%CommonProgramFiles(x86)%"
CMD: dir "%CommonProgramW6432%"
CMD: dir "%UserProfile%"
CMD: dir "C:\"
CMD: dir "%systemprofile%\users"
CMD: dir /AH "%SYSTEMDRIVE%\users"
ExportKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions
CMD: ipconfig /flushdns
CMD: netsh winsock reset
RemoveProxy:
EmptyTemp:

*****************

C:\Windows\System32\Drivers\etc\hosts => erfolgreich verschoben
Hosts erfolgreich wiederhergestellt.
HKU\S-1-5-21-1220723716-4126832292-3965305388-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => Wert erfolgreich wiederhergestellt
HKU\S-1-5-21-1220723716-4126832292-3965305388-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => Wert erfolgreich wiederhergestellt
HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\Software\Microsoft\Internet Explorer\Main\\Start Page => Wert erfolgreich wiederhergestellt
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} => erfolgreich entfernt
HKLM\Software\Classes\CLSID\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} => nicht gefunden
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wert erfolgreich wiederhergestellt
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5} => erfolgreich entfernt
HKLM\Software\Wow6432Node\Classes\CLSID\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5} => nicht gefunden
"HKU\S-1-5-21-1220723716-4126832292-3965305388-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => erfolgreich entfernt
HKU\S-1-5-21-1220723716-4126832292-3965305388-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5} => erfolgreich entfernt
HKLM\Software\Classes\CLSID\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5} => nicht gefunden
"HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => erfolgreich entfernt
HKLM\Software\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => erfolgreich entfernt
HKLM\Software\Classes\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => nicht gefunden
{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}w64 => Dienst nicht gefunden.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{68D72534-72E8-46D6-989F-F78C44CED384}" => erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68D72534-72E8-46D6-989F-F78C44CED384}" => erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\EOSNotify" => erfolgreich entfernt

========= dir "%ProgramFiles%" =========

 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 5073-77D9

 Verzeichnis von C:\Program Files

04.01.2019  23:16    <DIR>          .
04.01.2019  23:16    <DIR>          ..
22.08.2014  16:22    <DIR>          7-Zip
25.10.2016  21:32    <DIR>          AMD
28.03.2016  23:41    <DIR>          AVAST Software
10.09.2018  14:44    <DIR>          CCleaner
08.12.2017  18:43    <DIR>          Common Files
28.08.2013  00:15    <DIR>          Covus Freemium
25.09.2016  13:48    <DIR>          DIFX
15.04.2013  15:59    <DIR>          Ghostgum
15.04.2013  15:55    <DIR>          gs
20.11.2018  00:44    <DIR>          Internet Explorer
19.05.2018  12:58    <DIR>          KeyboardNotification
04.01.2019  23:16    <DIR>          Malwarebytes
13.12.2018  11:42    <DIR>          McAfee Security Scan
15.04.2013  16:28    <DIR>          Microsoft Analysis Services
12.09.2017  20:46    <DIR>          Microsoft Lync
15.04.2013  16:31    <DIR>          Microsoft Office
17.06.2017  17:00    <DIR>          Microsoft Silverlight
15.04.2013  16:31    <DIR>          Microsoft SQL Server Compact Edition
15.04.2013  16:31    <DIR>          Microsoft Sync Framework
15.04.2013  16:31    <DIR>          Microsoft Synchronization Services
24.10.2016  22:18    <DIR>          MSBuild
30.04.2013  18:45    <DIR>          PDF Split And Merge Basic
24.10.2016  22:18    <DIR>          Reference Assemblies
07.10.2015  11:07    <DIR>          ReviverSoft
18.12.2015  11:02    <DIR>          Rockstar Games
01.02.2013  19:29    <DIR>          s3pe
15.04.2013  16:59    <DIR>          TeXnicCenter
14.04.2017  23:17    <DIR>          Windows Defender
24.10.2016  22:21    <DIR>          Windows Journal
24.10.2016  22:25    <DIR>          Windows Mail
15.10.2018  22:49    <DIR>          Windows Media Player
21.11.2014  12:08    <DIR>          Windows Multimedia Platform
24.10.2016  22:38    <DIR>          Windows NT
24.10.2016  22:25    <DIR>          Windows Photo Viewer
21.11.2014  12:08    <DIR>          Windows Portable Devices
21.11.2014  12:07    <DIR>          WindowsPowerShell
11.01.2015  20:33    <DIR>          WinRAR
              0 Datei(en),              0 Bytes
              39 Verzeichnis(se), 986.665.340.928 Bytes frei

========= Ende von CMD: =========


========= dir "%ProgramFiles(x86)%" =========

 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 5073-77D9

 Verzeichnis von C:\Program Files (x86)

04.01.2019  23:37    <DIR>          .
04.01.2019  23:37    <DIR>          ..
15.04.2013  16:02    <DIR>          Adobe
25.10.2016  21:20    <DIR>          AMD
22.08.2015  17:04    <DIR>          Atari
04.01.2019  23:37    <DIR>          AVAST Software
03.02.2016  10:48    <DIR>          Battle.net
24.06.2013  19:49    <DIR>          Cisco
25.10.2016  19:50    <DIR>          Common Files
28.11.2015  12:07    <DIR>          Diablo III
10.02.2017  19:09    <DIR>          GameSpy Arcade
25.10.2018  15:39    <DIR>          Google
28.11.2015  10:31    <DIR>          Hearthstone
03.06.2013  14:49    <DIR>          Inkscape
20.11.2018  00:44    <DIR>          Internet Explorer
09.09.2013  22:50    <DIR>          JabRef
22.08.2014  16:22    <DIR>          Java
28.12.2017  17:21    <DIR>          KODAK Create@Home Software (fr dm)
30.09.2018  14:20    <DIR>          Microsoft
15.04.2013  16:28    <DIR>          Microsoft Analysis Services
14.02.2015  07:54    <DIR>          Microsoft Device Health
12.09.2017  20:46    <DIR>          Microsoft Lync
15.04.2013  16:28    <DIR>          Microsoft Office
17.06.2017  17:00    <DIR>          Microsoft Silverlight
15.04.2013  16:39    <DIR>          Microsoft SQL Server
15.04.2013  16:28    <DIR>          Microsoft Visual Studio 8
30.12.2012  13:41    <DIR>          Microsoft WSE
13.03.2016  19:48    <DIR>          Microsoft XNA
24.10.2016  22:21    <DIR>          Microsoft.NET
15.04.2013  15:49    <DIR>          MiKTeX 2.9
16.12.2018  15:18    <DIR>          Mozilla Firefox
16.12.2018  15:18    <DIR>          Mozilla Maintenance Service
24.10.2016  22:24    <DIR>          MSBuild
03.02.2016  22:15    <DIR>          Notepad++
15.04.2013  16:37    <DIR>          OCSetup
18.12.2018  18:47    <DIR>          Origin
03.07.2018  18:04    <DIR>          Origin Games
11.01.2015  12:09    <DIR>          Paradox Interactive
06.03.2016  18:38    <DIR>          Raptr Inc
24.10.2016  22:18    <DIR>          Reference Assemblies
18.12.2015  11:02    <DIR>          Rockstar Games
30.10.2013  17:44    <DIR>          Rovio
29.09.2013  11:45    <DIR>          Rovio Entertainment Ltd
24.10.2016  19:30    <DIR>          Skype
03.06.2013  15:20    <DIR>          SomePDF
28.11.2015  11:22    <DIR>          StarCraft II
05.01.2019  10:50    <DIR>          Steam
10.05.2015  14:55    <DIR>          TeamSpeak 3 Client
22.07.2013  23:32    <DIR>          Ubisoft
02.01.2013  13:42    <DIR>          VideoLAN
25.10.2016  21:21    <DIR>          VulkanRT
28.11.2015  10:25    <DIR>          WestwoodOnline
14.04.2017  23:17    <DIR>          Windows Defender
24.10.2016  22:25    <DIR>          Windows Mail
15.10.2018  22:49    <DIR>          Windows Media Player
21.11.2014  12:07    <DIR>          Windows Multimedia Platform
22.08.2013  16:36    <DIR>          Windows NT
24.10.2016  22:25    <DIR>          Windows Photo Viewer
21.11.2014  12:07    <DIR>          Windows Portable Devices
22.08.2013  16:36    <DIR>          WindowsPowerShell
16.12.2018  18:00    <DIR>          WISO
              0 Datei(en),              0 Bytes
              61 Verzeichnis(se), 986.665.271.296 Bytes frei

========= Ende von CMD: =========
2. Die Suche (search.txt):

Code:
Farbar Recovery Scan Tool (x64) Version: 01.01.2019
durchgeführt von Admin (05-01-2019 14:28:57)
Gestartet von C:\Users\Admin\Desktop
Start-Modus: Normal

================== Datei-Suche: "SearchAll: AskPartnerNetwork;Astromenda;ClearThink;FreeDriverScout;SimplyTech;SoftwareUpdater;Systweak;LavasoftTcpService;InstallCore;astrmndant" =============

Datei:
========
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\SoftwareUpdater.Bootstrapper.exe.log
[2016-10-24 22:40][2019-01-03 23:19] 000001075 _____ () 97EB772D762A3490C7C170282003D29E [Datei ist nicht signiert]

C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\ClearThink.FirstRun.exe.log
[2014-09-14 16:48][2014-09-14 16:48] 000000770 _____ () 3A573D0480991B06E269A3F17CF82605 [Datei ist nicht signiert]

C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\updateClearThink.exe.log
[2014-09-14 16:48][2014-09-14 16:48] 000001249 _____ () 0EF3525958727E02AEB47A9E52A0FA96 [Datei ist nicht signiert]

C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\FreeDriverScout.exe.log
[2013-08-28 00:26][2013-08-28 00:26] 000002369 _____ () F4439D9D29DAA9A98FBCA547603D7C1F [Datei ist nicht signiert]

C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\SoftwareUpdater.Bootstrapper.exe.log
[2013-08-28 00:15][2013-08-28 00:15] 000001148 _____ () EBDDFD9ADFAAAF150885C7A562DE2F87 [Datei ist nicht signiert]

C:\AdwCleaner\Quarantine\v1\20190104.230836\76\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe#0074D3DD1AAC4DC1
[2013-08-16 10:33][2013-12-19 11:34] 000107008 _____ () D1069D5682C123FE4A4F32BD6DC0EDF2 [Datei ist nicht signiert]

C:\AdwCleaner\Quarantine\v1\20190104.230836\76\SoftwareUpdater\SoftwareUpdater.dll#75C7152F99475054
[2013-08-28 00:15][2013-12-18 18:30] 000288256 _____ () 4935AF5FCB0E42D27B37459A49AE968D [Datei ist nicht signiert]

C:\AdwCleaner\Quarantine\v1\20190104.230836\76\SoftwareUpdater\SoftwareUpdater.Ui.exe#A896E2BC9AE5CE00
[2013-08-28 00:15][2013-12-18 18:30] 000909824 _____ () D26FE6176590B80AE75666BCFA6952E5 [Datei ist nicht signiert]

C:\AdwCleaner\Quarantine\v1\20190104.230836\75\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe#0074D3DD1AAC4DC1
[2013-08-28 00:16][2013-12-18 18:31] 000107008 _____ () D1069D5682C123FE4A4F32BD6DC0EDF2 [Datei ist nicht signiert]

C:\AdwCleaner\Quarantine\v1\20190104.230836\64\Astromenda\User Data\Default\Extensions\bagmigcgccdfcdllkfgkdnjkheobmknf\0.3.8_0\app\spots\gallery\images\installCore.svg#EC86512E45863530
[2014-09-14 16:49][2014-09-14 16:49] 000001336 _____ () 1DDD8392524211C0816F2B838E9D2F68 [Datei ist nicht signiert]

C:\AdwCleaner\Quarantine\v1\20190104.230836\6\LavasoftTcpService64.dll#77AEADFED66B0E09
[2015-10-07 11:06][2015-10-07 11:06] 000425744 _____ (Lavasoft Limited) 88A78227691B60F686CD103819AC263B [Datei ist nicht signiert]

C:\AdwCleaner\Quarantine\v1\20190104.230836\42\FreeDriverScout#C797258E15A8CBED
[2013-08-28 00:15][2013-08-28 00:15] 000004102 _____ () 54C0C5DFA19E684C810EC4832D7CBCE7 [Datei ist nicht signiert]


Ordner:
========
2013-08-28 00:15 - 2019-01-04 23:08 _____ C:\AdwCleaner\Quarantine\v1\20190104.230836\83\FreeDriverScout
2013-08-28 00:15 - 2019-01-04 23:08 _____ C:\AdwCleaner\Quarantine\v1\20190104.230836\76\SoftwareUpdater
2013-08-28 00:16 - 2019-01-04 23:08 _____ C:\AdwCleaner\Quarantine\v1\20190104.230836\75\SoftwareUpdater
2019-01-04 21:19 - 2019-01-04 21:19 _____ C:\AdwCleaner\Quarantine\v1\20190104.230836\74\SoftwareUpdater
2019-01-04 21:19 - 2019-01-04 21:19 _____ C:\AdwCleaner\Quarantine\v1\20190104.230836\74\SoftwareUpdater\SoftwareUpdater.Bootstrap_Url_1tz5vfkynq4qnrgo1hrpgv12mzwi5p5b
2014-09-14 16:48 - 2014-09-20 17:23 _____ C:\AdwCleaner\Quarantine\v1\20190104.230836\66\ClearThink
2014-09-14 16:48 - 2014-09-14 16:50 _____ C:\AdwCleaner\Quarantine\v1\20190104.230836\64\Astromenda
2014-02-26 18:22 - 2014-02-26 18:22 _____ C:\AdwCleaner\Quarantine\v1\20190104.230836\60\AskPartnerNetwork
2014-09-14 16:47 - 2014-09-14 16:51 _____ C:\AdwCleaner\Quarantine\v1\20190104.230836\56\Systweak
2013-08-28 00:15 - 2013-08-28 00:15 _____ C:\AdwCleaner\Quarantine\v1\20190104.230836\3\SimplyTech
2013-08-28 00:17 - 2013-08-28 00:17 _____ C:\AdwCleaner\Quarantine\v1\20190104.230836\2\SimplyTech
2014-09-14 16:48 - 2014-09-14 16:48 _____ C:\AdwCleaner\Quarantine\v1\20190104.230836\1\WSE_Astromenda

Registry:
========

===================== Suchergebnis für "AskPartnerNetwork" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AskPartnerNetwork\Toolbar\"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AskPartnerNetwork\"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\"=""

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files (x86)\AskPartnerNetwork\Toolbar\APNSetup.exe"="0x5341435001000000000000000700000028000000D0CB0700730C0800010000000000000000000206002100002EF6C8A3A56ACD0100000000000000000200000028000000000000000000000000000000000000000000000000000000165E0000000000000C0000000C000000"


===================== Suchergebnis für "Astromenda" ==========

[HKEY_USERS\S-1-5-21-1220723716-4126832292-3965305388-1001\Software\Astromenda Browser]

[HKEY_USERS\S-1-5-21-1220723716-4126832292-3965305388-1001\Software\Astromenda Browser]
"UninstallString"="C:\Users\Admin\AppData\Local\Astromenda\Application\31.0.1650.23\Installer\setup.exe"

[HKEY_USERS\S-1-5-21-1220723716-4126832292-3965305388-1001\Software\Astromenda Browser]
"InstallerSuccessLaunchCmdLine"=""C:\Users\Admin\AppData\Local\Astromenda\Application\astromenda.exe""

[HKEY_USERS\S-1-5-21-1220723716-4126832292-3965305388-1001\Software\Classes\.htm\OpenWithProgids]
"AstromendaHTML.SGL7CS2EH4SH4GVUGU6GZPH6"=""

[HKEY_USERS\S-1-5-21-1220723716-4126832292-3965305388-1001\Software\Classes\.html\OpenWithProgids]
"AstromendaHTML.SGL7CS2EH4SH4GVUGU6GZPH6"=""

[HKEY_USERS\S-1-5-21-1220723716-4126832292-3965305388-1001\Software\Classes\.shtml\OpenWithProgids]
"AstromendaHTML.SGL7CS2EH4SH4GVUGU6GZPH6"=""

[HKEY_USERS\S-1-5-21-1220723716-4126832292-3965305388-1001\Software\Classes\.webp\OpenWithProgids]
"AstromendaHTML.SGL7CS2EH4SH4GVUGU6GZPH6"=""

[HKEY_USERS\S-1-5-21-1220723716-4126832292-3965305388-1001\Software\Classes\.xht\OpenWithProgids]
"AstromendaHTML.SGL7CS2EH4SH4GVUGU6GZPH6"=""

[HKEY_USERS\S-1-5-21-1220723716-4126832292-3965305388-1001\Software\Classes\.xhtml\OpenWithProgids]
"AstromendaHTML.SGL7CS2EH4SH4GVUGU6GZPH6"=""

[HKEY_USERS\S-1-5-21-1220723716-4126832292-3965305388-1001\Software\Classes\AstromendaHTML.SGL7CS2EH4SH4GVUGU6GZPH6]

[HKEY_USERS\S-1-5-21-1220723716-4126832292-3965305388-1001\Software\Classes\AstromendaHTML.SGL7CS2EH4SH4GVUGU6GZPH6]
""="Astromenda HTML Document"

[HKEY_USERS\S-1-5-21-1220723716-4126832292-3965305388-1001\Software\Classes\AstromendaHTML.SGL7CS2EH4SH4GVUGU6GZPH6]
"AppUserModelId"="Astromenda.SGL7CS2EH4SH4GVUGU6GZPH66I"

[HKEY_USERS\S-1-5-21-1220723716-4126832292-3965305388-1001\Software\Classes\AstromendaHTML.SGL7CS2EH4SH4GVUGU6GZPH6\Application]
"AppUserModelId"="Astromenda.SGL7CS2EH4SH4GVUGU6GZPH66I"

[HKEY_USERS\S-1-5-21-1220723716-4126832292-3965305388-1001\Software\Classes\AstromendaHTML.SGL7CS2EH4SH4GVUGU6GZPH6\Application]
"ApplicationIcon"="C:\Users\Admin\AppData\Local\Astromenda\Application\astromenda.exe,0"

[HKEY_USERS\S-1-5-21-1220723716-4126832292-3965305388-1001\Software\Classes\AstromendaHTML.SGL7CS2EH4SH4GVUGU6GZPH6\Application]
"ApplicationName"="Astromenda"

[HKEY_USERS\S-1-5-21-1220723716-4126832292-3965305388-1001\Software\Classes\AstromendaHTML.SGL7CS2EH4SH4GVUGU6GZPH6\Application]
"ApplicationCompany"="Astromenda"


===================== Suchergebnis für "ClearThink" ==========


===================== Suchergebnis für "FreeDriverScout" ==========


===================== Suchergebnis für "SimplyTech" ==========


===================== Suchergebnis für "SoftwareUpdater" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\AVAST Software\Avast]
"SoftwareUpdaterDbReset"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\SoftwareUpdater\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\AVAST Software\Avast]
"SoftwareUpdaterDbReset"="1"

[HKEY_USERS\.DEFAULT\Software\Microsoft\.NETFramework\SQM\Apps\SoftwareUpdater.Bootstrapper.exe]


===================== Suchergebnis für "Systweak" ==========


===================== Suchergebnis für "LavasoftTcpService" ==========


===================== Suchergebnis für "InstallCore" ==========


===================== Suchergebnis für "astrmndant
        " ==========


====== Ende von Suche ======
3. FRST

FRST Logfile:
Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 01.01.2019
durchgeführt von Admin (Administrator) auf DJ (05-01-2019 14:42:23)
Gestartet von C:\Users\Admin\Desktop
Geladene Profile: Admin (Verfügbare Profile: Admin & Fee-Jonas & Dirk)
Platform: Windows 8.1 Pro (Update) (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Device Health\DhMachineSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Device Health\PluginManager\DhPluginMgr.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Microsoft Corporation) C:\Windows\System32\WirelessKB850NotificationService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.895\SSScheduler.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_ep64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler64.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8029576 2016-10-17] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [261512 2019-01-04] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Communicator] => C:\Program Files (x86)\Microsoft Lync\communicator.exe [12120104 2017-08-15] (Microsoft Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [527864 2012-12-10] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58584 2017-05-30] (Raptr, Inc)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [261512 2019-01-04] (AVAST Software)
HKU\S-1-5-21-1220723716-4126832292-3965305388-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3113768 2018-12-04] (Electronic Arts)
HKU\S-1-5-21-1220723716-4126832292-3965305388-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18630056 2018-09-06] (Piriform Ltd)
HKU\S-1-5-21-1220723716-4126832292-3965305388-1001\...\Run: [AvastBrowserAutoLaunch_1088872FC4C2207C6D62AF0E8871CAAC] => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1827112 2018-12-04] (AVAST Software)
HKLM\...\Drivers32-x32: [vidc.VP60] => C:\Windows\SysWOW64\vp6vfw.dll [447752 2011-02-18] (On2.com)
HKLM\...\Drivers32-x32: [vidc.VP61] => C:\Windows\SysWOW64\vp6vfw.dll [447752 2011-02-18] (On2.com)
HKLM\...\Drivers32-x32: [msacm.l3codecp] => C:\Windows\SysWOW64\l3codecp.acm [186368 2014-11-21] (Fraunhofer Institut Integrierte Schaltungen IIS)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] -> C:\Program Files\Windows Mail\WinMail.exe [2014-11-21] (Microsoft Corporation)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\70.1.973.110\Installer\chrmstp.exe [2019-01-04] (AVAST Software)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] -> C:\Program Files (x86)\Windows Mail\WinMail.exe [2014-11-21] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2018-12-13]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.895\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2014-05-18]
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
Startup: C:\Users\Fee-Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2016-12-21]
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2
Tcpip\..\Interfaces\{E84189D4-3B18-4181-AC1D-0B9941A551E5}: [DhcpNameServer] 192.168.0.1 192.168.0.2

Internet Explorer:
==================
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Lync\OCHelper.dll [2010-11-03] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-08-22] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-08-22] (Oracle Corporation)
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP5-14362/webex/ieatgpc.cab

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e1j5k7a3.default [2019-01-05]
FF Homepage: Mozilla\Firefox\Profiles\e1j5k7a3.default -> hxxps://startpage.com
FF NewTab: Mozilla\Firefox\Profiles\e1j5k7a3.default -> hxxps://startpage.com
FF Extension: (Avast Online Security) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e1j5k7a3.default\Extensions\wrc@avast.com.xpi [2019-01-04]
FF HKU\S-1-5-21-1220723716-4126832292-3965305388-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => nicht gefunden
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_101.dll [2018-12-06] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_101.dll [2018-12-06] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-08-22] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <nicht gefunden>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <nicht gefunden>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2016-10-17] (Advanced Micro Devices) [Datei ist nicht signiert]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [7834368 2019-01-04] (AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2019-01-04] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [357816 2019-01-04] (AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2019-01-04] (AVAST Software)
R2 DeviceHealth; C:\Program Files (x86)\Microsoft Device Health\DhMachineSvc.exe [196760 2015-01-30] (Microsoft Corporation)
R2 DeviceHealthPluginMgr; C:\Program Files (x86)\Microsoft Device Health\PluginManager\DhPluginMgr.exe [244376 2015-01-30] (Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.895\McCHSvc.exe [405392 2018-12-11] (McAfee, Inc.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2270528 2018-12-04] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3131208 2018-12-04] (Electronic Arts)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
R2 WirelessKB850NotificationService; C:\WINDOWS\system32\WirelessKB850NotificationService.exe [176632 2018-05-14] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 amdacpksd; C:\WINDOWS\system32\drivers\amdacpksd.sys [305544 2016-10-18] (Advanced Micro Devices)
R0 amdide64; C:\WINDOWS\System32\drivers\amdide64.sys [11944 2012-12-03] (Advanced Micro Devices Inc.)
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37304 2019-01-04] (AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [203488 2019-01-04] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [220688 2019-01-04] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [196264 2019-01-04] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswblog.sys [320888 2019-01-04] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [58160 2019-01-04] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [239808 2019-01-04] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46584 2019-01-04] (AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42488 2019-01-04] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [166472 2019-01-04] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111992 2019-01-04] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [88144 2019-01-04] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1034056 2019-01-04] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [474648 2019-01-04] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [218056 2019-01-04] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [380144 2019-01-04] (AVAST Software)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWB6.sys [118848 2016-08-09] (Advanced Micro Devices)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152688 2018-12-04] (Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198512 2019-01-04] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [126624 2019-01-05] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [72536 2019-01-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [261032 2019-01-05] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [113016 2019-01-05] (Malwarebytes)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 vpnva; C:\WINDOWS\system32\DRIVERS\vpnva64-6.sys [50128 2012-12-10] (Cisco Systems, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)
S2 APXACC; \SystemRoot\system32\DRIVERS\appexDrv.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2019-01-05 14:42 - 2019-01-05 14:42 - 000016902 _____ C:\Users\Admin\Desktop\FRST.txt
2019-01-05 14:28 - 2019-01-05 14:40 - 000008982 _____ C:\Users\Admin\Desktop\Search.txt
2019-01-05 14:27 - 2019-01-05 14:27 - 000000000 ____D C:\Users\Admin\AppData\Local\CrashDumps
2019-01-05 14:26 - 2019-01-05 14:26 - 000126624 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-01-05 14:26 - 2019-01-05 14:26 - 000113016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-01-05 14:26 - 2019-01-05 14:26 - 000072536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-01-05 14:25 - 2019-01-05 14:25 - 000261032 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-01-05 14:23 - 2019-01-05 14:24 - 000024761 _____ C:\Users\Admin\Desktop\Fixlog.txt
2019-01-05 09:37 - 2019-01-05 09:37 - 000000000 ____D C:\Users\Fee-Jonas\AppData\Local\AVAST Software
2019-01-04 23:39 - 2019-01-04 23:39 - 000077267 _____ C:\Users\Admin\Desktop\Addition_mitte.txt
2019-01-04 23:38 - 2019-01-04 23:38 - 000002509 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2019-01-04 23:38 - 2019-01-04 23:38 - 000002474 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2019-01-04 23:37 - 2019-01-04 23:39 - 000039045 _____ C:\Users\Admin\Desktop\FRST_mitte.txt
2019-01-04 23:37 - 2019-01-04 23:37 - 000003586 _____ C:\WINDOWS\System32\Tasks\AvastUpdateTaskMachineUA
2019-01-04 23:37 - 2019-01-04 23:37 - 000003458 _____ C:\WINDOWS\System32\Tasks\AvastUpdateTaskMachineCore
2019-01-04 23:37 - 2019-01-04 23:37 - 000000000 ____D C:\Users\Admin\AppData\Local\mbamtray
2019-01-04 23:37 - 2019-01-04 23:37 - 000000000 ____D C:\Users\Admin\AppData\Local\AVAST Software
2019-01-04 23:37 - 2019-01-04 23:37 - 000000000 ____D C:\Program Files (x86)\AVAST Software
2019-01-04 23:36 - 2019-01-04 23:36 - 000007926 _____ C:\Users\Fee-Jonas\Desktop\mbam.txt
2019-01-04 23:17 - 2019-01-04 23:17 - 000000000 ____D C:\Users\Fee-Jonas\AppData\Local\mbam
2019-01-04 23:16 - 2019-01-04 23:16 - 000198512 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-01-04 23:16 - 2019-01-04 23:16 - 000001883 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-01-04 23:16 - 2019-01-04 23:16 - 000000000 ____D C:\Users\Fee-Jonas\AppData\Local\mbamtray
2019-01-04 23:16 - 2019-01-04 23:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-01-04 23:16 - 2019-01-04 23:16 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-01-04 23:16 - 2019-01-04 23:16 - 000000000 ____D C:\Program Files\Malwarebytes
2019-01-04 23:16 - 2018-12-04 08:09 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-01-04 23:15 - 2019-01-04 23:16 - 081227760 _____ (Malwarebytes ) C:\Users\Fee-Jonas\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.508-1.0.8211.exe
2019-01-04 23:13 - 2019-01-04 23:13 - 000009665 _____ C:\Users\Admin\Desktop\AdwCleaner[C00].txt
2019-01-04 23:07 - 2019-01-04 23:08 - 000000000 ____D C:\AdwCleaner
2019-01-04 23:06 - 2019-01-04 23:03 - 007320272 _____ (Malwarebytes) C:\Users\Admin\Desktop\adwcleaner_7.2.6.0.exe
2019-01-04 23:03 - 2019-01-04 23:03 - 007320272 _____ (Malwarebytes) C:\Users\Fee-Jonas\Downloads\adwcleaner_7.2.6.0.exe
2019-01-04 22:21 - 2019-01-04 22:21 - 000074896 _____ C:\Users\Admin\Desktop\Addition_vorher.txt
2019-01-04 22:20 - 2019-01-04 22:21 - 000038315 _____ C:\Users\Admin\Desktop\FRST_vorher.txt
2019-01-04 22:19 - 2019-01-04 22:01 - 002426368 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2019-01-04 22:02 - 2019-01-04 22:03 - 000065511 _____ C:\Users\Fee-Jonas\Desktop\Addition.txt
2019-01-04 22:01 - 2019-01-05 14:42 - 000000000 ____D C:\FRST
2019-01-04 22:01 - 2019-01-04 22:03 - 000035312 _____ C:\Users\Fee-Jonas\Desktop\FRST.txt
2019-01-04 22:01 - 2019-01-04 22:01 - 002426368 _____ (Farbar) C:\Users\Fee-Jonas\Desktop\FRST64.exe
2019-01-04 21:51 - 2019-01-04 21:51 - 000361352 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2019-01-04 21:51 - 2019-01-04 21:50 - 000320888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswblog.sys
2019-01-04 21:51 - 2019-01-04 21:50 - 000220688 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2019-01-04 21:51 - 2019-01-04 21:50 - 000196264 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2019-01-04 21:51 - 2019-01-04 21:50 - 000058160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2019-01-04 21:51 - 2019-01-04 21:50 - 000037304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2018-12-28 00:30 - 2018-12-28 19:29 - 000000000 ____D C:\Users\Fee-Jonas\Documents\Shadow of the Tomb Raider
2018-12-28 00:30 - 2018-12-28 00:30 - 000000000 ____D C:\Users\Fee-Jonas\AppData\Roaming\Eidos Montreal
2018-12-28 00:30 - 2018-12-28 00:30 - 000000000 ____D C:\Users\Fee-Jonas\AppData\Local\NVIDIA Corporation
2018-12-20 13:53 - 2018-12-14 08:38 - 000790016 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-12-20 13:53 - 2018-12-14 07:33 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-12-16 18:05 - 2018-12-16 18:05 - 000002115 _____ C:\Users\Public\Desktop\WISO steuer Sparbuch 2019.lnk
2018-12-16 18:05 - 2018-12-16 18:05 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Buhl
2018-12-16 18:05 - 2018-12-16 18:05 - 000000000 ____D C:\Users\Admin\AppData\Local\wmain19
2018-12-16 18:05 - 2018-12-16 18:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO steuer Sparbuch 2019
2018-12-14 16:08 - 2018-12-14 16:08 - 000001047 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2018-12-14 16:08 - 2018-12-14 16:08 - 000000000 ____D C:\Users\Fee-Jonas\AppData\Local\Notepad++
2018-12-14 16:08 - 2018-12-14 16:08 - 000000000 ____D C:\Users\Admin\AppData\Local\Notepad++
2018-12-14 11:06 - 2018-11-28 10:39 - 004168704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2018-12-14 11:06 - 2018-11-28 09:08 - 015441408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-12-14 11:06 - 2018-11-28 09:04 - 013322240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-12-14 11:06 - 2018-11-15 04:00 - 025735680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-12-14 11:06 - 2018-11-15 03:34 - 020281856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-12-14 11:06 - 2018-11-15 02:51 - 000498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-12-14 11:06 - 2018-11-15 02:50 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-12-14 11:06 - 2018-11-13 05:35 - 005778944 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-12-14 11:06 - 2018-11-13 05:00 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-12-14 11:06 - 2018-11-13 04:52 - 000809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-12-14 11:06 - 2018-11-13 04:51 - 015284736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-12-14 11:06 - 2018-11-13 04:43 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-12-14 11:06 - 2018-11-13 04:42 - 004494848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-12-14 11:06 - 2018-11-13 04:38 - 013681152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-12-14 11:06 - 2018-11-13 04:38 - 004859904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-12-14 11:06 - 2018-11-13 04:37 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-12-14 11:06 - 2018-11-13 04:27 - 001555968 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-12-14 11:06 - 2018-11-13 04:18 - 004386816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-12-14 11:06 - 2018-11-13 04:16 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-12-14 11:06 - 2018-11-13 04:15 - 001330176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-12-14 11:06 - 2018-11-13 04:14 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-12-14 11:06 - 2018-11-10 20:42 - 001368584 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2018-12-14 11:06 - 2018-11-10 20:36 - 007371720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-12-14 11:06 - 2018-11-10 20:25 - 000121288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2018-12-14 11:06 - 2018-11-10 19:54 - 001308456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-12-14 11:06 - 2018-11-10 19:53 - 000356088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-12-14 11:06 - 2018-11-10 17:34 - 001754112 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2018-12-14 11:06 - 2018-11-10 17:25 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2018-12-14 11:06 - 2018-11-10 17:22 - 000747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-12-14 11:06 - 2018-11-10 17:15 - 001491968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2018-12-14 11:06 - 2018-11-03 19:28 - 002532344 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-12-14 11:06 - 2018-11-03 18:41 - 001903456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-12-14 11:06 - 2018-11-03 16:25 - 002348032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-12-14 11:06 - 2018-11-03 16:11 - 001556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-12-14 11:06 - 2018-10-06 17:43 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-12-14 11:06 - 2018-10-06 17:13 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-12-14 11:06 - 2018-10-05 18:06 - 001200640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2018-12-14 11:06 - 2018-10-05 18:06 - 000323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2018-12-14 11:06 - 2018-10-05 17:20 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2018-12-14 11:06 - 2018-10-05 17:20 - 000200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2018-12-14 11:06 - 2018-10-05 16:18 - 000513376 _____ C:\WINDOWS\SysWOW64\locale.nls
2018-12-14 11:06 - 2018-10-05 16:18 - 000513376 _____ C:\WINDOWS\system32\locale.nls
2018-12-13 11:42 - 2018-12-13 11:42 - 000001980 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2018-12-13 11:42 - 2018-12-13 11:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2018-12-13 11:41 - 2018-12-27 17:03 - 000000000 ____D C:\ProgramData\McAfee Security Scan
2018-12-09 07:24 - 2019-01-03 22:37 - 000000000 ____D C:\Users\Fee-Jonas\AppData\Local\CrashDumps
2018-12-06 14:37 - 2018-12-06 14:37 - 006351872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2019-01-05 14:37 - 2016-10-25 21:00 - 000000000 ____D C:\Program Files\AMD
2019-01-05 14:31 - 2016-10-25 18:55 - 000003906 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{BCFF598A-9863-4AE8-8D7E-FDDA574760FE}
2019-01-05 14:31 - 2012-12-30 06:25 - 000003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1220723716-4126832292-3965305388-1001
2019-01-05 14:30 - 2015-02-14 07:54 - 000000476 _____ C:\WINDOWS\Tasks\微软设备健康助手设备检查.job
2019-01-05 14:27 - 2017-08-13 07:23 - 000000000 ____D C:\Users\Admin\AppData\LocalLow\Mozilla
2019-01-05 14:27 - 2015-11-28 00:24 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Raptr
2019-01-05 14:25 - 2014-11-14 22:14 - 000000454 _____ C:\WINDOWS\Tasks\微软设备健康助手开机检测.job
2019-01-05 14:25 - 2014-08-11 20:22 - 000000470 _____ C:\WINDOWS\Tasks\微软设备健康助手自动更新.job
2019-01-05 14:25 - 2013-08-22 15:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-01-05 14:24 - 2015-11-28 00:44 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2019-01-05 14:24 - 2013-12-28 13:55 - 000000000 ____D C:\Program Files (x86)\Steam
2019-01-05 14:24 - 2013-04-15 21:32 - 000000000 ____D C:\Users\Fee-Jonas\AppData\LocalLow\Temp
2019-01-05 13:55 - 2018-09-06 17:06 - 000003870 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-01-05 13:55 - 2017-08-13 07:26 - 000002778 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2019-01-05 13:55 - 2016-10-25 21:21 - 000004238 _____ C:\WINDOWS\System32\Tasks\AMD Updater
2019-01-05 13:55 - 2016-10-24 22:54 - 000003922 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{83FB303E-983C-49AF-9DF9-B4C660AC815C}
2019-01-05 13:55 - 2016-06-11 20:12 - 000000000 ____D C:\Users\Fee-Jonas\AppData\Roaming\Factorio
2019-01-05 13:55 - 2015-12-03 17:40 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2019-01-05 13:55 - 2015-02-14 07:54 - 000003386 _____ C:\WINDOWS\System32\Tasks\微软设备健康助手设备检查
2019-01-05 13:55 - 2014-11-14 22:14 - 000002790 _____ C:\WINDOWS\System32\Tasks\微软设备健康助手开机检测
2019-01-05 13:55 - 2014-08-11 20:22 - 000003380 _____ C:\WINDOWS\System32\Tasks\微软设备健康助手自动更新
2019-01-05 13:55 - 2014-01-12 13:04 - 000003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1220723716-4126832292-3965305388-1115
2019-01-05 13:55 - 2012-12-29 23:48 - 000004342 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2019-01-05 11:55 - 2015-11-28 00:27 - 000000000 ____D C:\Users\Fee-Jonas\AppData\Roaming\Raptr
2019-01-05 09:38 - 2016-11-18 21:36 - 000000000 ____D C:\Users\Fee-Jonas\AppData\LocalLow\Mozilla
2019-01-04 23:40 - 2013-03-03 23:09 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Mozilla
2019-01-04 23:28 - 2013-08-22 14:25 - 000524288 ___SH C:\WINDOWS\system32\config\BBI
2019-01-04 23:22 - 2013-08-22 16:36 - 000000000 ___HD C:\Program Files\WindowsApps
2019-01-04 23:22 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-01-04 22:21 - 2013-08-22 14:36 - 000000000 ____D C:\WINDOWS\Inf
2019-01-04 21:52 - 2017-04-22 06:43 - 000003910 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2019-01-04 21:51 - 2018-05-05 05:58 - 000239808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2019-01-04 21:51 - 2018-05-05 05:58 - 000203488 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2019-01-04 21:51 - 2016-03-28 23:42 - 000042488 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2019-01-04 21:51 - 2014-05-04 20:22 - 000046584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2019-01-04 21:51 - 2013-12-23 16:20 - 000218056 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2019-01-04 21:51 - 2013-04-11 21:56 - 000474648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2019-01-04 21:51 - 2013-04-11 21:56 - 000380144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2019-01-04 21:51 - 2013-04-11 21:56 - 000166472 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2019-01-04 21:51 - 2013-04-11 21:56 - 000111992 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2019-01-04 21:51 - 2013-04-11 21:56 - 000088144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2019-01-04 21:50 - 2013-04-11 21:56 - 001034056 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2019-01-04 14:18 - 2016-10-24 22:26 - 000433648 _____ C:\WINDOWS\system32\prfh0804.dat
2019-01-04 14:18 - 2016-10-24 22:26 - 000132582 _____ C:\WINDOWS\system32\prfc0804.dat
2019-01-04 14:18 - 2014-11-21 04:35 - 002335906 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-01-04 14:18 - 2014-11-21 03:45 - 000758136 _____ C:\WINDOWS\system32\perfh007.dat
2019-01-04 14:18 - 2014-11-21 03:45 - 000156398 _____ C:\WINDOWS\system32\perfc007.dat
2019-01-03 11:15 - 2013-07-22 18:37 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-12-30 00:07 - 2012-12-30 00:31 - 000000000 ____D C:\Users\Fee-Jonas\AppData\Local\Ubisoft Game Launcher
2018-12-20 14:38 - 2012-07-26 08:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-12-18 19:58 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\rescache
2018-12-18 18:47 - 2012-12-30 13:10 - 000000000 ____D C:\ProgramData\Origin
2018-12-18 18:47 - 2012-12-30 13:10 - 000000000 ____D C:\Program Files (x86)\Origin
2018-12-17 18:06 - 2012-12-30 06:29 - 000003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1220723716-4126832292-3965305388-1002
2018-12-16 18:05 - 2016-10-25 21:10 - 000000000 ____D C:\Users\Admin\AppData\Local\AMD
2018-12-16 18:05 - 2014-05-18 14:25 - 000000000 ____D C:\Users\Admin\AppData\Local\Buhl
2018-12-16 18:00 - 2014-05-18 14:23 - 000000000 ____D C:\Program Files (x86)\WISO
2018-12-16 18:00 - 2012-12-29 23:42 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-12-16 17:55 - 2014-05-18 14:22 - 000000000 ____D C:\ProgramData\Buhl Data Service GmbH
2018-12-16 15:31 - 2015-12-20 21:40 - 000000000 ____D C:\Users\Fee-Jonas\Documents\Paradox Interactive
2018-12-16 15:18 - 2016-11-17 20:52 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-12-16 15:18 - 2012-12-29 23:44 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-12-14 19:10 - 2012-12-29 23:44 - 000001077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-12-14 16:34 - 2013-08-22 15:44 - 000527816 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-12-14 16:08 - 2016-02-03 22:14 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Notepad++
2018-12-13 14:32 - 2012-12-29 23:38 - 137260640 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-12-13 14:27 - 2012-07-26 06:26 - 000000269 _____ C:\WINDOWS\win.ini
2018-12-13 11:42 - 2015-11-25 19:16 - 000000000 ____D C:\Program Files\McAfee Security Scan
2018-12-06 14:37 - 2018-03-16 18:48 - 000004514 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-12-06 14:37 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-12-06 14:37 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\system32\Macromed

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-04-13 12:58 - 2014-04-13 12:58 - 000001078 _____ () C:\Users\Admin\AppData\Roaming\base64.cer
2016-10-24 20:48 - 2016-10-24 20:48 - 000000046 _____ () C:\Users\Admin\AppData\Roaming\WB.CFG
2013-06-03 15:18 - 2013-06-03 15:18 - 000001244 _____ () C:\Users\Admin\AppData\Local\recently-used.xbel

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2019-01-05 13:59

==================== Ende von FRST.txt ============================
--- --- ---

dirk_92 05.01.2019 15:11
Fortsetzung
 
4. Addition.txt

Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 01.01.2019
durchgeführt von Admin (05-01-2019 14:43:18)
Gestartet von C:\Users\Admin\Desktop
Windows 8.1 Pro (Update) (X64) (2016-10-24 21:38:50)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Admin (S-1-5-21-1220723716-4126832292-3965305388-1001 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-1220723716-4126832292-3965305388-500 - Administrator - Disabled)
Dirk (S-1-5-21-1220723716-4126832292-3965305388-1115 - Limited - Enabled) => C:\Users\Dirk
Fee-Jonas (S-1-5-21-1220723716-4126832292-3965305388-1002 - Limited - Enabled) => C:\Users\Fee-Jonas
Gast (S-1-5-21-1220723716-4126832292-3965305388-501 - Limited - Disabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
ACP Application (HKLM\...\{7887FB96-80EA-BDAE-A5E4-A9C8C3ED7093}) (Version: 2016.1017.2209.52 - Advanced Micro Devices, Inc.) Hidden
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.101 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
Angry Birds (HKLM-x32\...\{A353543A-B1EB-48E1-A719-A88A68BFA555}) (Version: 4.0.0 - Rovio Entertainment Ltd.)
Angry Birds (HKLM-x32\...\{DE96EDE7-7D0A-49D7-9C11-121BA91F84E0}) (Version: 3.3.0 - Rovio Entertainment Ltd.)
ANNO 2070 (HKLM-x32\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.1.2360 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 70.1.973.110 - AVAST Software)
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.154.333 - AVAST Software) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Catalyst Control Center Next Localization BR (HKLM\...\{30BEC4F9-FB2F-3C5D-FBB4-B47DB23271C9}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{9B9E3989-EB86-7D86-39C8-64795A9F30D9}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{E8316EE7-97E5-80F1-B8BE-DDCC225244AC}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{8D9B427F-697E-D95F-059A-1E3E669998A1}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{9DE7A3B1-4B80-8F11-1A0B-F92CC2B06781}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{84035ED3-8E29-59E2-F648-8F07212078C8}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{2A3AE3B3-4E31-A203-8D27-655D950805C1}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{FC32D676-C95A-01BE-037E-98E0259094CC}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{362F7ED0-CC19-BDDE-F804-A718C49797E0}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{88F8B3EF-6947-A693-BEA6-D6A51466371F}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{A0FD84CD-6E95-7D76-2D96-7233B58D0ABD}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{C5A8698A-F510-5BF3-538C-6721D373D274}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{FCC2674A-94F1-A4ED-2CE1-FC2401E559CC}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{F65E03FF-F1ED-D59A-507A-F3D3F1AEED43}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{BB4D999E-5199-D422-0B07-015E97E0E0A0}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{98E1DA10-0656-3266-C88E-1E2F49E9FE19}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{F8082754-11C3-F178-08BD-0F91E89C14C6}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{E3884E2A-224E-8238-EC3F-8F2850D5A1FF}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{BE4FCA73-4411-6FA9-DFA9-B29A8F1E4B36}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{8A63B449-330C-CE77-3D2C-1BC6FA9CD511}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{EC463366-E74D-2630-72D9-74228C2190D9}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.0.11042 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{4B3AF51F-830F-409F-AE05-FB67040C90B6}) (Version: 3.0.11042 - Cisco Systems, Inc.) Hidden
Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Die Siedler 7 (HKLM-x32\...\{63860309-DA8A-4BAE-9EAE-CE1D6D79340C}) (Version: 1.12.1396 - Ubisoft)
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.69.43.024017 - Electronic Arts Inc.)
Die Sims™ 3 70er, 80er & 90er Accessoires (HKLM-x32\...\{E1868CAE-E3B9-4099-8C18-AA8944D336FD}) (Version: 17.0.77 - Electronic Arts)
Die Sims™ 3 Design-Garten-Accessoires (HKLM-x32\...\{117B6BF6-82C3-420C-B284-9247C8568E53}) (Version: 7.3.2 - Electronic Arts)
Die Sims™ 3 Diesel Accessoires (HKLM-x32\...\{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}) (Version: 14.0.48 - Electronic Arts)
Die Sims™ 3 Einfach tierisch (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
Die Sims™ 3 Gib Gas-Accessoires (HKLM-x32\...\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}) (Version: 5.0.44 - Electronic Arts)
Die Sims™ 3 Inselparadies (HKLM-x32\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts)
Die Sims™ 3 Into the Future (HKLM-x32\...\{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}) (Version: 21.0.150 - Electronic Arts)
Die Sims™ 3 Jahreszeiten (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
Die Sims™ 3 Katy Perry Süße Welt (HKLM-x32\...\{9B2506E3-9A3F-45B5-96BF-509CAD584650}) (Version: 13.0.62 - Electronic Arts)
Die Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.5.1 - Electronic Arts)
Die Sims™ 3 Lebensfreude (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
Die Sims™ 3 Luxus-Accessoires (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.13.1 - Electronic Arts)
Die Sims™ 3 Reiseabenteuer (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
Die Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
Die Sims™ 3 Stadt-Accessoires (HKLM-x32\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)
Die Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
Die Sims™ 3 Traumkarrieren (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.10.1 - Electronic Arts)
Die Sims™ 3 Traumsuite-Accessoires (HKLM-x32\...\{08A25478-C5DD-4EA7-B168-3D687CA987FF}) (Version: 11.0.84 - Electronic Arts)
Die Sims™ 3 Wildes Studentenleben (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.44.83.1020 - Electronic Arts Inc.)
Extended Asian Language font pack for Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-A00000000004}) (Version: 11.0.0 - Adobe Systems Incorporated)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
GSview 5.0 (HKLM\...\GSview 5.0) (Version: 5.0 - Ghostgum Software Pty Ltd)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Inkscape 0.48.4 (HKLM-x32\...\Inkscape) (Version: 0.48.4 - )
JabRef 2.9.2 (HKLM-x32\...\JabRef 2.9.2) (Version: 2.9.2 - JabRef Team)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
KODAK Create@Home Software (für dm) (HKLM-x32\...\{398AC289-E8BE-4FC2-99B5-AC6DB0640FC7}) (Version: 9.1.0392 - Kodak Alaris Inc.)
Leisure Suit Larry Reloaded (HKLM-x32\...\{E58E79EB-96BC-4BC2-A0E7-9CC28ECF4E1A}) (Version: 1.0.0.0 - Replay Games Inc.)
Malwarebytes Version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.895.1 - McAfee, Inc.)
Microsoft Lync 2010 (HKLM\...\{58A013B1-1613-4978-881A-FCA43710C84A}) (Version: 4.0.7577.4540 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.11.25325 (HKLM-x32\...\{404c9c27-8377-4fd1-b607-7ca635db4e49}) (Version: 14.11.25325.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MiKTeX 2.9 (HKLM-x32\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mozilla Firefox 64.0 (x64 de) (HKLM\...\Mozilla Firefox 64.0 (x64 de)) (Version: 64.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 63.0.3 - Mozilla)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.9 - Notepad++ Team)
Origin (HKLM-x32\...\Origin) (Version: 10.5.32.18460 - Electronic Arts, Inc.)
PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio)
Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.10-r123135-release - Raptr, Inc)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.9 - Rockstar Games)
RollerCoaster Tycoon 2 Triple Thrill Pack (HKLM-x32\...\{4C5D15D2-5351-4F05-A96E-56C20554F977}) (Version: 1.00.000 - )
s3pe - Sims3 Package Editor (HKLM-x32\...\s3pe) (Version: 12-1225-1206 - Peter L Jones)
Secure Download Manager (HKLM-x32\...\{AA57D6F1-6360-4397-B2D9-B21C69863D97}) (Version: 3.1.0 - Kivuto Solutions Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.98.0213 - Electronic Arts)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype Version 8.31 (HKLM-x32\...\Skype_is1) (Version: 8.31 - Skype Technologies S.A.)
Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeXnicCenter Version 2.0 Beta 1 (HKLM\...\TeXnicCenter_is1) (Version: 2.0 Beta 1 - The TeXnicCenter Team)
Theme Hospital (HKLM-x32\...\{5118A4C2-C8A4-4CE5-AC37-F3E51C25402F}) (Version: 3.0.0.5 - Electronic Arts)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Uplay (HKLM-x32\...\Uplay) (Version: 14.0 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.21.0 (HKLM\...\VulkanRT1.0.21.0) (Version: 1.0.21.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0-10) (Version: 1.0.26.0 - LunarG, Inc.)
WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)
Windows-Treiberpaket - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WISO steuer:Sparbuch 2016 (HKLM-x32\...\{08459FDC-0106-4B93-AD0F-4111DA9C4FD3}) (Version: 23.00.1146 - Buhl Data Service GmbH)
WISO steuer:Sparbuch 2017 (HKLM-x32\...\{8B75DEB9-A7A3-4E7E-A80B-C982B8894E7F}) (Version: 24.05.1582 - Buhl Data Service GmbH)
WISO steuer:Sparbuch 2018 (HKLM-x32\...\{061BEF8E-5B59-45C6-A598-EDB81FC38AFB}) (Version: 25.03.1550 - Buhl Data Service GmbH)
WISO steuer:Sparbuch 2019 (HKLM-x32\...\{42E59B2F-EA74-4898-AACF-A62F7C90EEE2}) (Version: 26.00.1560 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{8FDA5FAB-BF29-4744-B9BD-9C3F9A26F0B6}) (Version: 21.00.8480 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2015 (HKLM-x32\...\{8A6497B9-EF0C-48F9-9D82-7EE4511FA6B4}) (Version: 22.08.9051 - Buhl Data Service GmbH)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)
微软设备健康助手 (HKLM-x32\...\{2EAC4B0F-6E44-4FF6-AA5E-5D100F2BAA59}) (Version: 1.5.3.1 - Microsoft Corporation)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-04] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-04] (AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2011-04-18] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2015-04-15] ()
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-04] (AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-05] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-05] (Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-04] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2011-04-18] (Igor Pavlov)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2016-10-17] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-04] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-05] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-05] (Alexander Roshal)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {21B76B13-E78C-477A-9521-429FD3373732} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2019-01-04] (AVAST Software)
Task: {29BAEA52-F7C7-4A2E-94F9-4457AD0E5201} - System32\Tasks\微软设备健康助手设备检查 => C:\Program Files (x86)\Microsoft Device Health\PluginManager\DhPluginMgrScheduler.exe [2015-01-30] (Microsoft Corporation)
Task: {348188BD-B2FF-486F-847C-D14B5DEBAE16} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-09-06] (Piriform Ltd)
Task: {5A26CFFB-388F-4F96-9B9E-DD8AF02DDA56} - System32\Tasks\微软设备健康助手开机检测 => C:\Program Files (x86)\Microsoft Device Health\DhUpdate.exe [2015-01-30] (Microsoft Corporation)
Task: {7A986F2A-4B42-4A7E-9C90-0BD6BB8F3651} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2019-01-04] (AVAST Software)
Task: {853AEED7-EBAD-4FDC-824E-953303A9D6A0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-12-06] (Adobe Systems Incorporated)
Task: {AC885A5D-128A-4B56-88C9-01560593E036} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-09-06] (Piriform Ltd)
Task: {ACF07987-306C-4031-BFBC-04337D1AD8E8} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_101_Plugin.exe [2018-12-06] (Adobe Systems Incorporated)
Task: {BD8F20F8-0DCA-46DD-A2E0-D7ABC9DEED39} - System32\Tasks\微软设备健康助手自动更新 => C:\Program Files (x86)\Microsoft Device Health\DhUpdate.exe [2015-01-30] (Microsoft Corporation)
Task: {C7CA4FAB-E38D-4006-866A-D977E68E65E2} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2019-01-04] (AVAST Software)
Task: {D7616AB8-6967-47CE-BECD-AC3618293336} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-10-17] (Advanced Micro Devices, Inc.)
Task: {F799ABC8-7C43-427E-8AE1-FB4AECFDDC42} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe [2018-11-18] (AVAST Software)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\微软设备健康助手开机检测.job => C:\Program Files (x86)\Microsoft Device Health\DhUpdate.exe/EnableDHWORKGROUP\DJ$H此任务用于微软设备健康助手的状态检测和自我修复。了解更多请查阅hxxp:/support.microsoft.com
Task: C:\WINDOWS\Tasks\微软设备健康助手自动更新.job => C:\Program Files (x86)\Microsoft Device Health\DhUpdate.exeWORKGROUP\DJ$Z此服务属于微软设备健康助手用于获取最新的版本有助于提高设备健康度及保障支付安全。了解更多请查阅hxxp:/support.microsoft.com
Task: C:\WINDOWS\Tasks\微软设备健康助手设备检查.job => C:\Program Files (x86)\Microsoft Device Health\PluginManager\DhPluginMgrScheduler.exeWORKGROUP\DJ$C此任务用于微软设备健康助手的设备检查。了解更多请查阅hxxp:/support.microsoft.com

==================== Verknüpfungen & WMI ========================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)


==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2019-01-04 23:16 - 2018-11-21 11:07 - 002842608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2019-01-04 23:16 - 2018-11-15 11:01 - 002712432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-11-20 04:46 - 2018-11-20 04:46 - 004310296 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2016-09-14 02:20 - 2016-09-14 02:20 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-14 02:20 - 2016-09-14 02:20 - 000739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-14 02:20 - 2016-09-14 02:20 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-09-14 02:20 - 2016-09-14 02:20 - 000071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-14 02:20 - 2016-09-14 02:20 - 000011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-14 02:20 - 2016-09-14 02:20 - 002013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2019-01-04 21:51 - 2019-01-04 21:51 - 093695912 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2019-01-04 21:51 - 2019-01-04 21:51 - 000667016 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2015-05-08 02:37 - 2015-05-08 02:37 - 000087040 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_ctypes.pyd
2015-05-08 02:37 - 2015-05-08 02:37 - 000043008 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_socket.pyd
2015-05-08 02:37 - 2015-05-08 02:37 - 000805376 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_ssl.pyd
2015-05-08 02:39 - 2015-05-08 02:39 - 005812736 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtGui.pyd
2017-05-04 20:01 - 2017-05-04 20:01 - 000067584 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\sip.pyd
2015-05-08 02:39 - 2015-05-08 02:39 - 001662464 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtCore.pyd
2015-05-08 02:39 - 2015-05-08 02:39 - 000494592 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtNetwork.pyd
2015-05-08 02:39 - 2015-05-08 02:39 - 000096256 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32api.pyd
2015-05-08 02:38 - 2015-05-08 02:38 - 000110592 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pywintypes26.dll
2015-05-08 02:37 - 2015-05-08 02:37 - 000010240 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\select.pyd
2015-05-08 02:37 - 2015-05-08 02:37 - 000356864 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_hashlib.pyd
2015-05-08 02:39 - 2015-05-08 02:39 - 000036352 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32process.pyd
2015-05-08 02:39 - 2015-05-08 02:39 - 000111104 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32file.pyd
2015-05-08 02:37 - 2015-05-08 02:37 - 000044544 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_sqlite3.pyd
2015-05-08 02:49 - 2015-05-08 02:49 - 000417501 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\sqlite3.dll
2015-05-08 02:39 - 2015-05-08 02:39 - 000167936 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32gui.pyd
2015-05-08 02:39 - 2015-05-08 02:39 - 000313856 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtWebKit.pyd
2015-05-08 02:37 - 2015-05-08 02:37 - 000127488 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pyexpat.pyd
2015-05-08 02:37 - 2015-05-08 02:37 - 000009216 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\winsound.pyd
2015-11-13 22:59 - 2015-11-13 22:59 - 000113171 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libvlc.dll
2015-11-13 22:59 - 2015-11-13 22:59 - 002396691 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libvlccore.dll
2015-05-08 02:37 - 2015-05-08 02:37 - 000583680 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\unicodedata.pyd
2015-05-08 02:38 - 2015-05-08 02:38 - 000354304 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pythoncom26.dll
2015-05-08 02:38 - 2015-05-08 02:38 - 000263168 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32com.shell.shell.pyd
2015-05-08 02:39 - 2015-05-08 02:39 - 000141312 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\gobject._gobject.pyd
2017-05-04 18:33 - 2017-05-04 18:33 - 002717595 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\heliotrope._purple.pyd
2015-05-08 02:49 - 2015-05-08 02:49 - 001213633 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libxml2-2.dll
2015-05-08 02:55 - 2015-05-08 02:55 - 000055808 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\zlib1.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 000495680 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libaim.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 001183699 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\liboscar.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 000483306 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libicq.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 000655356 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libirc.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 001306387 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libmsn.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 000565461 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libxmpp.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 001640221 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libjabber.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 000506276 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libyahoo.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 001053730 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libymsg.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 000497782 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libyahoojp.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 000603326 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\ssl-nss.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 000474199 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\ssl.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData:BDSDRMHK [64]
AlternateDataStreams: C:\Users\All Users:BDSDRMHK [64]
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:BDSDRMHK [64]
AlternateDataStreams: C:\ProgramData\Application Data:BDSDRMHK [64]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-1220723716-4126832292-3965305388-1001\...\localhost -> localhost

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2012-07-26 06:26 - 2019-01-05 14:23 - 000000035 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1220723716-4126832292-3965305388-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1 - 192.168.0.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (Keine Datei)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.

HKLM\...\StartupApproved\StartupFolder: => "WISO Mein Steuer-Sparbuch heute.lnk"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "BingDesktop"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Communicator"
HKLM\...\StartupApproved\Run32: => "PowerDVD13Agent"
HKLM\...\StartupApproved\Run32: => "PlaysTV"
HKU\S-1-5-21-1220723716-4126832292-3965305388-1001\...\StartupApproved\Run: => "EADM"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{35C567F3-7CF1-40E9-89A3-31DB2F0F22D4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe (Firaxis Games)
FirewallRules: [{9B1CDE4D-46BB-40BD-ACCA-1FCC1DA7C2E8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe (Firaxis Games)
FirewallRules: [{4B85539D-04FF-4373-8389-93A64883293D}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe (Raptr, Inc)
FirewallRules: [{08A0A7E9-A27F-4F88-9DE1-DA2A2948CF9D}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe (Raptr, Inc)
FirewallRules: [{C2928E61-ADCE-4603-BEA9-986A8C202ED1}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe (Raptr, Inc)
FirewallRules: [{A3CC7995-FBBB-4162-8F12-F10A0FA8B125}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe (Raptr, Inc)
FirewallRules: [{46376749-B120-44FC-913A-EA065B71DD23}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Factorio\bin\x64\factorio.exe (Wube Software)
FirewallRules: [{849B267E-F9A0-47B1-87B7-21817D77BA4B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Factorio\bin\x64\factorio.exe (Wube Software)
FirewallRules: [{5BE81491-6998-4C34-9E64-EF92A27F2ADF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stardew Valley\Stardew Valley.exe (ConcernedApe)
FirewallRules: [{6FDF3ACA-8CF0-41E7-9DB0-4D0D7A397044}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stardew Valley\Stardew Valley.exe (ConcernedApe)
FirewallRules: [{A6BCAB39-747D-4D57-B164-8D599C351E6B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Europa Universalis IV\eu4.exe (Paradox Interactive)
FirewallRules: [{4F3ED3C0-90D8-4AC7-B724-675218A3923D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Europa Universalis IV\eu4.exe (Paradox Interactive)
FirewallRules: [{CA34D051-FD94-49C8-A2F4-DE0BA452C4EF}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts Inc.)
FirewallRules: [{8CD08CC4-BBA5-4A01-B924-65203713203D}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts Inc.)
FirewallRules: [{7BCA1CD4-A960-408A-A410-9AC94575425F}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe (Electronic Arts Inc.)
FirewallRules: [{D0EF42A2-2798-4C49-B1BE-144C457E88D6}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe (Electronic Arts Inc.)
FirewallRules: [UDP Query User{8EE7D225-6D80-4194-89DF-A150FFD5999E}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games)
FirewallRules: [TCP Query User{6F8569D3-D981-4D79-8C6A-095D5087F3AE}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games)
FirewallRules: [{B80B4D8F-E2F9-4DA4-8AAA-6EBFA82632F1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe (Rockstar Games)
FirewallRules: [{A9A4CEDD-0AC2-447B-988D-4B69A57B0875}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe (Rockstar Games)
FirewallRules: [{D5F5886E-1899-437F-8B87-DC8F9D3B8A66}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe (Kalloc Studios)
FirewallRules: [{E765B512-B8D4-4104-A0CD-F848EB1F6DA4}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe (Kalloc Studios)
FirewallRules: [{A7D7F089-AB99-4C55-AEA5-CBA6C2D2BC99}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V SDK\Sid Meier's Civilization V SDK.exe (Firaxis Games)
FirewallRules: [{A0F4EDE8-C2A9-4FE9-9291-A988196EA9CE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V SDK\Sid Meier's Civilization V SDK.exe (Firaxis Games)
FirewallRules: [{5180F337-DD43-4415-871B-8C980D3AEF16}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
FirewallRules: [{A0F27069-F03B-4121-A36A-D74A7E0678EC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
FirewallRules: [{2ABF4180-E2A2-40A2-B47D-B1054A159443}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{C0313060-1A1C-4784-BF6B-80A220C87559}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{98568E65-842B-4371-BE3E-DFEA03E61D8C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Rollercoaster Tycoon 2\rct2.exe ()
FirewallRules: [{69F3A20E-317C-4DB0-B9FB-B988F9374BA8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Rollercoaster Tycoon 2\rct2.exe ()
FirewallRules: [UDP Query User{59C4E3E5-70FC-4AEE-99B6-C815A020DB5D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [TCP Query User{69B1CE15-78E9-4353-8539-86F7BC0C889B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{BF91454A-EDE4-42FB-A813-1AA3F41B586F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{2EC79FDE-76CE-4DE0-AEB6-D2758D7E951D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{6AC96074-B814-45A7-8905-8A995EC46A28}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Majesty 2 Collection\M2Editor.exe (Paradox Interactive)
FirewallRules: [{E27A6668-454C-429D-916C-E0CFBAFDA894}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Majesty 2 Collection\M2Editor.exe (Paradox Interactive)
FirewallRules: [{B4DBA89C-B59C-423C-B142-8AC74987D6B2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Majesty 2 Collection\majesty2.exe (Paradox Interactive)
FirewallRules: [{C5892ABF-05F1-4857-8FC6-424ED98D75D3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Majesty 2 Collection\majesty2.exe (Paradox Interactive)
FirewallRules: [{8A48104C-352A-4FC2-932E-6595BD3EAEE5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe (Firaxis Games)
FirewallRules: [{49B1A5F7-94FE-434A-B558-65C879448A03}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe (Firaxis Games)
FirewallRules: [{794C7B5F-CA7E-439A-A8AB-297DE4708F81}] => (Allow) C:\games\world_of_tanks\wotlauncher.exe (Wargaming.net)
FirewallRules: [{36A68294-606C-46AA-AB53-89EDFBDA3963}] => (Allow) C:\games\world_of_tanks\wotlauncher.exe (Wargaming.net)
FirewallRules: [{1ED55816-E41F-43C2-A22E-A5DB1401E3C4}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe (Electronic Arts Inc.)
FirewallRules: [{A8E8F4B9-DE35-47B8-BF7A-117C10B2A801}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe (Electronic Arts Inc.)
FirewallRules: [UDP Query User{5F33D9D7-60F2-4E22-BA1C-59C61822D158}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe (Wargaming.net)
FirewallRules: [TCP Query User{9DD4BE5B-DDFE-4751-9C8D-4600C40EB6B7}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe (Wargaming.net)
FirewallRules: [UDP Query User{EC323057-C2D8-4165-A426-859EBE0B2BD2}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe (Wargaming.net)
FirewallRules: [TCP Query User{9C6801B4-699A-4C80-9B46-1F1A4C557CCA}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe (Wargaming.net)
FirewallRules: [{517AB619-62F3-434E-A709-902C2C445003}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe ()
FirewallRules: [{7C40BB27-9C05-4F72-81EF-630C8B223C0A}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe ()
FirewallRules: [UDP Query User{F6B506EB-3A67-4737-BA6F-15CD1F43D00F}C:\users\fee-jonas\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe] => (Allow) C:\users\fee-jonas\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe (深圳市迅雷网络技术有限公司)
FirewallRules: [TCP Query User{62067B4F-63AC-4156-A3D8-0225F927DB27}C:\users\fee-jonas\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe] => (Allow) C:\users\fee-jonas\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe (深圳市迅雷网络技术有限公司)
FirewallRules: [UDP Query User{2ADE8DB1-A6F0-4374-A72D-AF49ED685818}C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe (Firaxis Games)
FirewallRules: [TCP Query User{97AE8AB3-0709-41C0-8AD1-3A7B11AEE071}C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe (Firaxis Games)
FirewallRules: [{12011AD8-3027-435F-B83E-42523A317F08}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Broken Sword 5\BS5.exe ()
FirewallRules: [{86B3EE9D-0FCA-448C-AFDC-B3A4E33C7EAB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Broken Sword 5\BS5.exe ()
FirewallRules: [{D04ECCE2-6300-4D86-9275-1791D9A16909}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Child of Light\ChildofLight.exe (Ubisoft Entertainment)
FirewallRules: [{FA4B3C7E-175D-406D-9583-63958ED4058A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Child of Light\ChildofLight.exe (Ubisoft Entertainment)
FirewallRules: [{2B07A67C-93A1-4DA9-8742-FF7C90630F69}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Child of Light\ChildofLight.exe (Ubisoft Entertainment)
FirewallRules: [{8F60659D-F648-40C0-A6C5-3CC6AF18E177}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Child of Light\ChildofLight.exe (Ubisoft Entertainment)
FirewallRules: [{E8903BD4-DFC3-4C44-858A-5865B03C32C8}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe (Blizzard Entertainment)
FirewallRules: [{3505F9AC-29FF-4E02-837C-39F54416209A}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe (Blizzard Entertainment)
FirewallRules: [{0158AC7C-B0D4-4980-94BC-C99D3702A9B7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe (Blizzard Entertainment)
FirewallRules: [{5B7FC0E3-EF69-4777-A798-B3D0B8145BC7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe (Blizzard Entertainment)
FirewallRules: [{8B957F90-B01B-4CC1-B5F1-00B970A6CFA4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Banished\Application-steam-x64.exe ()
FirewallRules: [{1F872B3F-64D8-4603-89FB-6DE719E229D3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Banished\Application-steam-x64.exe ()
FirewallRules: [{95F6C533-BDD7-421A-8EE1-D0EF09320BB1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization III Complete\Conquests\Civ3Conquests.exe (© 2001-2004 Atari Inc.)
FirewallRules: [{D8391D95-77BC-4DE2-9AFE-DAED847D81D0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization III Complete\Conquests\Civ3Conquests.exe (© 2001-2004 Atari Inc.)
FirewallRules: [{E6E5D0E1-D522-4C4D-8D3F-572BA8A1EA23}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
FirewallRules: [{7BA32A37-35FE-4F92-AC54-DAF315441905}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
FirewallRules: [{77F6D77A-57E6-40F6-B43D-396572877D5F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Patrician III\Patrician3.exe ()
FirewallRules: [{8598849B-5692-44B1-A535-78F06DDC5860}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Patrician III\Patrician3.exe ()
FirewallRules: [{A51980E4-8EB7-48B8-8208-DFAC17790DCD}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
FirewallRules: [{A4903764-3E0B-4A45-9C36-11AC0DE3B404}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider\TombRaider.exe (Square Enix)
FirewallRules: [{F92D22E8-AE53-4965-BC69-5570AC7C2FAA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider\TombRaider.exe (Square Enix)
FirewallRules: [{6AAF5026-9A11-4C48-8370-F8A708A44D3E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider\TombRaider.exe (Square Enix)
FirewallRules: [{B27EB7EF-70C9-4B86-8276-35C629484CA5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider\TombRaider.exe (Square Enix)
FirewallRules: [{EE6DC100-0555-4055-A6EC-A0752D917554}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
FirewallRules: [{5090822F-3D48-4AC5-9A5D-BC5B831936D8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
FirewallRules: [{5E730218-813F-4B82-8E0E-900A04DD231E}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 2070\InitEngine.exe ()
FirewallRules: [{6FB6B92F-C350-4951-A646-104C0C9806EF}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 2070\InitEngine.exe ()
FirewallRules: [{0497AD3F-437A-46D0-8F64-48F16D32BBF6}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 2070\AutoPatcher.exe (Related Designs Software)
FirewallRules: [{E9AB5ACC-F372-4DB8-BC37-C9FBE8FE29E3}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 2070\AutoPatcher.exe (Related Designs Software)
FirewallRules: [{D80FB71C-8FE3-44EF-9CBA-B2CF84A4CAA2}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 2070\Anno5.exe (Related Designs)
FirewallRules: [{0B311919-FB5F-418A-A7DA-90EB39A09F3E}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 2070\Anno5.exe (Related Designs)
FirewallRules: [{0440C23E-D2C1-4385-B451-C04B6DDC151E}] => (Allow) C:\Program Files (x86)\Origin Games\Leisure Suit Larry Reloaded\LarryReloaded.exe ()
FirewallRules: [{9807388E-9413-418A-8A48-49EB01F77C2C}] => (Allow) C:\Program Files (x86)\Origin Games\Leisure Suit Larry Reloaded\LarryReloaded.exe ()
FirewallRules: [{9EB501F7-35E2-41DE-9D76-EDB765F71D72}] => (Allow) C:\Program Files\Microsoft Lync\UcMapi64.exe (Microsoft Corporation)
FirewallRules: [{1197133B-F0B3-43D7-A0AF-629699D2E30C}] => (Allow) C:\Program Files (x86)\Microsoft Lync\UcMapi.exe (Microsoft Corporation)
FirewallRules: [{B20E9C77-03EC-4606-82FE-557F147B2B68}] => (Allow) C:\Program Files (x86)\Microsoft Lync\communicator.exe (Microsoft Corporation)
FirewallRules: [{C1EADE61-F16F-4408-985E-1BEF2E829F3F}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe Keine Datei
FirewallRules: [{0EC2D455-E54A-4BCF-B47F-B38EE2DF3AA0}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe Keine Datei
FirewallRules: [{964592D3-7FD3-407B-BA6A-6417032DC3F1}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe (Blizzard Entertainment)
FirewallRules: [{D1F23160-5444-4D0C-A107-142709C0BF5A}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe (Blizzard Entertainment)
FirewallRules: [{3D8B7995-AC56-4231-B0BE-5E471B8CD67D}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe ()
FirewallRules: [{88A5029B-7699-4C8A-B5A6-1B325BF94EA1}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe ()
FirewallRules: [{CF5B8186-E0F9-48D8-92AE-022EBC68D5E6}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe (Blizzard Entertainment)
FirewallRules: [{49D218F6-2711-4B0F-BC6A-FE39852EE275}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe (Blizzard Entertainment)
FirewallRules: [{C6A2CE4C-4209-4BD0-9CF2-7FD805EA79B0}] => (Allow) C:\Program Files (x86)\Ubisoft\Die Siedler 7\Data\Base\_Dbg\Bin\Release\Settlers7R.exe (Blue Byte GmbH)
FirewallRules: [{475BA0BD-7941-48AF-9268-78013566E689}] => (Allow) C:\Program Files (x86)\Ubisoft\Die Siedler 7\Data\Base\_Dbg\Bin\Release\Settlers7R.exe (Blue Byte GmbH)
FirewallRules: [{450F3EB1-77B8-4087-8ADF-468FA4568D35}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe (Ubisoft)
FirewallRules: [{A66BDF75-89AA-4C2C-ADEE-175A5319D3DA}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe (Ubisoft)
FirewallRules: [TCP Query User{A62A1FB7-6398-4CF6-B776-80EF377ED3CB}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe (Wargaming.net)
FirewallRules: [UDP Query User{4B0D32E9-D3CA-49A8-BB6C-6DCC50A61A07}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe (Wargaming.net)
FirewallRules: [{3E83A775-1350-4BB1-98C3-FEA43746BEEC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation)
FirewallRules: [{07790045-0A6F-4450-B2BD-297C9E3807C3}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation)
FirewallRules: [{5F869C59-C40F-4BDA-A0D4-93B250BF4BA2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stronghold Crusader 2\bin\win32_release\Crusader2.exe ()
FirewallRules: [{67EBC907-1667-4BDD-8847-C092E27276D2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stronghold Crusader 2\bin\win32_release\Crusader2.exe ()
FirewallRules: [{D8940C63-C63D-4053-BD0C-B2F496484620}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stronghold 2\Stronghold2.exe (Firefly Studios)
FirewallRules: [{9A44F270-2F93-47F4-B134-630F6FCAE0F2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stronghold 2\Stronghold2.exe (Firefly Studios)
FirewallRules: [{79904BBE-E3DC-427B-8EF6-87DE6DDED3EA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry Primal\bin\FCPrimal.exe (Ubisoft Entertainment)
FirewallRules: [{971D8AA2-1646-4F03-9E5A-A4CA31D1B230}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry Primal\bin\FCPrimal.exe (Ubisoft Entertainment)
FirewallRules: [{5CEAAD65-E997-42CD-80EB-9F99CFA18863}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kerbal Space Program\KSP_x64.exe ()
FirewallRules: [{7D0B70A0-4B8F-450C-B262-5D435DC3ED77}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kerbal Space Program\KSP_x64.exe ()
FirewallRules: [{1BD335CB-ADCA-4D32-B508-952C8DFFDFCF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Civilization IV Colonization\Colonization.exe (Firaxis Games)
FirewallRules: [{7E9AC2C7-830A-4EFC-83EE-331ADFC2A662}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Civilization IV Colonization\Colonization.exe (Firaxis Games)
FirewallRules: [{89E26E6C-8F42-4BAB-962F-5CA2D24B4DFC}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe (Electronic Arts Inc.)
FirewallRules: [{F6A6A599-8DC2-4FBA-91C1-BFCD7AB7908E}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe (Electronic Arts Inc.)
FirewallRules: [TCP Query User{B2D35378-B363-40C7-8F76-8404D0BEC10A}C:\users\fee-jonas\appdata\local\amazon music\amazon music helper.exe] => (Block) C:\users\fee-jonas\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC)
FirewallRules: [UDP Query User{02B22BAA-7FD4-41B0-B573-65DF8AF6AC31}C:\users\fee-jonas\appdata\local\amazon music\amazon music helper.exe] => (Block) C:\users\fee-jonas\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC)
FirewallRules: [{CE356DD3-D434-4881-89D4-A0415812E92A}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe (Raptr, Inc)
FirewallRules: [{F890B59A-B5DB-46FE-A778-DE094CB5219B}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe (Raptr, Inc)
FirewallRules: [{5C03D892-6E13-4D58-88EE-528FEFDD4DF3}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe (Raptr, Inc)
FirewallRules: [{787A07C5-957C-4DA5-9382-1C5BFF442268}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe (Raptr, Inc)
FirewallRules: [{233FEF99-71E6-48C4-A57E-1B04FD007005}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red)
FirewallRules: [{5B5EEE6C-7D60-46EB-A19F-07BE6E711DA2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red)
FirewallRules: [TCP Query User{3FE76B17-EB49-40B9-9B95-7F2B9DC5FD2E}C:\program files\microsoft office\office14\groove.exe] => (Block) C:\program files\microsoft office\office14\groove.exe (Microsoft Corporation)
FirewallRules: [UDP Query User{183A6812-BB55-4F78-B970-55E2F6129711}C:\program files\microsoft office\office14\groove.exe] => (Block) C:\program files\microsoft office\office14\groove.exe (Microsoft Corporation)
FirewallRules: [{E9E564C7-C8D5-401D-B2E1-36B793E541E1}] => (Allow) C:\Program Files (x86)\Origin Games\Theme Hospital\data\Game\DOSBox\EALaunchHelper.exe (Electronic Arts)
FirewallRules: [{BD4E96EF-7BC4-441B-B688-A43BF88300F9}] => (Allow) C:\Program Files (x86)\Origin Games\Theme Hospital\data\Game\DOSBox\EALaunchHelper.exe (Electronic Arts)
FirewallRules: [{062E6668-167E-4D09-92E2-F774E7E6D4CF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stronghold 2\FFLauncher.exe ()
FirewallRules: [{19646928-DAF0-4C64-AE05-39D2F310001F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stronghold 2\FFLauncher.exe ()
FirewallRules: [{8AF8A76F-BB04-450A-9465-469C710AC4A9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry Primal\bin\FCPrimal.exe (Ubisoft Entertainment)
FirewallRules: [{C3C1F866-4FDF-4B32-82CC-D6CE69FFB248}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry Primal\bin\FCPrimal.exe (Ubisoft Entertainment)
FirewallRules: [TCP Query User{30584249-A8FA-4226-AC69-2A4201FCEFC2}C:\users\fee-jonas\appdata\local\amazon music\amazon music helper.exe] => (Block) C:\users\fee-jonas\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC)
FirewallRules: [UDP Query User{E9ABB7B3-6642-45EB-B7CE-21FB2B16BB37}C:\users\fee-jonas\appdata\local\amazon music\amazon music helper.exe] => (Block) C:\users\fee-jonas\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC)
FirewallRules: [{D0ADA9D1-C122-47B6-B722-04184A6F7693}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cities_Skylines\Cities.exe ()
FirewallRules: [{93F522B6-50AB-4D3B-8E0C-4E03C4B666C2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cities_Skylines\Cities.exe ()
FirewallRules: [{73456120-CDD1-42EE-9BB0-BF6709711378}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Industry Giant 2\ig2_AddOn.exe (United Independent Entertainment GmbH)
FirewallRules: [{03F75FA7-2091-4580-97C8-80C7BFB27DB8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Industry Giant 2\ig2_AddOn.exe (United Independent Entertainment GmbH)
FirewallRules: [{10E28A7E-6051-4614-95AA-1A5EAD2C163B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\XCOM 2\Binaries\Win64\Launcher\ModLauncherWPF.exe (Microsoft)
FirewallRules: [{E0EA1A40-EF6A-461C-90DD-B368A4D8D4A2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\XCOM 2\Binaries\Win64\Launcher\ModLauncherWPF.exe (Microsoft)
FirewallRules: [TCP Query User{B29151AA-2AEA-41BD-AAB4-966FCD3D83D9}C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe (Firaxis Games)
FirewallRules: [UDP Query User{F2731B3F-E518-4C9F-8538-5A31E862C352}C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe (Firaxis Games)
FirewallRules: [{76320721-FC08-431C-AF44-2D5C9323F61A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Factorio\bin\x64\factorio.exe (Wube Software)
FirewallRules: [{E120D092-D08A-4DAE-9ADA-46BC0384CA75}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Factorio\bin\x64\factorio.exe (Wube Software)
FirewallRules: [{6816B626-A16A-4562-B930-8EFD43484AF5}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe (Electronic Arts Inc.)
FirewallRules: [{E08FE17A-1A37-4F6F-B59E-A9BCEA24A41C}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe (Electronic Arts Inc.)
FirewallRules: [{B8CC5228-73D5-4F19-9249-E95F336DAB1E}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts Inc.)
FirewallRules: [{19B5E915-9B64-4C59-ACE5-7731A9E33E49}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts Inc.)
FirewallRules: [{C4EE90AA-431D-4ABE-ADF6-BA6C89D723D0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe (Firaxis Games)
FirewallRules: [{B88C9348-0BF0-4B9C-874C-347987BEA66A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe (Firaxis Games)
FirewallRules: [{3EEF874E-2AA2-4B37-A6A8-5AAE1F2251A4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe (Firaxis Games)
FirewallRules: [{AECEE5ED-8F87-434F-8356-C2ACFA6F0B51}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe (Firaxis Games)
FirewallRules: [TCP Query User{44994FA2-6831-4594-AA9E-031D4A03BB8A}C:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe] => (Allow) C:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe (Blue Byte GmbH)
FirewallRules: [UDP Query User{9293AADF-43E1-4D71-9FB0-88247235307D}C:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe] => (Allow) C:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe (Blue Byte GmbH)
FirewallRules: [{A215A324-37FF-4595-996D-1348A8FEC10E}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
FirewallRules: [{E32948F0-4FAD-4704-B9AA-C7BA6B1142E3}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
FirewallRules: [{3B764539-BF20-4835-A39E-598AF9CEF614}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hearts of Iron IV\hoi4.exe (Paradox Interactive)
FirewallRules: [{A853CB92-E45C-46B8-A6D6-EB21004E08EB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hearts of Iron IV\hoi4.exe (Paradox Interactive)
FirewallRules: [{58C31393-E9DF-43D0-83FA-2DC53CB24324}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Technologies S.A.)
FirewallRules: [{14F66FEA-611F-49B1-957B-3F7353E1C26D}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Technologies S.A.)
FirewallRules: [{F0E7DB56-AD76-4858-9069-06D0FF5B387E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe ()
FirewallRules: [{2EF7B2EA-1A8D-49D6-9EC0-C5F5C2E8BE2D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe ()
FirewallRules: [{F3657BD6-5E02-4A9B-AAFB-8BC8A5485B06}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe ()
FirewallRules: [{70F4E1CE-8B97-47D0-BA3F-181AB0098393}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe ()
FirewallRules: [{DE4AB790-4C40-4417-98AE-F8FA9164A0C8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Crusader Kings II\CK2game.exe (Paradox Interactive)
FirewallRules: [{3D136507-38B0-4AAA-9675-8B60E3A49C03}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Crusader Kings II\CK2game.exe (Paradox Interactive)
FirewallRules: [{DFCF60D1-B8D5-4B8E-B0AE-20A68292D725}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software)
FirewallRules: [{74869600-35E5-4379-A1D6-3CD72BB9C925}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software)
FirewallRules: [{8DE35911-A6FC-4EA2-997B-5071F5BE7E98}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software)

==================== Wiederherstellungspunkte =========================

13-12-2018 14:26:13 Windows Update
16-12-2018 17:59:56 Installiert WISO steuer:Sparbuch 2019
20-12-2018 14:36:14 Windows Update
03-01-2019 23:38:34 Windows Update

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (01/05/2019 02:26:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbamtray.exe, Version: 3.1.0.1662, Zeitstempel: 0x5c070ada
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.18895, Zeitstempel: 0x5a4b127e
Ausnahmecode: 0xc0000142
Fehleroffset: 0x0009d4e2
ID des fehlerhaften Prozesses: 0x1190
Startzeit der fehlerhaften Anwendung: 0x01d4a4fa41ab8056
Pfad der fehlerhaften Anwendung: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Pfad des fehlerhaften Moduls: KERNELBASE.dll
Berichtskennung: 888b9e5f-10ed-11e9-8138-bc5ff47694e7
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (01/03/2019 11:40:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Steam.exe, Version 4.83.53.91 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 980

Startzeit: 01d4a3b2ea85c727

Endzeit: 15

Anwendungspfad: C:\Program Files (x86)\Steam\Steam.exe

Berichts-ID: 91353099-0fa8-11e9-8132-bc5ff47694e7

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (01/03/2019 11:38:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (01/03/2019 11:14:09 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2118-12-10T22:14:09Z. Fehlercode: 0x80040154.

Error: (01/03/2019 11:13:39 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2118-12-10T22:13:39Z. Fehlercode: 0x80040154.

Error: (01/03/2019 11:13:09 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2118-12-10T22:13:09Z. Fehlercode: 0x80040154.

Error: (01/03/2019 11:12:39 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2118-12-10T22:12:39Z. Fehlercode: 0x80040154.

Error: (01/03/2019 11:12:09 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2118-12-10T22:12:09Z. Fehlercode: 0x80040154.


Systemfehler:
=============
Error: (01/05/2019 02:25:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AppEx Networks Accelerator LWF" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.

Error: (01/05/2019 02:24:22 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (01/05/2019 02:00:26 PM) (Source: DCOM) (EventID: 10010) (User: DJ)
Description: Der Server "{BF6C1E47-86EC-4194-9CE5-13C15DCB2001}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (01/04/2019 11:40:47 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (01/04/2019 11:29:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AppEx Networks Accelerator LWF" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.

Error: (01/04/2019 11:28:05 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (01/04/2019 11:10:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AppEx Networks Accelerator LWF" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.

Error: (01/04/2019 11:08:48 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.


Windows Defender:
===================================
Date: 2013-03-08 12:48:06.137
Description:
Die Windows Defender-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {CE77E50C-6F4F-4C63-B1C2-181706E9A2C7}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM

Date: 2013-02-02 17:16:31.827
Description:
Die Windows Defender-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {6D0A8998-6BEF-48F9-A25D-8B839C367F24}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM

Date: 2013-01-05 00:12:33.150
Description:
Die Windows Defender-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {02CC17D8-2F71-49EB-8574-410B230987B5}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM

Date: 2016-10-07 16:44:03.697
Description:
Fehler von Windows Defender beim Laden von Signaturen. Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen.
Betroffene Signaturen: Sicherung
Fehlercode: 0x80073aba
Fehlerbeschreibung: Die Ressource ist zu alt und daher nicht mehr kompatibel.
Signaturversion: 1.147.1246.0;1.147.1246.0
Modulversion: 1.1.9302.0

Date: 2016-10-07 16:44:01.825
Description:
Fehler von Windows Defender beim Laden von Signaturen. Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen.
Betroffene Signaturen: Aktuell
Fehlercode: 0x80073aba
Fehlerbeschreibung: Die Ressource ist zu alt und daher nicht mehr kompatibel.
Signaturversion: 1.147.1631.0;1.147.1631.0
Modulversion: 1.1.9302.0

Date: 2013-04-11 21:40:15.013
Description:
Fehler von Windows Defender beim Aktualisieren von Signaturen.
Neue Signaturversion:
Vorherige Signaturversion: 1.147.1246.0
Updatequelle: Microsoft Update-Server
Signaturtyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion:
Vorherige Modulversion: 1.1.9302.0
Fehlercode: 0x80240016
Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie unter "Hilfe und Support".

Date: 2013-04-11 21:40:15.013
Description:
Fehler von Windows Defender beim Aktualisieren von Signaturen.
Neue Signaturversion:
Vorherige Signaturversion: 1.147.1246.0
Updatequelle: Microsoft Update-Server
Signaturtyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion:
Vorherige Modulversion: 1.1.9302.0
Fehlercode: 0x80240016
Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie unter "Hilfe und Support".

Date: 2013-04-11 21:40:15.013
Description:
Fehler von Windows Defender beim Aktualisieren von Signaturen.
Neue Signaturversion:
Vorherige Signaturversion: 1.147.1246.0
Updatequelle: Microsoft Update-Server
Signaturtyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion:
Vorherige Modulversion: 1.1.9302.0
Fehlercode: 0x80240016
Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie unter "Hilfe und Support".

==================== Speicherinformationen ===========================

Prozessor: AMD A10-5800K APU with Radeon(tm) HD Graphics
Prozentuale Nutzung des RAM: 29%
Installierter physikalischer RAM: 8146.26 MB
Verfügbarer physikalischer RAM: 5714.35 MB
Summe virtueller Speicher: 10002.26 MB
Verfügbarer virtueller Speicher: 7371.32 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:1667.7 GB) (Free:917.9 GB) NTFS
Drive d: (Daten) (Fixed) (Total:97.31 GB) (Free:92.59 GB) NTFS

\\?\Volume{95d81160-523f-11e2-be65-806e6f6e6963}\ (System-reserviert) (Fixed) (Total:0.34 GB) (Free:0.29 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: B3AEF03F)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=97.7 GB) - (Type=06)
Partition 4: (Not Active) - (Size=1667.7 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================

M-K-D-B 05.01.2019 20:05
Die fixlog.txt von Schritt 1 ist unvollständig.

Bitte nochmal vollständig posten.

dirk_92 05.01.2019 23:46
oh, sorry...
Hier nochmal die vollständige fixlog.txt von Schritt 1:
Code:
Entfernungsergebnis von Farbar Recovery Scan Tool (x64) Version: 01.01.2019
durchgeführt von Admin (05-01-2019 14:23:46) Run:1
Gestartet von C:\Users\Admin\Desktop
Geladene Profile: Admin & Fee-Jonas & Dirk (Verfügbare Profile: Admin & Fee-Jonas & Dirk)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
Hosts: 0.0.0.1        mssplus.mcafee.com
HKU\S-1-5-21-1220723716-4126832292-3965305388-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-1220723716-4126832292-3965305388-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://startpage.com/
HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKLM-x32 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-1220723716-4126832292-3965305388-1001 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-1220723716-4126832292-3965305388-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-1220723716-4126832292-3965305388-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  Keine Datei
Toolbar: HKLM - Kein Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  Keine Datei
R1 {c5e48979-bd7f-4cf7-9b73-2482a67a4f37}w64; C:\WINDOWS\System32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}w64.sys [44688 2014-09-19] (StdLib)
Task: {68D72534-72E8-46D6-989F-F78C44CED384} - \Microsoft\Windows\Setup\EOSNotify -> Keine Datei <==== ACHTUNG
CMD: dir "%ProgramFiles%"
CMD: dir "%ProgramFiles(x86)%"
CMD: dir "%ProgramData%"
CMD: dir "%Appdata%"
CMD: dir "%LocalAppdata%"
CMD: dir "%CommonProgramFiles(x86)%"
CMD: dir "%CommonProgramW6432%"
CMD: dir "%UserProfile%"
CMD: dir "C:\"
CMD: dir "%systemprofile%\users"
CMD: dir /AH "%SYSTEMDRIVE%\users"
ExportKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions
CMD: ipconfig /flushdns
CMD: netsh winsock reset
RemoveProxy:
EmptyTemp:

*****************

C:\Windows\System32\Drivers\etc\hosts => erfolgreich verschoben
Hosts erfolgreich wiederhergestellt.
HKU\S-1-5-21-1220723716-4126832292-3965305388-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => Wert erfolgreich wiederhergestellt
HKU\S-1-5-21-1220723716-4126832292-3965305388-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => Wert erfolgreich wiederhergestellt
HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\Software\Microsoft\Internet Explorer\Main\\Start Page => Wert erfolgreich wiederhergestellt
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} => erfolgreich entfernt
HKLM\Software\Classes\CLSID\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} => nicht gefunden
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wert erfolgreich wiederhergestellt
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5} => erfolgreich entfernt
HKLM\Software\Wow6432Node\Classes\CLSID\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5} => nicht gefunden
"HKU\S-1-5-21-1220723716-4126832292-3965305388-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => erfolgreich entfernt
HKU\S-1-5-21-1220723716-4126832292-3965305388-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5} => erfolgreich entfernt
HKLM\Software\Classes\CLSID\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5} => nicht gefunden
"HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => erfolgreich entfernt
HKLM\Software\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => erfolgreich entfernt
HKLM\Software\Classes\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => nicht gefunden
{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}w64 => Dienst nicht gefunden.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{68D72534-72E8-46D6-989F-F78C44CED384}" => erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68D72534-72E8-46D6-989F-F78C44CED384}" => erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\EOSNotify" => erfolgreich entfernt

========= dir "%ProgramFiles%" =========

 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 5073-77D9

 Verzeichnis von C:\Program Files

04.01.2019  23:16    <DIR>          .
04.01.2019  23:16    <DIR>          ..
22.08.2014  16:22    <DIR>          7-Zip
25.10.2016  21:32    <DIR>          AMD
28.03.2016  23:41    <DIR>          AVAST Software
10.09.2018  14:44    <DIR>          CCleaner
08.12.2017  18:43    <DIR>          Common Files
28.08.2013  00:15    <DIR>          Covus Freemium
25.09.2016  13:48    <DIR>          DIFX
15.04.2013  15:59    <DIR>          Ghostgum
15.04.2013  15:55    <DIR>          gs
20.11.2018  00:44    <DIR>          Internet Explorer
19.05.2018  12:58    <DIR>          KeyboardNotification
04.01.2019  23:16    <DIR>          Malwarebytes
13.12.2018  11:42    <DIR>          McAfee Security Scan
15.04.2013  16:28    <DIR>          Microsoft Analysis Services
12.09.2017  20:46    <DIR>          Microsoft Lync
15.04.2013  16:31    <DIR>          Microsoft Office
17.06.2017  17:00    <DIR>          Microsoft Silverlight
15.04.2013  16:31    <DIR>          Microsoft SQL Server Compact Edition
15.04.2013  16:31    <DIR>          Microsoft Sync Framework
15.04.2013  16:31    <DIR>          Microsoft Synchronization Services
24.10.2016  22:18    <DIR>          MSBuild
30.04.2013  18:45    <DIR>          PDF Split And Merge Basic
24.10.2016  22:18    <DIR>          Reference Assemblies
07.10.2015  11:07    <DIR>          ReviverSoft
18.12.2015  11:02    <DIR>          Rockstar Games
01.02.2013  19:29    <DIR>          s3pe
15.04.2013  16:59    <DIR>          TeXnicCenter
14.04.2017  23:17    <DIR>          Windows Defender
24.10.2016  22:21    <DIR>          Windows Journal
24.10.2016  22:25    <DIR>          Windows Mail
15.10.2018  22:49    <DIR>          Windows Media Player
21.11.2014  12:08    <DIR>          Windows Multimedia Platform
24.10.2016  22:38    <DIR>          Windows NT
24.10.2016  22:25    <DIR>          Windows Photo Viewer
21.11.2014  12:08    <DIR>          Windows Portable Devices
21.11.2014  12:07    <DIR>          WindowsPowerShell
11.01.2015  20:33    <DIR>          WinRAR
              0 Datei(en),              0 Bytes
              39 Verzeichnis(se), 986.665.340.928 Bytes frei

========= Ende von CMD: =========


========= dir "%ProgramFiles(x86)%" =========

 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 5073-77D9

 Verzeichnis von C:\Program Files (x86)

04.01.2019  23:37    <DIR>          .
04.01.2019  23:37    <DIR>          ..
15.04.2013  16:02    <DIR>          Adobe
25.10.2016  21:20    <DIR>          AMD
22.08.2015  17:04    <DIR>          Atari
04.01.2019  23:37    <DIR>          AVAST Software
03.02.2016  10:48    <DIR>          Battle.net
24.06.2013  19:49    <DIR>          Cisco
25.10.2016  19:50    <DIR>          Common Files
28.11.2015  12:07    <DIR>          Diablo III
10.02.2017  19:09    <DIR>          GameSpy Arcade
25.10.2018  15:39    <DIR>          Google
28.11.2015  10:31    <DIR>          Hearthstone
03.06.2013  14:49    <DIR>          Inkscape
20.11.2018  00:44    <DIR>          Internet Explorer
09.09.2013  22:50    <DIR>          JabRef
22.08.2014  16:22    <DIR>          Java
28.12.2017  17:21    <DIR>          KODAK Create@Home Software (fr dm)
30.09.2018  14:20    <DIR>          Microsoft
15.04.2013  16:28    <DIR>          Microsoft Analysis Services
14.02.2015  07:54    <DIR>          Microsoft Device Health
12.09.2017  20:46    <DIR>          Microsoft Lync
15.04.2013  16:28    <DIR>          Microsoft Office
17.06.2017  17:00    <DIR>          Microsoft Silverlight
15.04.2013  16:39    <DIR>          Microsoft SQL Server
15.04.2013  16:28    <DIR>          Microsoft Visual Studio 8
30.12.2012  13:41    <DIR>          Microsoft WSE
13.03.2016  19:48    <DIR>          Microsoft XNA
24.10.2016  22:21    <DIR>          Microsoft.NET
15.04.2013  15:49    <DIR>          MiKTeX 2.9
16.12.2018  15:18    <DIR>          Mozilla Firefox
16.12.2018  15:18    <DIR>          Mozilla Maintenance Service
24.10.2016  22:24    <DIR>          MSBuild
03.02.2016  22:15    <DIR>          Notepad++
15.04.2013  16:37    <DIR>          OCSetup
18.12.2018  18:47    <DIR>          Origin
03.07.2018  18:04    <DIR>          Origin Games
11.01.2015  12:09    <DIR>          Paradox Interactive
06.03.2016  18:38    <DIR>          Raptr Inc
24.10.2016  22:18    <DIR>          Reference Assemblies
18.12.2015  11:02    <DIR>          Rockstar Games
30.10.2013  17:44    <DIR>          Rovio
29.09.2013  11:45    <DIR>          Rovio Entertainment Ltd
24.10.2016  19:30    <DIR>          Skype
03.06.2013  15:20    <DIR>          SomePDF
28.11.2015  11:22    <DIR>          StarCraft II
05.01.2019  10:50    <DIR>          Steam
10.05.2015  14:55    <DIR>          TeamSpeak 3 Client
22.07.2013  23:32    <DIR>          Ubisoft
02.01.2013  13:42    <DIR>          VideoLAN
25.10.2016  21:21    <DIR>          VulkanRT
28.11.2015  10:25    <DIR>          WestwoodOnline
14.04.2017  23:17    <DIR>          Windows Defender
24.10.2016  22:25    <DIR>          Windows Mail
15.10.2018  22:49    <DIR>          Windows Media Player
21.11.2014  12:07    <DIR>          Windows Multimedia Platform
22.08.2013  16:36    <DIR>          Windows NT
24.10.2016  22:25    <DIR>          Windows Photo Viewer
21.11.2014  12:07    <DIR>          Windows Portable Devices
22.08.2013  16:36    <DIR>          WindowsPowerShell
16.12.2018  18:00    <DIR>          WISO
              0 Datei(en),              0 Bytes
              61 Verzeichnis(se), 986.665.271.296 Bytes frei

========= Ende von CMD: =========


========= dir "%ProgramData%" =========

 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 5073-77D9

 Verzeichnis von C:\ProgramData

15.03.2015  14:18    <DIR>          .mono
15.04.2013  17:09    <DIR>          Adobe
07.10.2015  11:22    <DIR>          Ashampoo
25.10.2016  21:30    <DIR>          ATI
05.05.2018  05:57    <DIR>          AVAST Software
30.12.2012  00:14    <DIR>          Battle.net
12.04.2013  17:26    <DIR>          Blizzard Entertainment
16.12.2018  17:55    <DIR>          Buhl Data Service GmbH
24.06.2013  19:49    <DIR>          Cisco
20.09.2014  17:32    <DIR>          CyberLink
22.10.2016  18:30    <DIR>          DeviceHealth
22.07.2013  18:38    <DIR>          DriverGenius
31.12.2012  00:21    <DIR>          EA Core
24.06.2013  09:59    <DIR>          EA Logs
09.03.2013  01:05    <DIR>          Electronic Arts
10.02.2017  19:10    <DIR>          Firefly Studios
01.01.2014  21:01    <DIR>          install_clap
04.01.2019  23:16    <DIR>          Malwarebytes
28.06.2018  15:36    <DIR>          McAfee
27.12.2018  17:03    <DIR>          McAfee Security Scan
04.01.2019  23:07    <DIR>          Microsoft Help
15.04.2013  15:49    <DIR>          MiKTeX
29.12.2012  23:44    <DIR>          Mozilla
08.06.2014  15:55    <DIR>          Oracle
18.12.2018  18:47    <DIR>          Origin
14.05.2018  12:29    <DIR>          Package Cache
01.01.2014  21:04    <DIR>          PDVD
24.03.2013  11:40    <DIR>          PopCap Games
24.10.2016  22:21    <DIR>          PRICache
21.11.2014  12:07    <DIR>          regid.1991-06.com.microsoft
24.10.2016  19:30    <DIR>          Skype
22.07.2013  23:49    <DIR>          Solidshield
30.04.2013  18:46    <DIR>          Sun
01.01.2014  21:02    <DIR>          Temp
19.06.2014  21:17    <DIR>          Thunder Network
06.11.2013  21:10    <DIR>          WebEx
              0 Datei(en),              0 Bytes
              36 Verzeichnis(se), 986.665.156.608 Bytes frei

========= Ende von CMD: =========


========= dir "%Appdata%" =========

 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 5073-77D9

 Verzeichnis von C:\Users\Admin\AppData\Roaming

16.12.2018  18:05    <DIR>          .
16.12.2018  18:05    <DIR>          ..
15.04.2013  17:01    <DIR>          Adobe
07.10.2015  11:22    <DIR>          Ashampoo
25.10.2016  21:30    <DIR>          ATI
12.01.2014  12:57    <DIR>          AVAST Software
13.04.2014  12:58            1.078 base64.cer
16.12.2018  18:05    <DIR>          Buhl
18.05.2014  14:26    <DIR>          Buhl Data Service
12.01.2014  12:57    <DIR>          CyberLink
02.01.2013  13:43    <DIR>          dvdcss
28.08.2013  00:09    <DIR>          Easeware
24.10.2016  19:54    <DIR>          Factorio
24.10.2016  19:55    <DIR>          FiraxisLive
24.10.2016  22:39    <DIR>          Identities
28.08.2013  00:13    <DIR>          inkscape
22.08.2015  17:05    <DIR>          Leadertech
28.11.2015  00:24    <DIR>          library_dir
04.03.2013  01:50    <DIR>          Macromedia
15.04.2013  17:01    <DIR>          MiKTeX
04.01.2019  23:40    <DIR>          Mozilla
14.12.2018  16:08    <DIR>          Notepad++
03.07.2017  09:20    <DIR>          Origin
24.10.2016  19:20    <DIR>          PlaysTV
05.01.2019  14:21    <DIR>          Raptr
22.07.2013  18:22    <DIR>          Rovio
24.10.2016  19:31    <DIR>          Skype
24.10.2016  19:54    <DIR>          StardewValley
20.09.2014  17:11    <DIR>          TaobaoProtect
07.10.2015  12:16    <DIR>          TS3Client
22.07.2013  23:36    <DIR>          Ubisoft
07.09.2013  00:04    <DIR>          vlc
24.10.2016  19:52    <DIR>          Wargaming.net
24.10.2016  20:48                46 WB.CFG
28.08.2013  00:20    <DIR>          WinBatch
02.02.2013  21:24    <DIR>          WinRAR
              2 Datei(en),          1.124 Bytes
              34 Verzeichnis(se), 986.665.103.360 Bytes frei

========= Ende von CMD: =========


========= dir "%LocalAppdata%" =========

 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 5073-77D9

 Verzeichnis von C:\Users\Admin\AppData\Local

04.01.2019  23:37    <DIR>          .
04.01.2019  23:37    <DIR>          ..
03.07.2015  06:56    <DIR>          Adobe
16.10.2017  20:20    <DIR>          Amazon Music
16.12.2018  18:05    <DIR>          AMD
24.10.2016  19:20    <DIR>          AppEx Networks
25.10.2016  21:30    <DIR>          ATI
04.01.2019  23:37    <DIR>          AVAST Software
16.12.2018  18:05    <DIR>          Buhl
18.05.2014  14:26    <DIR>          Buhl Data Service
13.12.2015  15:04    <DIR>          CEF
12.01.2014  12:57    <DIR>          Cyberlink SoftDMA
16.02.2013  22:52    <DIR>          ElevatedDiagnostics
22.08.2014  16:19    <DIR>          Google
04.03.2013  01:50    <DIR>          Macromedia
04.01.2019  23:37    <DIR>          mbamtray
01.01.2014  21:03    <DIR>          MediaServer
25.10.2016  19:45    <DIR>          Microsoft
15.04.2013  16:28    <DIR>          Microsoft Help
15.04.2013  17:01    <DIR>          MiKTeX
12.01.2014  12:55    <DIR>          Mozilla
14.12.2018  16:08    <DIR>          Notepad++
03.07.2017  08:49    <DIR>          Origin
25.10.2016  18:57    <DIR>          Packages
14.09.2014  16:48    <DIR>          Programs
03.06.2013  15:18            1.244 recently-used.xbel
24.10.2016  19:54    <DIR>          Steam
05.01.2019  14:21    <DIR>          Temp
13.12.2015  15:04    <DIR>          Ubisoft Game Launcher
30.12.2012  06:19    <DIR>          VirtualStore
16.12.2018  18:05    <DIR>          wmain19
              1 Datei(en),          1.244 Bytes
              30 Verzeichnis(se), 986.665.037.824 Bytes frei

========= Ende von CMD: =========


========= dir "%CommonProgramFiles(x86)%" =========

 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 5073-77D9

 Verzeichnis von C:\Program Files (x86)\Common Files

25.10.2016  19:50    <DIR>          .
25.10.2016  19:50    <DIR>          ..
15.04.2013  16:02    <DIR>          Adobe
13.04.2017  20:22    <DIR>          AV
22.07.2014  17:01    <DIR>          Blizzard Entertainment
28.08.2013  00:21    <DIR>          InstallShield
22.08.2014  16:22    <DIR>          Java
24.10.2016  22:21    <DIR>          Microsoft Shared
22.08.2013  16:36    <DIR>          Services
24.10.2016  19:30    <DIR>          Skype
30.11.2018  10:19    <DIR>          Steam
24.10.2016  22:25    <DIR>          System
              0 Datei(en),              0 Bytes
              12 Verzeichnis(se), 986.664.968.192 Bytes frei

========= Ende von CMD: =========


========= dir "%CommonProgramW6432%" =========

 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 5073-77D9

 Verzeichnis von C:\Program Files\Common Files

08.12.2017  18:43    <DIR>          .
08.12.2017  18:43    <DIR>          ..
25.10.2016  21:01    <DIR>          ATI Technologies
12.06.2018  22:30    <DIR>          AV
08.12.2017  18:43    <DIR>          avast software
29.05.2014  22:52    <DIR>          DESIGNER
12.07.2018  23:23    <DIR>          microsoft shared
22.08.2013  16:36    <DIR>          Services
13.04.2017  17:07    <DIR>          System
              0 Datei(en),              0 Bytes
              9 Verzeichnis(se), 986.664.906.752 Bytes frei

========= Ende von CMD: =========


========= dir "%UserProfile%" =========

 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 5073-77D9

 Verzeichnis von C:\Users\Admin

30.06.2018  08:08    <DIR>          .
30.06.2018  08:08    <DIR>          ..
19.06.2014  21:17    <DIR>          .android
03.07.2017  08:49    <DIR>          .Origin
03.07.2017  08:49    <DIR>          .QtWebEngineProcess
04.01.2019  22:10    <DIR>          Contacts
05.01.2019  14:23    <DIR>          Desktop
04.01.2019  22:10    <DIR>          Documents
04.01.2019  22:10    <DIR>          Downloads
04.01.2019  22:10    <DIR>          Favorites
03.06.2013  15:01            11.163 gsview64.ini
04.01.2019  22:10    <DIR>          Links
04.01.2019  22:10    <DIR>          Music
04.01.2019  22:10    <DIR>          Pictures
04.01.2019  22:10    <DIR>          Saved Games
04.01.2019  22:10    <DIR>          Searches
22.08.2014  16:19    <DIR>          Tracing
04.01.2019  22:10    <DIR>          Videos
              1 Datei(en),        11.163 Bytes
              17 Verzeichnis(se), 986.664.853.504 Bytes frei

========= Ende von CMD: =========


========= dir "C:\" =========

 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 5073-77D9

 Verzeichnis von C:\

13.08.2015  09:07    <DIR>          18355ca080e941cf57
12.11.2015  16:54    <DIR>          32d823889cc5995892e433
31.07.2015  21:43    <DIR>          5be9ce3891a76cf91bdcd56c
13.03.2016  19:47    <DIR>          a01938e1b666fbf35c
11.12.2015  22:13    <DIR>          aafaf5bf79b40fb61ac3bd
25.09.2016  13:47    <DIR>          adb
03.06.2013  11:27    <DIR>          ado
04.01.2019  23:08    <DIR>          AdwCleaner
13.04.2014  20:02    <DIR>          alipay
25.10.2016  21:28    <DIR>          AMD
15.04.2013  16:39    <DIR>          BcmSqlSetup
28.12.2017  20:49    <DIR>          Dateien
05.01.2019  14:24    <DIR>          FRST
02.11.2015  11:28              383 ftconfig.ini
05.08.2014  21:39    <DIR>          Games
29.05.2014  22:19    <DIR>          history
22.08.2013  16:22    <DIR>          PerfLogs
04.01.2019  23:16    <DIR>          Program Files
04.01.2019  23:37    <DIR>          Program Files (x86)
24.10.2016  22:11    <DIR>          Recovery
30.04.2013  21:24    <DIR>          sources
22.08.2014  16:09    <DIR>          Sun
22.04.2017  06:56    <DIR>          temp
19.01.2014  11:34                0 tempsetup.exe
24.10.2016  22:21    <DIR>          Users
04.01.2019  23:39    <DIR>          Windows
17.01.2015  09:41    <DIR>          Xiaomi
              2 Datei(en),            383 Bytes
              25 Verzeichnis(se), 986.664.771.584 Bytes frei

========= Ende von CMD: =========


========= dir "%systemprofile%\users" =========

Das System kann die angegebene Datei nicht finden.

========= Ende von CMD: =========


========= dir /AH "%SYSTEMDRIVE%\users" =========

 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 5073-77D9

 Verzeichnis von C:\users

22.08.2013  15:45    <SYMLINKD>    All Users [C:\ProgramData]
24.10.2016  22:38    <DIR>          Default
22.08.2013  15:45    <JUNCTION>    Default User [C:\Users\Default]
22.08.2013  16:34              174 desktop.ini
              1 Datei(en),            174 Bytes
              3 Verzeichnis(se), 986.664.640.512 Bytes frei

========= Ende von CMD: =========

================== ExportKey: ===================

[HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions]
[HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Extensions]
[HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths]
[HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes]
[HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\TemporaryPaths]

=== Ende von ExportKey ===

========= ipconfig /flushdns =========


Windows-IP-Konfiguration

Der DNS-Aufl”sungscache wurde geleert.

========= Ende von CMD: =========


========= netsh winsock reset =========


Der Winsock-Katalog wurde zurckgesetzt.
Sie mssen den Computer neu starten, um den Vorgang abzuschlieáen.


========= Ende von CMD: =========


========= RemoveProxy: =========

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => erfolgreich entfernt
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => erfolgreich entfernt
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => erfolgreich entfernt
"HKU\S-1-5-21-1220723716-4126832292-3965305388-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => erfolgreich entfernt
"HKU\S-1-5-21-1220723716-4126832292-3965305388-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => erfolgreich entfernt
"HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => erfolgreich entfernt
"HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => erfolgreich entfernt
"HKU\S-1-5-21-1220723716-4126832292-3965305388-1115\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => erfolgreich entfernt
"HKU\S-1-5-21-1220723716-4126832292-3965305388-1115\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => erfolgreich entfernt


========= Ende von RemoveProxy: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5292977 B
Java, Flash, Steam htmlcache => 28781681 B
Windows/system/drivers => 460660 B
Edge => 0 B
Chrome => 0 B
Firefox => 20912385 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 16082 B
NetworkService => 0 B
Admin => 13100845 B
Fee-Jonas => 10840631 B
Dirk => 32342 B

RecycleBin => 0 B
EmptyTemp: => 83.8 MB temporäre Dateien entfernt.

================================


Das System musste neu gestartet werden.

==== Ende von Fixlog 14:24:16 ====

M-K-D-B 06.01.2019 14:04
Servus,





Hinweis: Der Suchlauf mit ESET kann länger ( >> 2 Stunden) dauern.





Schritt 1
  • Kopiere den gesamten Inhalt der folgenden Code-Box:
    Code:
    Start::
    DeleteKey: HKEY_USERS\S-1-5-21-1220723716-4126832292-3965305388-1001\Software\Astromenda Browser
    DeleteKey: HKEY_USERS\S-1-5-21-1220723716-4126832292-3965305388-1001\Software\Classes\AstromendaHTML.SGL7CS2EH4SH4GVUGU6GZPH6
    DeleteValue: HKEY_USERS\S-1-5-21-1220723716-4126832292-3965305388-1001\Software\Classes\.htm\OpenWithProgids|AstromendaHTML.SGL7CS2EH4SH4GVUGU6GZPH6
    DeleteValue: HKEY_USERS\S-1-5-21-1220723716-4126832292-3965305388-1001\Software\Classes\.html\OpenWithProgids|AstromendaHTML.SGL7CS2EH4SH4GVUGU6GZPH6
    DeleteValue: HKEY_USERS\S-1-5-21-1220723716-4126832292-3965305388-1001\Software\Classes\.shtml\OpenWithProgids|AstromendaHTML.SGL7CS2EH4SH4GVUGU6GZPH6
    DeleteValue: HKEY_USERS\S-1-5-21-1220723716-4126832292-3965305388-1001\Software\Classes\.webp\OpenWithProgids|AstromendaHTML.SGL7CS2EH4SH4GVUGU6GZPH6
    DeleteValue: HKEY_USERS\S-1-5-21-1220723716-4126832292-3965305388-1001\Software\Classes\.xht\OpenWithProgids|AstromendaHTML.SGL7CS2EH4SH4GVUGU6GZPH6
    DeleteValue: HKEY_USERS\S-1-5-21-1220723716-4126832292-3965305388-1001\Software\Classes\.xhtml\OpenWithProgids|AstromendaHTML.SGL7CS2EH4SH4GVUGU6GZPH6
    Reboot:
    End::
  • Starte nun FRST und klicke direkt den Entfernen Button. Wichtig: Du brauchst den Inhalt der Code-Box nirgends einfügen, da sich FRST den Code aus der Zwischenablage holt!
  • Das Tool führt die gewünschten Schritte aus und erstellt eine fixlog.txt im selben Verzeichnis, in dem sich die FRST/FRST64.exe befindet.
  • Gegebenenfalls muss dein Rechner dafür neu gestartet werden.
  • Poste mir den Inhalt der fixlog.txt mit deiner nächsten Antwort.







Schritt 2
Bitte lade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro 32-Bit | HitmanPro 64-Bit
  • Starte die HitmanPro.exe.
  • Klicke auf Einstellungen.
  • Entferne den Haken bei Nach Tracking-Cookies suchen und bestätige mit OK.
  • Klicke auf Weiter.
  • Akzeptiere die Lizenzbedingungen und klicke auf Weiter.
  • Wähle Nein, ich möchte nur einen Einmalscan zur Überprüfung des Computers ausführen.
  • Entferne den Haken bei Bitte informieren Sie mich per E-Mail... und klicke auf Weiter.
  • Sobald der Scan beendet wurde, NICHTS löschen lassen, sondern wähle unten links auf der Button-Leiste Logdatei speichern.
  • Speichere die Logdatei auf deinem Desktop ab und schließe HitmanPro wieder.
  • Poste mir den Inhalt der Logdatei mit dieser nächsten Antwort.







Schritt 3
Downloade Dir bitte ESET Online Scanner (Bebilderte Anleitung)
  • Starte die Installationsdatei.
  • Klicke auf Erste Schritte und akzeptiere die Nutzungsbedingungen.
  • Klicke wiederrum auf Erste Schritte, wähle die empfohlenen Einstellungen aus und klicke auf Weiter.
  • Wähle einen Vollständigen Scan aus, aktiviere die Erkennung von potentiell unerwünschten Anwendungen und klicke auf Prüfung starten.
  • Zuerst werden die notwendigen Module und Signaturen heruntergeladen, anschließend startet der Suchlauf automatisch.
  • Klicke am Ende des Suchlaufs zuerst auf Weiter. Im Scan-Bericht werden gegebenenfalls die gefundenen Elemente aufgelistet, klicke hier auf Scan-Log speichern und speichere das Ergebnis als eset.txt auf deinem Desktop ab.
  • Klicke immer auf Weiter und beende ESET mit Ohne Feedback schließen.







Schritt 4
  • Starte die FRST.exe erneut. Vergewissere dich, dass vor Addition.txt ein Haken gesetzt ist und drücke auf Untersuchen.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.







http://www.trojaner-board.de/extra/lesestoff.pngGibt es jetzt noch Probleme mit dem PC oder mit deinen Internet Browsern? Wenn ja, welche?







Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die Logdatei von HitmanPro,
  • die Logdatei von ESET,
  • die beiden neuen Logdateien von FRST,
  • die Beantwortung der gestellten Fragen.

dirk_92 06.01.2019 22:41
Update
 
Hallo Matthias,

anbei die Ergebnisse der aktuellen Schritte:
1) Fixlog
Code:
Entfernungsergebnis von Farbar Recovery Scan Tool (x64) Version: 06.01.2019
durchgeführt von Admin (06-01-2019 19:32:32) Run:2
Gestartet von C:\Users\Admin\Desktop
Geladene Profile: Admin & Fee-Jonas (Verfügbare Profile: Admin & Fee-Jonas & Dirk)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
DeleteKey: HKEY_USERS\S-1-5-21-1220723716-4126832292-3965305388-1001\Software\Astromenda Browser
DeleteKey: HKEY_USERS\S-1-5-21-1220723716-4126832292-3965305388-1001\Software\Classes\AstromendaHTML.SGL7CS2EH4SH4GVUGU6GZPH6
DeleteValue: HKEY_USERS\S-1-5-21-1220723716-4126832292-3965305388-1001\Software\Classes\.htm\OpenWithProgids|AstromendaHTML.SGL7CS2EH4SH4GVUGU6GZPH6
DeleteValue: HKEY_USERS\S-1-5-21-1220723716-4126832292-3965305388-1001\Software\Classes\.html\OpenWithProgids|AstromendaHTML.SGL7CS2EH4SH4GVUGU6GZPH6
DeleteValue: HKEY_USERS\S-1-5-21-1220723716-4126832292-3965305388-1001\Software\Classes\.shtml\OpenWithProgids|AstromendaHTML.SGL7CS2EH4SH4GVUGU6GZPH6
DeleteValue: HKEY_USERS\S-1-5-21-1220723716-4126832292-3965305388-1001\Software\Classes\.webp\OpenWithProgids|AstromendaHTML.SGL7CS2EH4SH4GVUGU6GZPH6
DeleteValue: HKEY_USERS\S-1-5-21-1220723716-4126832292-3965305388-1001\Software\Classes\.xht\OpenWithProgids|AstromendaHTML.SGL7CS2EH4SH4GVUGU6GZPH6
DeleteValue: HKEY_USERS\S-1-5-21-1220723716-4126832292-3965305388-1001\Software\Classes\.xhtml\OpenWithProgids|AstromendaHTML.SGL7CS2EH4SH4GVUGU6GZPH6
Reboot:

*****************

HKEY_USERS\S-1-5-21-1220723716-4126832292-3965305388-1001\Software\Astromenda Browser => erfolgreich entfernt
HKEY_USERS\S-1-5-21-1220723716-4126832292-3965305388-1001\Software\Classes\AstromendaHTML.SGL7CS2EH4SH4GVUGU6GZPH6 => erfolgreich entfernt
"HKEY_USERS\S-1-5-21-1220723716-4126832292-3965305388-1001\Software\Classes\.htm\OpenWithProgids\\AstromendaHTML.SGL7CS2EH4SH4GVUGU6GZPH6" => erfolgreich entfernt
"HKEY_USERS\S-1-5-21-1220723716-4126832292-3965305388-1001\Software\Classes\.html\OpenWithProgids\\AstromendaHTML.SGL7CS2EH4SH4GVUGU6GZPH6" => erfolgreich entfernt
"HKEY_USERS\S-1-5-21-1220723716-4126832292-3965305388-1001\Software\Classes\.shtml\OpenWithProgids\\AstromendaHTML.SGL7CS2EH4SH4GVUGU6GZPH6" => erfolgreich entfernt
"HKEY_USERS\S-1-5-21-1220723716-4126832292-3965305388-1001\Software\Classes\.webp\OpenWithProgids\\AstromendaHTML.SGL7CS2EH4SH4GVUGU6GZPH6" => erfolgreich entfernt
"HKEY_USERS\S-1-5-21-1220723716-4126832292-3965305388-1001\Software\Classes\.xht\OpenWithProgids\\AstromendaHTML.SGL7CS2EH4SH4GVUGU6GZPH6" => erfolgreich entfernt
"HKEY_USERS\S-1-5-21-1220723716-4126832292-3965305388-1001\Software\Classes\.xhtml\OpenWithProgids\\AstromendaHTML.SGL7CS2EH4SH4GVUGU6GZPH6" => erfolgreich entfernt


Das System musste neu gestartet werden.

==== Ende von Fixlog 19:32:32 ====
2. HitmanPro

Code:

       
Code:

       
HitmanPro 3.8.0.295
www.hitmanpro.com

   Computer name . . . . : DJ
   Windows . . . . . . . : 6.3.0.9600.X64/4
   User name . . . . . . : DJ\Admin
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2019-01-06 19:37:19
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 8m 53s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 8

   Objects scanned . . . : 2.380.824
   Files scanned . . . . : 72.871
   Remnants scanned  . . : 939.751 files / 1.368.202 keys

Suspicious files ____________________________________________________________

   C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4SEMWURO\FRST64[1].exe
      Size . . . . . . . : 2.425.856 bytes
      Age  . . . . . . . : 0.0 days (2019-01-06 19:32:24)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 34C53F857EB4E3CA9F3AED1CC1EED81FE483F65601C0D29103C1217231547584
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -2.9s C:\Windows\System32\wdi\{9f41811a-0429-42aa-81b7-cfd4d968411f}\{c543856a-8fe9-4772-902f-ed03e95d5fc5}\
         -2.9s C:\Windows\System32\wdi\{9f41811a-0429-42aa-81b7-cfd4d968411f}\{c543856a-8fe9-4772-902f-ed03e95d5fc5}\snapshot.etl
         -2.8s C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6UWNS4YN\82[1].htm
         -2.5s C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4
         -2.5s C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4
         -1.4s C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220
         -1.4s C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220
         -0.7s C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6UWNS4YN\82[2].htm
         -0.7s C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\QPE3GFL1.txt
         -0.4s C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9EC3B71635F8BA3FC68DE181A104A0EF_F6C39EF89D8A3A72327D8412589658B2
         -0.4s C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9EC3B71635F8BA3FC68DE181A104A0EF_F6C39EF89D8A3A72327D8412589658B2
         -0.3s C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\64DCC9872C5635B1B7891B30665E0558_5552C20A2631357820903FD38A8C0F9F
         -0.3s C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\64DCC9872C5635B1B7891B30665E0558_5552C20A2631357820903FD38A8C0F9F
          0.0s C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4SEMWURO\FRST64[1].exe
          0.0s C:\Users\Admin\Desktop\FRST64.exe
          0.6s C:\Users\Admin\Desktop\FRST-OlderVersion\
          4.9s C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\K78QIIF0\up64[1]
          8.4s C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.385.gthr
          8.4s C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.385.Crwl
         10.6s C:\FRST\Logs\Fixlog_06-01-2019 19.32.34.txt
         11.1s C:\Users\Fee-Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\ab7i6cer.default-1542570698166\sessionCheckpoints.json
         11.9s C:\Users\Fee-Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\ab7i6cer.default-1542570698166\prefs.js
         12.9s C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e1j5k7a3.default\datareporting\archived\2019-01\1546799557035.f08af99d-e54b-4f82-842e-adf8d22131b6.main.jsonlz4
         13.2s C:\Users\Fee-Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\ab7i6cer.default-1542570698166\datareporting\archived\2019-01\1546799557326.d28f8db0-b703-47b8-8e90-cc945dec5322.main.jsonlz4

   C:\Users\Admin\Desktop\FRST-OlderVersion\FRST64.exe
      Size . . . . . . . : 2.426.368 bytes
      Age  . . . . . . . : 1.9 days (2019-01-04 22:19:16)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 2555A6FE29C0A9107F6CF439CF6825A400A1FCE35C12241A94BF47DCEB8A335A
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.

   C:\Users\Admin\Desktop\FRST64.exe
      Size . . . . . . . : 2.425.856 bytes
      Age  . . . . . . . : 0.0 days (2019-01-06 19:32:24)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 34C53F857EB4E3CA9F3AED1CC1EED81FE483F65601C0D29103C1217231547584
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -2.9s C:\Windows\System32\wdi\{9f41811a-0429-42aa-81b7-cfd4d968411f}\{c543856a-8fe9-4772-902f-ed03e95d5fc5}\
         -2.9s C:\Windows\System32\wdi\{9f41811a-0429-42aa-81b7-cfd4d968411f}\{c543856a-8fe9-4772-902f-ed03e95d5fc5}\snapshot.etl
         -2.8s C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6UWNS4YN\82[1].htm
         -2.5s C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4
         -2.5s C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4
         -1.4s C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220
         -1.4s C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220
         -0.7s C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6UWNS4YN\82[2].htm
         -0.7s C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\QPE3GFL1.txt
         -0.4s C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9EC3B71635F8BA3FC68DE181A104A0EF_F6C39EF89D8A3A72327D8412589658B2
         -0.4s C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9EC3B71635F8BA3FC68DE181A104A0EF_F6C39EF89D8A3A72327D8412589658B2
         -0.3s C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\64DCC9872C5635B1B7891B30665E0558_5552C20A2631357820903FD38A8C0F9F
         -0.3s C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\64DCC9872C5635B1B7891B30665E0558_5552C20A2631357820903FD38A8C0F9F
         -0.0s C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4SEMWURO\FRST64[1].exe
          0.0s C:\Users\Admin\Desktop\FRST64.exe
          0.6s C:\Users\Admin\Desktop\FRST-OlderVersion\
          4.9s C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\K78QIIF0\up64[1]
          8.4s C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.385.gthr
          8.4s C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.385.Crwl
         10.6s C:\FRST\Logs\Fixlog_06-01-2019 19.32.34.txt
         11.1s C:\Users\Fee-Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\ab7i6cer.default-1542570698166\sessionCheckpoints.json
         11.9s C:\Users\Fee-Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\ab7i6cer.default-1542570698166\prefs.js
         12.9s C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e1j5k7a3.default\datareporting\archived\2019-01\1546799557035.f08af99d-e54b-4f82-842e-adf8d22131b6.main.jsonlz4
         13.2s C:\Users\Fee-Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\ab7i6cer.default-1542570698166\datareporting\archived\2019-01\1546799557326.d28f8db0-b703-47b8-8e90-cc945dec5322.main.jsonlz4

   C:\Users\Fee-Jonas\Desktop\FRST64.exe
      Size . . . . . . . : 2.426.368 bytes
      Age  . . . . . . . : 1.9 days (2019-01-04 22:01:13)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 2555A6FE29C0A9107F6CF439CF6825A400A1FCE35C12241A94BF47DCEB8A335A
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.


Potential Unwanted Programs _________________________________________________

   C:\Program Files\ReviverSoft\ (ReviverSoft)
   HKLM\SOFTWARE\Classes\Software.OneClickProcessLauncherMachine.1.0\ (BoxoreOU)
   HKLM\SOFTWARE\Classes\Software.OneClickProcessLauncherMachine\ (BoxoreOU)
   HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ (CertifiedToolbar)

3) Eset:
Der Report ist ja relativ unaussagekräftig, die gesäuberten Bedrohungen waren aber Dateien, die durch den adw cleaner in Quarantäne gepackt wurden und eine Windows-dll (? - bin mir nicht mehr 100% sicher).
Code:
06.01.2019 22:31:56
Geprüfte Dateien: 594273
Infizierte Dateien: 9
Gesäuberte Bedrohungen: 9
Prüfdauer gesamt 02:23:58
Prüfstatus: Abgeschlossen

dirk_92 06.01.2019 22:45
Update - Teil2
 
und hier noch die FRST:


FRST Logfile:
Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 06.01.2019
durchgeführt von Admin (Administrator) auf DJ (06-01-2019 22:34:13)
Gestartet von C:\Users\Admin\Desktop
Geladene Profile: Admin & Fee-Jonas & Dirk (Verfügbare Profile: Admin & Fee-Jonas & Dirk)
Platform: Windows 8.1 Pro (Update) (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Device Health\DhMachineSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Device Health\PluginManager\DhPluginMgr.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Microsoft Corporation) C:\Windows\System32\WirelessKB850NotificationService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.895\SSScheduler.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_ep64.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.895\SSScheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8029576 2016-10-17] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [261512 2019-01-04] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Communicator] => C:\Program Files (x86)\Microsoft Lync\communicator.exe [12120104 2017-08-15] (Microsoft Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [527864 2012-12-10] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58584 2017-05-30] (Raptr, Inc)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [261512 2019-01-04] (AVAST Software)
HKU\S-1-5-21-1220723716-4126832292-3965305388-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3113768 2018-12-04] (Electronic Arts)
HKU\S-1-5-21-1220723716-4126832292-3965305388-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18630056 2018-09-06] (Piriform Ltd)
HKU\S-1-5-21-1220723716-4126832292-3965305388-1001\...\Run: [AvastBrowserAutoLaunch_1088872FC4C2207C6D62AF0E8871CAAC] => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1827112 2018-12-04] (AVAST Software)
HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [912480 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3113768 2018-12-04] (Electronic Arts)
HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\...\Run: [Amazon Music] => C:\Users\Fee-Jonas\AppData\Local\Amazon Music\Amazon Music.exe [23183848 2017-09-19] (Amazon Services LLC)
HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\...\Run: [MiPhoneManager] => C:\Users\Fee-Jonas\AppData\Local\MiPhoneManager\main\MiPhoneHelper.exe [449464 2016-04-07] ()
HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\...\Run: [Amazon Music Helper] => C:\Users\Fee-Jonas\AppData\Local\Amazon Music\Amazon Music Helper.exe [3977704 2017-09-19] (Amazon Services LLC)
HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [49803112 2018-09-21] (Skype Technologies S.A.)
HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18630056 2018-09-06] (Piriform Ltd)
HKU\S-1-5-21-1220723716-4126832292-3965305388-1115\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-11-21] (Microsoft Corporation)
HKLM\...\Drivers32-x32: [vidc.VP60] => C:\Windows\SysWOW64\vp6vfw.dll [447752 2011-02-18] (On2.com)
HKLM\...\Drivers32-x32: [vidc.VP61] => C:\Windows\SysWOW64\vp6vfw.dll [447752 2011-02-18] (On2.com)
HKLM\...\Drivers32-x32: [msacm.l3codecp] => C:\Windows\SysWOW64\l3codecp.acm [186368 2014-11-21] (Fraunhofer Institut Integrierte Schaltungen IIS)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\70.1.973.110\Installer\chrmstp.exe [2019-01-04] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2018-12-13]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.895\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2014-05-18]
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
Startup: C:\Users\Fee-Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2016-12-21]
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2
Tcpip\..\Interfaces\{E84189D4-3B18-4181-AC1D-0B9941A551E5}: [DhcpNameServer] 192.168.0.1 192.168.0.2

Internet Explorer:
==================
HKU\S-1-5-21-1220723716-4126832292-3965305388-1115\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Lync\OCHelper.dll [2010-11-03] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-08-22] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-08-22] (Oracle Corporation)
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP5-14362/webex/ieatgpc.cab

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e1j5k7a3.default [2019-01-06]
FF Homepage: Mozilla\Firefox\Profiles\e1j5k7a3.default -> hxxps://startpage.com
FF NewTab: Mozilla\Firefox\Profiles\e1j5k7a3.default -> hxxps://startpage.com
FF Extension: (Avast Online Security) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e1j5k7a3.default\Extensions\wrc@avast.com.xpi [2019-01-04]
FF HKU\S-1-5-21-1220723716-4126832292-3965305388-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => nicht gefunden
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_101.dll [2018-12-06] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_101.dll [2018-12-06] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-08-22] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1220723716-4126832292-3965305388-1002: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2018-12-29] ()

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <nicht gefunden>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <nicht gefunden>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2016-10-17] (Advanced Micro Devices) [Datei ist nicht signiert]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [7834368 2019-01-04] (AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2019-01-04] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [357816 2019-01-04] (AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2019-01-04] (AVAST Software)
R2 DeviceHealth; C:\Program Files (x86)\Microsoft Device Health\DhMachineSvc.exe [196760 2015-01-30] (Microsoft Corporation)
R2 DeviceHealthPluginMgr; C:\Program Files (x86)\Microsoft Device Health\PluginManager\DhPluginMgr.exe [244376 2015-01-30] (Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.895\McCHSvc.exe [405392 2018-12-11] (McAfee, Inc.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2270528 2018-12-04] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3131208 2018-12-04] (Electronic Arts)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
R2 WirelessKB850NotificationService; C:\WINDOWS\system32\WirelessKB850NotificationService.exe [176632 2018-05-14] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 amdacpksd; C:\WINDOWS\system32\drivers\amdacpksd.sys [305544 2016-10-18] (Advanced Micro Devices)
R0 amdide64; C:\WINDOWS\System32\drivers\amdide64.sys [11944 2012-12-03] (Advanced Micro Devices Inc.)
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37304 2019-01-04] (AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [203488 2019-01-04] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [220688 2019-01-04] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [196264 2019-01-04] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswblog.sys [320888 2019-01-04] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [58160 2019-01-04] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [239808 2019-01-04] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46584 2019-01-04] (AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42488 2019-01-04] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [166472 2019-01-04] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111992 2019-01-04] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [88144 2019-01-04] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1034056 2019-01-04] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [474648 2019-01-04] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [218056 2019-01-04] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [380144 2019-01-04] (AVAST Software)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWB6.sys [118848 2016-08-09] (Advanced Micro Devices)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152688 2018-12-04] (Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198512 2019-01-04] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [126624 2019-01-06] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [72536 2019-01-06] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [261032 2019-01-06] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [113016 2019-01-06] (Malwarebytes)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 vpnva; C:\WINDOWS\system32\DRIVERS\vpnva64-6.sys [50128 2012-12-10] (Cisco Systems, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)
S2 APXACC; \SystemRoot\system32\DRIVERS\appexDrv.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2019-01-06 22:32 - 2019-01-06 22:32 - 000000302 _____ C:\Users\Admin\Desktop\eset.txt
2019-01-06 19:49 - 2019-01-06 19:49 - 000000000 ____D C:\Users\Admin\AppData\Local\ESET
2019-01-06 19:48 - 2019-01-06 19:48 - 007667832 _____ (ESET spol. s r.o.) C:\Users\Admin\Downloads\esetonlinescanner_deu.exe
2019-01-06 19:36 - 2019-01-06 19:47 - 000000000 ____D C:\ProgramData\HitmanPro
2019-01-06 19:36 - 2019-01-06 19:36 - 011576808 _____ (SurfRight B.V.) C:\Users\Admin\Downloads\HitmanPro_x64.exe
2019-01-06 19:34 - 2019-01-06 19:34 - 000261032 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-01-06 19:34 - 2019-01-06 19:34 - 000126624 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-01-06 19:34 - 2019-01-06 19:34 - 000113016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-01-06 19:34 - 2019-01-06 19:34 - 000072536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-01-06 19:32 - 2019-01-06 19:32 - 000000000 ____D C:\Users\Admin\Desktop\FRST-OlderVersion
2019-01-05 14:47 - 2019-01-04 23:36 - 000007926 _____ C:\Users\Admin\Desktop\mbam.txt
2019-01-05 14:43 - 2019-01-05 14:43 - 000075195 _____ C:\Users\Admin\Desktop\Addition_3.txt
2019-01-05 14:42 - 2019-01-06 22:34 - 000019760 _____ C:\Users\Admin\Desktop\FRST.txt
2019-01-05 14:42 - 2019-01-05 14:43 - 000037124 _____ C:\Users\Admin\Desktop\FRST_3.txt
2019-01-05 14:28 - 2019-01-05 14:40 - 000008982 _____ C:\Users\Admin\Desktop\Search.txt
2019-01-05 14:27 - 2019-01-06 19:36 - 000000000 ____D C:\Users\Admin\AppData\Local\CrashDumps
2019-01-05 14:23 - 2019-01-06 19:32 - 000002846 _____ C:\Users\Admin\Desktop\Fixlog.txt
2019-01-05 09:37 - 2019-01-05 09:37 - 000000000 ____D C:\Users\Fee-Jonas\AppData\Local\AVAST Software
2019-01-04 23:39 - 2019-01-04 23:39 - 000077267 _____ C:\Users\Admin\Desktop\Addition_mitte.txt
2019-01-04 23:38 - 2019-01-04 23:38 - 000002509 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2019-01-04 23:38 - 2019-01-04 23:38 - 000002474 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2019-01-04 23:37 - 2019-01-04 23:39 - 000039045 _____ C:\Users\Admin\Desktop\FRST_mitte.txt
2019-01-04 23:37 - 2019-01-04 23:37 - 000003586 _____ C:\WINDOWS\System32\Tasks\AvastUpdateTaskMachineUA
2019-01-04 23:37 - 2019-01-04 23:37 - 000003458 _____ C:\WINDOWS\System32\Tasks\AvastUpdateTaskMachineCore
2019-01-04 23:37 - 2019-01-04 23:37 - 000000000 ____D C:\Users\Admin\AppData\Local\mbamtray
2019-01-04 23:37 - 2019-01-04 23:37 - 000000000 ____D C:\Users\Admin\AppData\Local\AVAST Software
2019-01-04 23:37 - 2019-01-04 23:37 - 000000000 ____D C:\Program Files (x86)\AVAST Software
2019-01-04 23:36 - 2019-01-04 23:36 - 000007926 _____ C:\Users\Fee-Jonas\Desktop\mbam.txt
2019-01-04 23:17 - 2019-01-04 23:17 - 000000000 ____D C:\Users\Fee-Jonas\AppData\Local\mbam
2019-01-04 23:16 - 2019-01-04 23:16 - 000198512 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-01-04 23:16 - 2019-01-04 23:16 - 000001883 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-01-04 23:16 - 2019-01-04 23:16 - 000000000 ____D C:\Users\Fee-Jonas\AppData\Local\mbamtray
2019-01-04 23:16 - 2019-01-04 23:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-01-04 23:16 - 2019-01-04 23:16 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-01-04 23:16 - 2019-01-04 23:16 - 000000000 ____D C:\Program Files\Malwarebytes
2019-01-04 23:16 - 2018-12-04 08:09 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-01-04 23:15 - 2019-01-04 23:16 - 081227760 _____ (Malwarebytes ) C:\Users\Fee-Jonas\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.508-1.0.8211.exe
2019-01-04 23:13 - 2019-01-04 23:13 - 000009665 _____ C:\Users\Admin\Desktop\AdwCleaner[C00].txt
2019-01-04 23:07 - 2019-01-04 23:08 - 000000000 ____D C:\AdwCleaner
2019-01-04 23:06 - 2019-01-04 23:03 - 007320272 _____ (Malwarebytes) C:\Users\Admin\Desktop\adwcleaner_7.2.6.0.exe
2019-01-04 23:03 - 2019-01-04 23:03 - 007320272 _____ (Malwarebytes) C:\Users\Fee-Jonas\Downloads\adwcleaner_7.2.6.0.exe
2019-01-04 22:21 - 2019-01-04 22:21 - 000074896 _____ C:\Users\Admin\Desktop\Addition_vorher.txt
2019-01-04 22:20 - 2019-01-04 22:21 - 000038315 _____ C:\Users\Admin\Desktop\FRST_vorher.txt
2019-01-04 22:19 - 2019-01-06 19:32 - 002425856 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2019-01-04 22:02 - 2019-01-04 22:03 - 000065511 _____ C:\Users\Fee-Jonas\Desktop\Addition.txt
2019-01-04 22:01 - 2019-01-06 22:34 - 000000000 ____D C:\FRST
2019-01-04 22:01 - 2019-01-04 22:03 - 000035312 _____ C:\Users\Fee-Jonas\Desktop\FRST.txt
2019-01-04 22:01 - 2019-01-04 22:01 - 002426368 _____ (Farbar) C:\Users\Fee-Jonas\Desktop\FRST64.exe
2019-01-04 21:51 - 2019-01-04 21:51 - 000361352 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2019-01-04 21:51 - 2019-01-04 21:50 - 000320888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswblog.sys
2019-01-04 21:51 - 2019-01-04 21:50 - 000220688 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2019-01-04 21:51 - 2019-01-04 21:50 - 000196264 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2019-01-04 21:51 - 2019-01-04 21:50 - 000058160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2019-01-04 21:51 - 2019-01-04 21:50 - 000037304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2018-12-28 00:30 - 2018-12-28 19:29 - 000000000 ____D C:\Users\Fee-Jonas\Documents\Shadow of the Tomb Raider
2018-12-28 00:30 - 2018-12-28 00:30 - 000000000 ____D C:\Users\Fee-Jonas\AppData\Roaming\Eidos Montreal
2018-12-28 00:30 - 2018-12-28 00:30 - 000000000 ____D C:\Users\Fee-Jonas\AppData\Local\NVIDIA Corporation
2018-12-20 13:53 - 2018-12-14 08:38 - 000790016 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-12-20 13:53 - 2018-12-14 07:33 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-12-16 18:05 - 2018-12-16 18:05 - 000002115 _____ C:\Users\Public\Desktop\WISO steuer Sparbuch 2019.lnk
2018-12-16 18:05 - 2018-12-16 18:05 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Buhl
2018-12-16 18:05 - 2018-12-16 18:05 - 000000000 ____D C:\Users\Admin\AppData\Local\wmain19
2018-12-16 18:05 - 2018-12-16 18:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO steuer Sparbuch 2019
2018-12-14 16:08 - 2018-12-14 16:08 - 000001047 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2018-12-14 16:08 - 2018-12-14 16:08 - 000000000 ____D C:\Users\Fee-Jonas\AppData\Local\Notepad++
2018-12-14 16:08 - 2018-12-14 16:08 - 000000000 ____D C:\Users\Admin\AppData\Local\Notepad++
2018-12-14 11:06 - 2018-11-28 10:39 - 004168704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2018-12-14 11:06 - 2018-11-28 09:08 - 015441408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-12-14 11:06 - 2018-11-28 09:04 - 013322240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-12-14 11:06 - 2018-11-15 04:00 - 025735680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-12-14 11:06 - 2018-11-15 03:34 - 020281856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-12-14 11:06 - 2018-11-15 02:51 - 000498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-12-14 11:06 - 2018-11-15 02:50 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-12-14 11:06 - 2018-11-13 05:35 - 005778944 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-12-14 11:06 - 2018-11-13 05:00 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-12-14 11:06 - 2018-11-13 04:52 - 000809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-12-14 11:06 - 2018-11-13 04:51 - 015284736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-12-14 11:06 - 2018-11-13 04:43 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-12-14 11:06 - 2018-11-13 04:42 - 004494848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-12-14 11:06 - 2018-11-13 04:38 - 013681152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-12-14 11:06 - 2018-11-13 04:38 - 004859904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-12-14 11:06 - 2018-11-13 04:37 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-12-14 11:06 - 2018-11-13 04:27 - 001555968 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-12-14 11:06 - 2018-11-13 04:18 - 004386816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-12-14 11:06 - 2018-11-13 04:16 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-12-14 11:06 - 2018-11-13 04:15 - 001330176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-12-14 11:06 - 2018-11-13 04:14 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-12-14 11:06 - 2018-11-10 20:42 - 001368584 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2018-12-14 11:06 - 2018-11-10 20:36 - 007371720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-12-14 11:06 - 2018-11-10 20:25 - 000121288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2018-12-14 11:06 - 2018-11-10 19:54 - 001308456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-12-14 11:06 - 2018-11-10 19:53 - 000356088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-12-14 11:06 - 2018-11-10 17:34 - 001754112 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2018-12-14 11:06 - 2018-11-10 17:25 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2018-12-14 11:06 - 2018-11-10 17:22 - 000747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-12-14 11:06 - 2018-11-10 17:15 - 001491968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2018-12-14 11:06 - 2018-11-03 19:28 - 002532344 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-12-14 11:06 - 2018-11-03 18:41 - 001903456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-12-14 11:06 - 2018-11-03 16:25 - 002348032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-12-14 11:06 - 2018-11-03 16:11 - 001556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-12-14 11:06 - 2018-10-06 17:43 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-12-14 11:06 - 2018-10-06 17:13 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-12-14 11:06 - 2018-10-05 18:06 - 001200640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2018-12-14 11:06 - 2018-10-05 18:06 - 000323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2018-12-14 11:06 - 2018-10-05 17:20 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2018-12-14 11:06 - 2018-10-05 17:20 - 000200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2018-12-14 11:06 - 2018-10-05 16:18 - 000513376 _____ C:\WINDOWS\SysWOW64\locale.nls
2018-12-14 11:06 - 2018-10-05 16:18 - 000513376 _____ C:\WINDOWS\system32\locale.nls
2018-12-13 11:42 - 2018-12-13 11:42 - 000001980 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2018-12-13 11:42 - 2018-12-13 11:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2018-12-13 11:41 - 2018-12-27 17:03 - 000000000 ____D C:\ProgramData\McAfee Security Scan
2018-12-09 07:24 - 2019-01-03 22:37 - 000000000 ____D C:\Users\Fee-Jonas\AppData\Local\CrashDumps

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2019-01-06 22:31 - 2012-12-30 06:25 - 000003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1220723716-4126832292-3965305388-1001
2019-01-06 22:30 - 2016-06-11 20:12 - 000000000 ____D C:\Users\Fee-Jonas\AppData\Roaming\Factorio
2019-01-06 22:30 - 2015-02-14 07:54 - 000000476 _____ C:\WINDOWS\Tasks\微软设备健康助手设备检查.job
2019-01-06 22:16 - 2018-09-06 17:06 - 000003870 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-01-06 22:16 - 2017-08-13 07:26 - 000002778 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2019-01-06 22:16 - 2016-10-25 21:21 - 000004238 _____ C:\WINDOWS\System32\Tasks\AMD Updater
2019-01-06 22:16 - 2016-10-25 18:55 - 000003906 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{BCFF598A-9863-4AE8-8D7E-FDDA574760FE}
2019-01-06 22:16 - 2016-10-24 22:54 - 000003922 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{83FB303E-983C-49AF-9DF9-B4C660AC815C}
2019-01-06 22:16 - 2015-12-03 17:40 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2019-01-06 22:16 - 2015-02-14 07:54 - 000003386 _____ C:\WINDOWS\System32\Tasks\微软设备健康助手设备检查
2019-01-06 22:16 - 2014-11-14 22:14 - 000002790 _____ C:\WINDOWS\System32\Tasks\微软设备健康助手开机检测
2019-01-06 22:16 - 2014-11-14 22:14 - 000000454 _____ C:\WINDOWS\Tasks\微软设备健康助手开机检测.job
2019-01-06 22:16 - 2014-08-11 20:22 - 000003380 _____ C:\WINDOWS\System32\Tasks\微软设备健康助手自动更新
2019-01-06 22:16 - 2014-08-11 20:22 - 000000470 _____ C:\WINDOWS\Tasks\微软设备健康助手自动更新.job
2019-01-06 22:16 - 2014-01-12 13:04 - 000003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1220723716-4126832292-3965305388-1115
2019-01-06 22:16 - 2012-12-29 23:48 - 000004342 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2019-01-06 21:03 - 2013-12-28 13:55 - 000000000 ____D C:\Program Files (x86)\Steam
2019-01-06 20:08 - 2016-11-18 21:36 - 000000000 ____D C:\Users\Fee-Jonas\AppData\LocalLow\Mozilla
2019-01-06 19:53 - 2015-11-28 00:27 - 000000000 ____D C:\Users\Fee-Jonas\AppData\Roaming\Raptr
2019-01-06 19:35 - 2017-08-13 07:23 - 000000000 ____D C:\Users\Admin\AppData\LocalLow\Mozilla
2019-01-06 19:35 - 2015-11-28 00:24 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Raptr
2019-01-06 19:33 - 2015-11-28 00:44 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2019-01-06 19:33 - 2013-08-22 15:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-01-05 14:37 - 2016-10-25 21:00 - 000000000 ____D C:\Program Files\AMD
2019-01-05 14:24 - 2013-04-15 21:32 - 000000000 ____D C:\Users\Fee-Jonas\AppData\LocalLow\Temp
2019-01-04 23:40 - 2013-03-03 23:09 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Mozilla
2019-01-04 23:28 - 2013-08-22 14:25 - 000524288 ___SH C:\WINDOWS\system32\config\BBI
2019-01-04 23:22 - 2013-08-22 16:36 - 000000000 ___HD C:\Program Files\WindowsApps
2019-01-04 23:22 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-01-04 22:21 - 2013-08-22 14:36 - 000000000 ____D C:\WINDOWS\Inf
2019-01-04 21:52 - 2017-04-22 06:43 - 000003910 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2019-01-04 21:51 - 2018-05-05 05:58 - 000239808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2019-01-04 21:51 - 2018-05-05 05:58 - 000203488 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2019-01-04 21:51 - 2016-03-28 23:42 - 000042488 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2019-01-04 21:51 - 2014-05-04 20:22 - 000046584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2019-01-04 21:51 - 2013-12-23 16:20 - 000218056 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2019-01-04 21:51 - 2013-04-11 21:56 - 000474648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2019-01-04 21:51 - 2013-04-11 21:56 - 000380144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2019-01-04 21:51 - 2013-04-11 21:56 - 000166472 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2019-01-04 21:51 - 2013-04-11 21:56 - 000111992 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2019-01-04 21:51 - 2013-04-11 21:56 - 000088144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2019-01-04 21:50 - 2013-04-11 21:56 - 001034056 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2019-01-04 14:18 - 2016-10-24 22:26 - 000433648 _____ C:\WINDOWS\system32\prfh0804.dat
2019-01-04 14:18 - 2016-10-24 22:26 - 000132582 _____ C:\WINDOWS\system32\prfc0804.dat
2019-01-04 14:18 - 2014-11-21 04:35 - 002335906 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-01-04 14:18 - 2014-11-21 03:45 - 000758136 _____ C:\WINDOWS\system32\perfh007.dat
2019-01-04 14:18 - 2014-11-21 03:45 - 000156398 _____ C:\WINDOWS\system32\perfc007.dat
2019-01-03 11:15 - 2013-07-22 18:37 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-12-30 00:07 - 2012-12-30 00:31 - 000000000 ____D C:\Users\Fee-Jonas\AppData\Local\Ubisoft Game Launcher
2018-12-20 14:38 - 2012-07-26 08:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-12-18 19:58 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\rescache
2018-12-18 18:47 - 2012-12-30 13:10 - 000000000 ____D C:\ProgramData\Origin
2018-12-18 18:47 - 2012-12-30 13:10 - 000000000 ____D C:\Program Files (x86)\Origin
2018-12-17 18:06 - 2012-12-30 06:29 - 000003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1220723716-4126832292-3965305388-1002
2018-12-16 18:05 - 2016-10-25 21:10 - 000000000 ____D C:\Users\Admin\AppData\Local\AMD
2018-12-16 18:05 - 2014-05-18 14:25 - 000000000 ____D C:\Users\Admin\AppData\Local\Buhl
2018-12-16 18:00 - 2014-05-18 14:23 - 000000000 ____D C:\Program Files (x86)\WISO
2018-12-16 18:00 - 2012-12-29 23:42 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-12-16 17:55 - 2014-05-18 14:22 - 000000000 ____D C:\ProgramData\Buhl Data Service GmbH
2018-12-16 15:31 - 2015-12-20 21:40 - 000000000 ____D C:\Users\Fee-Jonas\Documents\Paradox Interactive
2018-12-16 15:18 - 2016-11-17 20:52 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-12-16 15:18 - 2012-12-29 23:44 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-12-14 19:10 - 2012-12-29 23:44 - 000001077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-12-14 16:34 - 2013-08-22 15:44 - 000527816 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-12-14 16:08 - 2016-02-03 22:14 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Notepad++
2018-12-13 14:32 - 2012-12-29 23:38 - 137260640 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-12-13 14:27 - 2012-07-26 06:26 - 000000269 _____ C:\WINDOWS\win.ini
2018-12-13 11:42 - 2015-11-25 19:16 - 000000000 ____D C:\Program Files\McAfee Security Scan

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-04-13 12:58 - 2014-04-13 12:58 - 000001078 _____ () C:\Users\Admin\AppData\Roaming\base64.cer
2016-10-24 20:48 - 2016-10-24 20:48 - 000000046 _____ () C:\Users\Admin\AppData\Roaming\WB.CFG
2013-06-03 15:18 - 2013-06-03 15:18 - 000001244 _____ () C:\Users\Admin\AppData\Local\recently-used.xbel

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2019-01-06 22:31

==================== Ende von FRST.txt ============================
--- --- ---


und die dazugehörige addition.txt:

Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 06.01.2019
durchgeführt von Admin (06-01-2019 22:35:08)
Gestartet von C:\Users\Admin\Desktop
Windows 8.1 Pro (Update) (X64) (2016-10-24 21:38:50)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Admin (S-1-5-21-1220723716-4126832292-3965305388-1001 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-1220723716-4126832292-3965305388-500 - Administrator - Disabled)
Dirk (S-1-5-21-1220723716-4126832292-3965305388-1115 - Limited - Enabled) => C:\Users\Dirk
Fee-Jonas (S-1-5-21-1220723716-4126832292-3965305388-1002 - Limited - Enabled) => C:\Users\Fee-Jonas
Gast (S-1-5-21-1220723716-4126832292-3965305388-501 - Limited - Disabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
ACP Application (HKLM\...\{7887FB96-80EA-BDAE-A5E4-A9C8C3ED7093}) (Version: 2016.1017.2209.52 - Advanced Micro Devices, Inc.) Hidden
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.101 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\...\Amazon Amazon Music) (Version: 6.0.1.1166 - Amazon Services LLC)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
Angry Birds (HKLM-x32\...\{A353543A-B1EB-48E1-A719-A88A68BFA555}) (Version: 4.0.0 - Rovio Entertainment Ltd.)
Angry Birds (HKLM-x32\...\{DE96EDE7-7D0A-49D7-9C11-121BA91F84E0}) (Version: 3.3.0 - Rovio Entertainment Ltd.)
ANNO 2070 (HKLM-x32\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.1.2360 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 70.1.973.110 - AVAST Software)
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.154.333 - AVAST Software) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Catalyst Control Center Next Localization BR (HKLM\...\{30BEC4F9-FB2F-3C5D-FBB4-B47DB23271C9}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{9B9E3989-EB86-7D86-39C8-64795A9F30D9}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{E8316EE7-97E5-80F1-B8BE-DDCC225244AC}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{8D9B427F-697E-D95F-059A-1E3E669998A1}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{9DE7A3B1-4B80-8F11-1A0B-F92CC2B06781}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{84035ED3-8E29-59E2-F648-8F07212078C8}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{2A3AE3B3-4E31-A203-8D27-655D950805C1}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{FC32D676-C95A-01BE-037E-98E0259094CC}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{362F7ED0-CC19-BDDE-F804-A718C49797E0}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{88F8B3EF-6947-A693-BEA6-D6A51466371F}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{A0FD84CD-6E95-7D76-2D96-7233B58D0ABD}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{C5A8698A-F510-5BF3-538C-6721D373D274}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{FCC2674A-94F1-A4ED-2CE1-FC2401E559CC}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{F65E03FF-F1ED-D59A-507A-F3D3F1AEED43}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{BB4D999E-5199-D422-0B07-015E97E0E0A0}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{98E1DA10-0656-3266-C88E-1E2F49E9FE19}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{F8082754-11C3-F178-08BD-0F91E89C14C6}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{E3884E2A-224E-8238-EC3F-8F2850D5A1FF}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{BE4FCA73-4411-6FA9-DFA9-B29A8F1E4B36}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{8A63B449-330C-CE77-3D2C-1BC6FA9CD511}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{EC463366-E74D-2630-72D9-74228C2190D9}) (Version: 2016.1017.2223.38477 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.0.11042 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{4B3AF51F-830F-409F-AE05-FB67040C90B6}) (Version: 3.0.11042 - Cisco Systems, Inc.) Hidden
Cisco WebEx Meetings (HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Die Siedler 7 (HKLM-x32\...\{63860309-DA8A-4BAE-9EAE-CE1D6D79340C}) (Version: 1.12.1396 - Ubisoft)
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.69.43.024017 - Electronic Arts Inc.)
Die Sims™ 3 70er, 80er & 90er Accessoires (HKLM-x32\...\{E1868CAE-E3B9-4099-8C18-AA8944D336FD}) (Version: 17.0.77 - Electronic Arts)
Die Sims™ 3 Design-Garten-Accessoires (HKLM-x32\...\{117B6BF6-82C3-420C-B284-9247C8568E53}) (Version: 7.3.2 - Electronic Arts)
Die Sims™ 3 Diesel Accessoires (HKLM-x32\...\{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}) (Version: 14.0.48 - Electronic Arts)
Die Sims™ 3 Einfach tierisch (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
Die Sims™ 3 Gib Gas-Accessoires (HKLM-x32\...\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}) (Version: 5.0.44 - Electronic Arts)
Die Sims™ 3 Inselparadies (HKLM-x32\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts)
Die Sims™ 3 Into the Future (HKLM-x32\...\{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}) (Version: 21.0.150 - Electronic Arts)
Die Sims™ 3 Jahreszeiten (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
Die Sims™ 3 Katy Perry Süße Welt (HKLM-x32\...\{9B2506E3-9A3F-45B5-96BF-509CAD584650}) (Version: 13.0.62 - Electronic Arts)
Die Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.5.1 - Electronic Arts)
Die Sims™ 3 Lebensfreude (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
Die Sims™ 3 Luxus-Accessoires (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.13.1 - Electronic Arts)
Die Sims™ 3 Reiseabenteuer (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
Die Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
Die Sims™ 3 Stadt-Accessoires (HKLM-x32\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)
Die Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
Die Sims™ 3 Traumkarrieren (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.10.1 - Electronic Arts)
Die Sims™ 3 Traumsuite-Accessoires (HKLM-x32\...\{08A25478-C5DD-4EA7-B168-3D687CA987FF}) (Version: 11.0.84 - Electronic Arts)
Die Sims™ 3 Wildes Studentenleben (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.44.83.1020 - Electronic Arts Inc.)
Extended Asian Language font pack for Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-A00000000004}) (Version: 11.0.0 - Adobe Systems Incorporated)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
Greenshot 1.1.5.2643 (HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\...\Greenshot_is1) (Version: 1.1.5.2643 - Greenshot)
GSview 5.0 (HKLM\...\GSview 5.0) (Version: 5.0 - Ghostgum Software Pty Ltd)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Inkscape 0.48.4 (HKLM-x32\...\Inkscape) (Version: 0.48.4 - )
JabRef 2.9.2 (HKLM-x32\...\JabRef 2.9.2) (Version: 2.9.2 - JabRef Team)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
KODAK Create@Home Software (für dm) (HKLM-x32\...\{398AC289-E8BE-4FC2-99B5-AC6DB0640FC7}) (Version: 9.1.0392 - Kodak Alaris Inc.)
Leisure Suit Larry Reloaded (HKLM-x32\...\{E58E79EB-96BC-4BC2-A0E7-9CC28ECF4E1A}) (Version: 1.0.0.0 - Replay Games Inc.)
Malwarebytes Version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.895.1 - McAfee, Inc.)
Microsoft Lync 2010 (HKLM\...\{58A013B1-1613-4978-881A-FCA43710C84A}) (Version: 4.0.7577.4540 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.11.25325 (HKLM-x32\...\{404c9c27-8377-4fd1-b607-7ca635db4e49}) (Version: 14.11.25325.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MiKTeX 2.9 (HKLM-x32\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mozilla Firefox 64.0 (x64 de) (HKLM\...\Mozilla Firefox 64.0 (x64 de)) (Version: 64.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 63.0.3 - Mozilla)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.9 - Notepad++ Team)
Origin (HKLM-x32\...\Origin) (Version: 10.5.32.18460 - Electronic Arts, Inc.)
PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio)
Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
R for Windows 3.0.0 (HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\...\R for Windows 3.0.0_is1) (Version: 3.0.0 - R Core Team)
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.10-r123135-release - Raptr, Inc)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.9 - Rockstar Games)
RollerCoaster Tycoon 2 Triple Thrill Pack (HKLM-x32\...\{4C5D15D2-5351-4F05-A96E-56C20554F977}) (Version: 1.00.000 - )
s3pe - Sims3 Package Editor (HKLM-x32\...\s3pe) (Version: 12-1225-1206 - Peter L Jones)
Secure Download Manager (HKLM-x32\...\{AA57D6F1-6360-4397-B2D9-B21C69863D97}) (Version: 3.1.0 - Kivuto Solutions Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.98.0213 - Electronic Arts)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype Version 8.31 (HKLM-x32\...\Skype_is1) (Version: 8.31 - Skype Technologies S.A.)
Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeXnicCenter Version 2.0 Beta 1 (HKLM\...\TeXnicCenter_is1) (Version: 2.0 Beta 1 - The TeXnicCenter Team)
Theme Hospital (HKLM-x32\...\{5118A4C2-C8A4-4CE5-AC37-F3E51C25402F}) (Version: 3.0.0.5 - Electronic Arts)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Uplay (HKLM-x32\...\Uplay) (Version: 14.0 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.21.0 (HKLM\...\VulkanRT1.0.21.0) (Version: 1.0.21.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0-10) (Version: 1.0.26.0 - LunarG, Inc.)
WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)
Windows-Treiberpaket - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WISO steuer:Sparbuch 2016 (HKLM-x32\...\{08459FDC-0106-4B93-AD0F-4111DA9C4FD3}) (Version: 23.00.1146 - Buhl Data Service GmbH)
WISO steuer:Sparbuch 2017 (HKLM-x32\...\{8B75DEB9-A7A3-4E7E-A80B-C982B8894E7F}) (Version: 24.05.1582 - Buhl Data Service GmbH)
WISO steuer:Sparbuch 2018 (HKLM-x32\...\{061BEF8E-5B59-45C6-A598-EDB81FC38AFB}) (Version: 25.03.1550 - Buhl Data Service GmbH)
WISO steuer:Sparbuch 2019 (HKLM-x32\...\{42E59B2F-EA74-4898-AACF-A62F7C90EEE2}) (Version: 26.00.1560 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{8FDA5FAB-BF29-4744-B9BD-9C3F9A26F0B6}) (Version: 21.00.8480 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2015 (HKLM-x32\...\{8A6497B9-EF0C-48F9-9D82-7EE4511FA6B4}) (Version: 22.08.9051 - Buhl Data Service GmbH)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)
小米助手 (HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\...\MiPhoneManager) (Version:  - 小米移动软件有限公司)
微软设备健康助手 (HKLM-x32\...\{2EAC4B0F-6E44-4FF6-AA5E-5D100F2BAA59}) (Version: 1.5.3.1 - Microsoft Corporation)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-04] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-04] (AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2011-04-18] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2015-04-15] ()
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-04] (AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-05] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-05] (Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-04] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2011-04-18] (Igor Pavlov)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2016-10-17] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-04] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-05] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-05] (Alexander Roshal)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {21B76B13-E78C-477A-9521-429FD3373732} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2019-01-04] (AVAST Software)
Task: {29BAEA52-F7C7-4A2E-94F9-4457AD0E5201} - System32\Tasks\微软设备健康助手设备检查 => C:\Program Files (x86)\Microsoft Device Health\PluginManager\DhPluginMgrScheduler.exe [2015-01-30] (Microsoft Corporation)
Task: {348188BD-B2FF-486F-847C-D14B5DEBAE16} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-09-06] (Piriform Ltd)
Task: {5A26CFFB-388F-4F96-9B9E-DD8AF02DDA56} - System32\Tasks\微软设备健康助手开机检测 => C:\Program Files (x86)\Microsoft Device Health\DhUpdate.exe [2015-01-30] (Microsoft Corporation)
Task: {7A986F2A-4B42-4A7E-9C90-0BD6BB8F3651} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2019-01-04] (AVAST Software)
Task: {853AEED7-EBAD-4FDC-824E-953303A9D6A0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-12-06] (Adobe Systems Incorporated)
Task: {AC885A5D-128A-4B56-88C9-01560593E036} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-09-06] (Piriform Ltd)
Task: {ACF07987-306C-4031-BFBC-04337D1AD8E8} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_101_Plugin.exe [2018-12-06] (Adobe Systems Incorporated)
Task: {BD8F20F8-0DCA-46DD-A2E0-D7ABC9DEED39} - System32\Tasks\微软设备健康助手自动更新 => C:\Program Files (x86)\Microsoft Device Health\DhUpdate.exe [2015-01-30] (Microsoft Corporation)
Task: {C7CA4FAB-E38D-4006-866A-D977E68E65E2} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2019-01-04] (AVAST Software)
Task: {D7616AB8-6967-47CE-BECD-AC3618293336} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-10-17] (Advanced Micro Devices, Inc.)
Task: {F799ABC8-7C43-427E-8AE1-FB4AECFDDC42} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe [2018-11-18] (AVAST Software)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\微软设备健康助手开机检测.job => C:\Program Files (x86)\Microsoft Device Health\DhUpdate.exe/EnableDHWORKGROUP\DJ$H此任务用于微软设备健康助手的状态检测和自我修复。了解更多请查阅hxxp:/support.microsoft.com
Task: C:\WINDOWS\Tasks\微软设备健康助手自动更新.job => C:\Program Files (x86)\Microsoft Device Health\DhUpdate.exeWORKGROUP\DJ$Z此服务属于微软设备健康助手用于获取最新的版本有助于提高设备健康度及保障支付安全。了解更多请查阅hxxp:/support.microsoft.com
Task: C:\WINDOWS\Tasks\微软设备健康助手设备检查.job => C:\Program Files (x86)\Microsoft Device Health\PluginManager\DhPluginMgrScheduler.exeWORKGROUP\DJ$C此任务用于微软设备健康助手的设备检查。了解更多请查阅hxxp:/support.microsoft.com

==================== Verknüpfungen & WMI ========================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)


==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2018-11-20 04:46 - 2018-11-20 04:46 - 004310296 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2019-01-04 23:16 - 2018-11-21 11:07 - 002842608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2019-01-04 23:16 - 2018-11-15 11:01 - 002712432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2016-09-14 02:20 - 2016-09-14 02:20 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-14 02:20 - 2016-09-14 02:20 - 000739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-14 02:20 - 2016-09-14 02:20 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-09-14 02:20 - 2016-09-14 02:20 - 000071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-14 02:20 - 2016-09-14 02:20 - 000011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-14 02:20 - 2016-09-14 02:20 - 002013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2019-01-04 21:51 - 2019-01-04 21:51 - 093695912 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2019-01-04 21:51 - 2019-01-04 21:51 - 000667016 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2015-05-08 02:37 - 2015-05-08 02:37 - 000087040 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_ctypes.pyd
2015-05-08 02:37 - 2015-05-08 02:37 - 000043008 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_socket.pyd
2015-05-08 02:37 - 2015-05-08 02:37 - 000805376 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_ssl.pyd
2015-05-08 02:39 - 2015-05-08 02:39 - 005812736 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtGui.pyd
2017-05-04 20:01 - 2017-05-04 20:01 - 000067584 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\sip.pyd
2015-05-08 02:39 - 2015-05-08 02:39 - 001662464 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtCore.pyd
2015-05-08 02:39 - 2015-05-08 02:39 - 000494592 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtNetwork.pyd
2015-05-08 02:39 - 2015-05-08 02:39 - 000096256 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32api.pyd
2015-05-08 02:38 - 2015-05-08 02:38 - 000110592 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pywintypes26.dll
2015-05-08 02:37 - 2015-05-08 02:37 - 000010240 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\select.pyd
2015-05-08 02:37 - 2015-05-08 02:37 - 000356864 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_hashlib.pyd
2015-05-08 02:39 - 2015-05-08 02:39 - 000036352 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32process.pyd
2015-05-08 02:39 - 2015-05-08 02:39 - 000111104 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32file.pyd
2015-05-08 02:37 - 2015-05-08 02:37 - 000044544 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_sqlite3.pyd
2015-05-08 02:49 - 2015-05-08 02:49 - 000417501 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\sqlite3.dll
2015-05-08 02:39 - 2015-05-08 02:39 - 000167936 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32gui.pyd
2015-05-08 02:39 - 2015-05-08 02:39 - 000313856 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtWebKit.pyd
2015-05-08 02:37 - 2015-05-08 02:37 - 000127488 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pyexpat.pyd
2015-05-08 02:37 - 2015-05-08 02:37 - 000009216 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\winsound.pyd
2015-11-13 22:59 - 2015-11-13 22:59 - 000113171 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libvlc.dll
2015-11-13 22:59 - 2015-11-13 22:59 - 002396691 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libvlccore.dll
2015-05-08 02:37 - 2015-05-08 02:37 - 000583680 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\unicodedata.pyd
2015-05-08 02:38 - 2015-05-08 02:38 - 000354304 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pythoncom26.dll
2015-05-08 02:38 - 2015-05-08 02:38 - 000263168 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32com.shell.shell.pyd
2015-05-08 02:39 - 2015-05-08 02:39 - 000141312 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\gobject._gobject.pyd
2017-05-04 18:33 - 2017-05-04 18:33 - 002717595 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\heliotrope._purple.pyd
2015-05-08 02:49 - 2015-05-08 02:49 - 001213633 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libxml2-2.dll
2015-05-08 02:55 - 2015-05-08 02:55 - 000055808 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\zlib1.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 000495680 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libaim.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 001183699 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\liboscar.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 000483306 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libicq.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 000655356 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libirc.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 001306387 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libmsn.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 000565461 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libxmpp.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 001640221 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libjabber.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 000506276 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libyahoo.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 001053730 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libymsg.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 000497782 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libyahoojp.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 000603326 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\ssl-nss.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 000474199 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\ssl.dll
2013-12-28 13:55 - 2018-10-30 19:06 - 000879904 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-20 20:48 - 2016-09-01 02:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2014-05-22 15:47 - 2018-11-26 21:29 - 002649376 _____ () C:\Program Files (x86)\Steam\video.dll
2015-01-20 20:48 - 2016-09-01 02:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-20 20:48 - 2016-09-01 02:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2017-12-16 08:34 - 2017-12-20 02:43 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll
2017-12-16 08:34 - 2017-12-20 02:43 - 000695584 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll
2017-12-16 08:34 - 2017-12-20 02:43 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll
2017-12-16 08:34 - 2017-12-20 02:43 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll
2017-12-16 08:34 - 2017-12-20 02:43 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll
2013-12-28 13:55 - 2018-11-26 21:29 - 001028384 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-14 19:33 - 2016-07-04 23:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2017-06-16 17:07 - 2018-10-30 19:06 - 000879904 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2016-12-12 19:39 - 2018-09-23 01:00 - 088009504 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-07-12 18:29 - 2018-09-23 01:00 - 002264352 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\swiftshader\libglesv2.dll
2017-07-12 18:29 - 2018-09-23 01:00 - 000124704 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\swiftshader\libegl.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData:BDSDRMHK [64]
AlternateDataStreams: C:\Users\All Users:BDSDRMHK [64]
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:BDSDRMHK [64]
AlternateDataStreams: C:\ProgramData\Application Data:BDSDRMHK [64]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-1220723716-4126832292-3965305388-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\...\localhost -> localhost

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2012-07-26 06:26 - 2019-01-05 14:23 - 000000035 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1220723716-4126832292-3965305388-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme2\img9.jpg
HKU\S-1-5-21-1220723716-4126832292-3965305388-1115\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme1\img2.jpg
DNS Servers: 192.168.0.1 - 192.168.0.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (Keine Datei)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.

HKLM\...\StartupApproved\StartupFolder: => "WISO Mein Steuer-Sparbuch heute.lnk"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "BingDesktop"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Communicator"
HKLM\...\StartupApproved\Run32: => "PowerDVD13Agent"
HKLM\...\StartupApproved\Run32: => "PlaysTV"
HKU\S-1-5-21-1220723716-4126832292-3965305388-1001\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\...\StartupApproved\Run: => "Amazon Music"
HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\...\StartupApproved\Run: => "MiPhoneManager"
HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\...\StartupApproved\Run: => "Amazon Music Helper"
HKU\S-1-5-21-1220723716-4126832292-3965305388-1002\...\StartupApproved\Run: => "Skype for Desktop"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{35C567F3-7CF1-40E9-89A3-31DB2F0F22D4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe (Firaxis Games)
FirewallRules: [{9B1CDE4D-46BB-40BD-ACCA-1FCC1DA7C2E8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe (Firaxis Games)
FirewallRules: [{4B85539D-04FF-4373-8389-93A64883293D}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe (Raptr, Inc)
FirewallRules: [{08A0A7E9-A27F-4F88-9DE1-DA2A2948CF9D}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe (Raptr, Inc)
FirewallRules: [{C2928E61-ADCE-4603-BEA9-986A8C202ED1}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe (Raptr, Inc)
FirewallRules: [{A3CC7995-FBBB-4162-8F12-F10A0FA8B125}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe (Raptr, Inc)
FirewallRules: [{46376749-B120-44FC-913A-EA065B71DD23}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Factorio\bin\x64\factorio.exe (Wube Software)
FirewallRules: [{849B267E-F9A0-47B1-87B7-21817D77BA4B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Factorio\bin\x64\factorio.exe (Wube Software)
FirewallRules: [{5BE81491-6998-4C34-9E64-EF92A27F2ADF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stardew Valley\Stardew Valley.exe (ConcernedApe)
FirewallRules: [{6FDF3ACA-8CF0-41E7-9DB0-4D0D7A397044}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stardew Valley\Stardew Valley.exe (ConcernedApe)
FirewallRules: [{A6BCAB39-747D-4D57-B164-8D599C351E6B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Europa Universalis IV\eu4.exe (Paradox Interactive)
FirewallRules: [{4F3ED3C0-90D8-4AC7-B724-675218A3923D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Europa Universalis IV\eu4.exe (Paradox Interactive)
FirewallRules: [{CA34D051-FD94-49C8-A2F4-DE0BA452C4EF}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts Inc.)
FirewallRules: [{8CD08CC4-BBA5-4A01-B924-65203713203D}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts Inc.)
FirewallRules: [{7BCA1CD4-A960-408A-A410-9AC94575425F}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe (Electronic Arts Inc.)
FirewallRules: [{D0EF42A2-2798-4C49-B1BE-144C457E88D6}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe (Electronic Arts Inc.)
FirewallRules: [UDP Query User{8EE7D225-6D80-4194-89DF-A150FFD5999E}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games)
FirewallRules: [TCP Query User{6F8569D3-D981-4D79-8C6A-095D5087F3AE}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games)
FirewallRules: [{B80B4D8F-E2F9-4DA4-8AAA-6EBFA82632F1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe (Rockstar Games)
FirewallRules: [{A9A4CEDD-0AC2-447B-988D-4B69A57B0875}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe (Rockstar Games)
FirewallRules: [{D5F5886E-1899-437F-8B87-DC8F9D3B8A66}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe (Kalloc Studios)
FirewallRules: [{E765B512-B8D4-4104-A0CD-F848EB1F6DA4}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe (Kalloc Studios)
FirewallRules: [{A7D7F089-AB99-4C55-AEA5-CBA6C2D2BC99}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V SDK\Sid Meier's Civilization V SDK.exe (Firaxis Games)
FirewallRules: [{A0F4EDE8-C2A9-4FE9-9291-A988196EA9CE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V SDK\Sid Meier's Civilization V SDK.exe (Firaxis Games)
FirewallRules: [{5180F337-DD43-4415-871B-8C980D3AEF16}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
FirewallRules: [{A0F27069-F03B-4121-A36A-D74A7E0678EC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
FirewallRules: [{2ABF4180-E2A2-40A2-B47D-B1054A159443}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{C0313060-1A1C-4784-BF6B-80A220C87559}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{98568E65-842B-4371-BE3E-DFEA03E61D8C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Rollercoaster Tycoon 2\rct2.exe ()
FirewallRules: [{69F3A20E-317C-4DB0-B9FB-B988F9374BA8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Rollercoaster Tycoon 2\rct2.exe ()
FirewallRules: [UDP Query User{59C4E3E5-70FC-4AEE-99B6-C815A020DB5D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [TCP Query User{69B1CE15-78E9-4353-8539-86F7BC0C889B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{BF91454A-EDE4-42FB-A813-1AA3F41B586F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{2EC79FDE-76CE-4DE0-AEB6-D2758D7E951D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{6AC96074-B814-45A7-8905-8A995EC46A28}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Majesty 2 Collection\M2Editor.exe (Paradox Interactive)
FirewallRules: [{E27A6668-454C-429D-916C-E0CFBAFDA894}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Majesty 2 Collection\M2Editor.exe (Paradox Interactive)
FirewallRules: [{B4DBA89C-B59C-423C-B142-8AC74987D6B2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Majesty 2 Collection\majesty2.exe (Paradox Interactive)
FirewallRules: [{C5892ABF-05F1-4857-8FC6-424ED98D75D3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Majesty 2 Collection\majesty2.exe (Paradox Interactive)
FirewallRules: [{8A48104C-352A-4FC2-932E-6595BD3EAEE5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe (Firaxis Games)
FirewallRules: [{49B1A5F7-94FE-434A-B558-65C879448A03}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe (Firaxis Games)
FirewallRules: [{794C7B5F-CA7E-439A-A8AB-297DE4708F81}] => (Allow) C:\games\world_of_tanks\wotlauncher.exe (Wargaming.net)
FirewallRules: [{36A68294-606C-46AA-AB53-89EDFBDA3963}] => (Allow) C:\games\world_of_tanks\wotlauncher.exe (Wargaming.net)
FirewallRules: [{1ED55816-E41F-43C2-A22E-A5DB1401E3C4}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe (Electronic Arts Inc.)
FirewallRules: [{A8E8F4B9-DE35-47B8-BF7A-117C10B2A801}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe (Electronic Arts Inc.)
FirewallRules: [UDP Query User{5F33D9D7-60F2-4E22-BA1C-59C61822D158}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe (Wargaming.net)
FirewallRules: [TCP Query User{9DD4BE5B-DDFE-4751-9C8D-4600C40EB6B7}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe (Wargaming.net)
FirewallRules: [UDP Query User{EC323057-C2D8-4165-A426-859EBE0B2BD2}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe (Wargaming.net)
FirewallRules: [TCP Query User{9C6801B4-699A-4C80-9B46-1F1A4C557CCA}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe (Wargaming.net)
FirewallRules: [{517AB619-62F3-434E-A709-902C2C445003}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe ()
FirewallRules: [{7C40BB27-9C05-4F72-81EF-630C8B223C0A}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe ()
FirewallRules: [UDP Query User{F6B506EB-3A67-4737-BA6F-15CD1F43D00F}C:\users\fee-jonas\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe] => (Allow) C:\users\fee-jonas\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe (深圳市迅雷网络技术有限公司)
FirewallRules: [TCP Query User{62067B4F-63AC-4156-A3D8-0225F927DB27}C:\users\fee-jonas\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe] => (Allow) C:\users\fee-jonas\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe (深圳市迅雷网络技术有限公司)
FirewallRules: [UDP Query User{2ADE8DB1-A6F0-4374-A72D-AF49ED685818}C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe (Firaxis Games)
FirewallRules: [TCP Query User{97AE8AB3-0709-41C0-8AD1-3A7B11AEE071}C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe (Firaxis Games)
FirewallRules: [{12011AD8-3027-435F-B83E-42523A317F08}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Broken Sword 5\BS5.exe ()
FirewallRules: [{86B3EE9D-0FCA-448C-AFDC-B3A4E33C7EAB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Broken Sword 5\BS5.exe ()
FirewallRules: [{D04ECCE2-6300-4D86-9275-1791D9A16909}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Child of Light\ChildofLight.exe (Ubisoft Entertainment)
FirewallRules: [{FA4B3C7E-175D-406D-9583-63958ED4058A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Child of Light\ChildofLight.exe (Ubisoft Entertainment)
FirewallRules: [{2B07A67C-93A1-4DA9-8742-FF7C90630F69}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Child of Light\ChildofLight.exe (Ubisoft Entertainment)
FirewallRules: [{8F60659D-F648-40C0-A6C5-3CC6AF18E177}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Child of Light\ChildofLight.exe (Ubisoft Entertainment)
FirewallRules: [{E8903BD4-DFC3-4C44-858A-5865B03C32C8}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe (Blizzard Entertainment)
FirewallRules: [{3505F9AC-29FF-4E02-837C-39F54416209A}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe (Blizzard Entertainment)
FirewallRules: [{0158AC7C-B0D4-4980-94BC-C99D3702A9B7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe (Blizzard Entertainment)
FirewallRules: [{5B7FC0E3-EF69-4777-A798-B3D0B8145BC7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe (Blizzard Entertainment)
FirewallRules: [{8B957F90-B01B-4CC1-B5F1-00B970A6CFA4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Banished\Application-steam-x64.exe ()
FirewallRules: [{1F872B3F-64D8-4603-89FB-6DE719E229D3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Banished\Application-steam-x64.exe ()
FirewallRules: [{95F6C533-BDD7-421A-8EE1-D0EF09320BB1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization III Complete\Conquests\Civ3Conquests.exe (© 2001-2004 Atari Inc.)
FirewallRules: [{D8391D95-77BC-4DE2-9AFE-DAED847D81D0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization III Complete\Conquests\Civ3Conquests.exe (© 2001-2004 Atari Inc.)
FirewallRules: [{E6E5D0E1-D522-4C4D-8D3F-572BA8A1EA23}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
FirewallRules: [{7BA32A37-35FE-4F92-AC54-DAF315441905}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
FirewallRules: [{77F6D77A-57E6-40F6-B43D-396572877D5F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Patrician III\Patrician3.exe ()
FirewallRules: [{8598849B-5692-44B1-A535-78F06DDC5860}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Patrician III\Patrician3.exe ()
FirewallRules: [{A51980E4-8EB7-48B8-8208-DFAC17790DCD}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
FirewallRules: [{A4903764-3E0B-4A45-9C36-11AC0DE3B404}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider\TombRaider.exe (Square Enix)
FirewallRules: [{F92D22E8-AE53-4965-BC69-5570AC7C2FAA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider\TombRaider.exe (Square Enix)
FirewallRules: [{6AAF5026-9A11-4C48-8370-F8A708A44D3E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider\TombRaider.exe (Square Enix)
FirewallRules: [{B27EB7EF-70C9-4B86-8276-35C629484CA5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider\TombRaider.exe (Square Enix)
FirewallRules: [{EE6DC100-0555-4055-A6EC-A0752D917554}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
FirewallRules: [{5090822F-3D48-4AC5-9A5D-BC5B831936D8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
FirewallRules: [{5E730218-813F-4B82-8E0E-900A04DD231E}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 2070\InitEngine.exe ()
FirewallRules: [{6FB6B92F-C350-4951-A646-104C0C9806EF}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 2070\InitEngine.exe ()
FirewallRules: [{0497AD3F-437A-46D0-8F64-48F16D32BBF6}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 2070\AutoPatcher.exe (Related Designs Software)
FirewallRules: [{E9AB5ACC-F372-4DB8-BC37-C9FBE8FE29E3}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 2070\AutoPatcher.exe (Related Designs Software)
FirewallRules: [{D80FB71C-8FE3-44EF-9CBA-B2CF84A4CAA2}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 2070\Anno5.exe (Related Designs)
FirewallRules: [{0B311919-FB5F-418A-A7DA-90EB39A09F3E}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 2070\Anno5.exe (Related Designs)
FirewallRules: [{0440C23E-D2C1-4385-B451-C04B6DDC151E}] => (Allow) C:\Program Files (x86)\Origin Games\Leisure Suit Larry Reloaded\LarryReloaded.exe ()
FirewallRules: [{9807388E-9413-418A-8A48-49EB01F77C2C}] => (Allow) C:\Program Files (x86)\Origin Games\Leisure Suit Larry Reloaded\LarryReloaded.exe ()
FirewallRules: [{9EB501F7-35E2-41DE-9D76-EDB765F71D72}] => (Allow) C:\Program Files\Microsoft Lync\UcMapi64.exe (Microsoft Corporation)
FirewallRules: [{1197133B-F0B3-43D7-A0AF-629699D2E30C}] => (Allow) C:\Program Files (x86)\Microsoft Lync\UcMapi.exe (Microsoft Corporation)
FirewallRules: [{B20E9C77-03EC-4606-82FE-557F147B2B68}] => (Allow) C:\Program Files (x86)\Microsoft Lync\communicator.exe (Microsoft Corporation)
FirewallRules: [{C1EADE61-F16F-4408-985E-1BEF2E829F3F}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe Keine Datei
FirewallRules: [{0EC2D455-E54A-4BCF-B47F-B38EE2DF3AA0}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe Keine Datei
FirewallRules: [{964592D3-7FD3-407B-BA6A-6417032DC3F1}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe (Blizzard Entertainment)
FirewallRules: [{D1F23160-5444-4D0C-A107-142709C0BF5A}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe (Blizzard Entertainment)
FirewallRules: [{3D8B7995-AC56-4231-B0BE-5E471B8CD67D}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe ()
FirewallRules: [{88A5029B-7699-4C8A-B5A6-1B325BF94EA1}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe ()
FirewallRules: [{CF5B8186-E0F9-48D8-92AE-022EBC68D5E6}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe (Blizzard Entertainment)
FirewallRules: [{49D218F6-2711-4B0F-BC6A-FE39852EE275}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe (Blizzard Entertainment)
FirewallRules: [{C6A2CE4C-4209-4BD0-9CF2-7FD805EA79B0}] => (Allow) C:\Program Files (x86)\Ubisoft\Die Siedler 7\Data\Base\_Dbg\Bin\Release\Settlers7R.exe (Blue Byte GmbH)
FirewallRules: [{475BA0BD-7941-48AF-9268-78013566E689}] => (Allow) C:\Program Files (x86)\Ubisoft\Die Siedler 7\Data\Base\_Dbg\Bin\Release\Settlers7R.exe (Blue Byte GmbH)
FirewallRules: [{450F3EB1-77B8-4087-8ADF-468FA4568D35}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe (Ubisoft)
FirewallRules: [{A66BDF75-89AA-4C2C-ADEE-175A5319D3DA}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe (Ubisoft)
FirewallRules: [TCP Query User{A62A1FB7-6398-4CF6-B776-80EF377ED3CB}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe (Wargaming.net)
FirewallRules: [UDP Query User{4B0D32E9-D3CA-49A8-BB6C-6DCC50A61A07}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe (Wargaming.net)
FirewallRules: [{3E83A775-1350-4BB1-98C3-FEA43746BEEC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation)
FirewallRules: [{07790045-0A6F-4450-B2BD-297C9E3807C3}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation)
FirewallRules: [{5F869C59-C40F-4BDA-A0D4-93B250BF4BA2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stronghold Crusader 2\bin\win32_release\Crusader2.exe ()
FirewallRules: [{67EBC907-1667-4BDD-8847-C092E27276D2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stronghold Crusader 2\bin\win32_release\Crusader2.exe ()
FirewallRules: [{D8940C63-C63D-4053-BD0C-B2F496484620}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stronghold 2\Stronghold2.exe (Firefly Studios)
FirewallRules: [{9A44F270-2F93-47F4-B134-630F6FCAE0F2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stronghold 2\Stronghold2.exe (Firefly Studios)
FirewallRules: [{79904BBE-E3DC-427B-8EF6-87DE6DDED3EA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry Primal\bin\FCPrimal.exe (Ubisoft Entertainment)
FirewallRules: [{971D8AA2-1646-4F03-9E5A-A4CA31D1B230}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry Primal\bin\FCPrimal.exe (Ubisoft Entertainment)
FirewallRules: [{5CEAAD65-E997-42CD-80EB-9F99CFA18863}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kerbal Space Program\KSP_x64.exe ()
FirewallRules: [{7D0B70A0-4B8F-450C-B262-5D435DC3ED77}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kerbal Space Program\KSP_x64.exe ()
FirewallRules: [{1BD335CB-ADCA-4D32-B508-952C8DFFDFCF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Civilization IV Colonization\Colonization.exe (Firaxis Games)
FirewallRules: [{7E9AC2C7-830A-4EFC-83EE-331ADFC2A662}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Civilization IV Colonization\Colonization.exe (Firaxis Games)
FirewallRules: [{89E26E6C-8F42-4BAB-962F-5CA2D24B4DFC}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe (Electronic Arts Inc.)
FirewallRules: [{F6A6A599-8DC2-4FBA-91C1-BFCD7AB7908E}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe (Electronic Arts Inc.)
FirewallRules: [TCP Query User{B2D35378-B363-40C7-8F76-8404D0BEC10A}C:\users\fee-jonas\appdata\local\amazon music\amazon music helper.exe] => (Block) C:\users\fee-jonas\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC)
FirewallRules: [UDP Query User{02B22BAA-7FD4-41B0-B573-65DF8AF6AC31}C:\users\fee-jonas\appdata\local\amazon music\amazon music helper.exe] => (Block) C:\users\fee-jonas\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC)
FirewallRules: [{CE356DD3-D434-4881-89D4-A0415812E92A}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe (Raptr, Inc)
FirewallRules: [{F890B59A-B5DB-46FE-A778-DE094CB5219B}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe (Raptr, Inc)
FirewallRules: [{5C03D892-6E13-4D58-88EE-528FEFDD4DF3}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe (Raptr, Inc)
FirewallRules: [{787A07C5-957C-4DA5-9382-1C5BFF442268}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe (Raptr, Inc)
FirewallRules: [{233FEF99-71E6-48C4-A57E-1B04FD007005}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red)
FirewallRules: [{5B5EEE6C-7D60-46EB-A19F-07BE6E711DA2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red)
FirewallRules: [TCP Query User{3FE76B17-EB49-40B9-9B95-7F2B9DC5FD2E}C:\program files\microsoft office\office14\groove.exe] => (Block) C:\program files\microsoft office\office14\groove.exe (Microsoft Corporation)
FirewallRules: [UDP Query User{183A6812-BB55-4F78-B970-55E2F6129711}C:\program files\microsoft office\office14\groove.exe] => (Block) C:\program files\microsoft office\office14\groove.exe (Microsoft Corporation)
FirewallRules: [{E9E564C7-C8D5-401D-B2E1-36B793E541E1}] => (Allow) C:\Program Files (x86)\Origin Games\Theme Hospital\data\Game\DOSBox\EALaunchHelper.exe (Electronic Arts)
FirewallRules: [{BD4E96EF-7BC4-441B-B688-A43BF88300F9}] => (Allow) C:\Program Files (x86)\Origin Games\Theme Hospital\data\Game\DOSBox\EALaunchHelper.exe (Electronic Arts)
FirewallRules: [{062E6668-167E-4D09-92E2-F774E7E6D4CF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stronghold 2\FFLauncher.exe ()
FirewallRules: [{19646928-DAF0-4C64-AE05-39D2F310001F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stronghold 2\FFLauncher.exe ()
FirewallRules: [{8AF8A76F-BB04-450A-9465-469C710AC4A9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry Primal\bin\FCPrimal.exe (Ubisoft Entertainment)
FirewallRules: [{C3C1F866-4FDF-4B32-82CC-D6CE69FFB248}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry Primal\bin\FCPrimal.exe (Ubisoft Entertainment)
FirewallRules: [TCP Query User{30584249-A8FA-4226-AC69-2A4201FCEFC2}C:\users\fee-jonas\appdata\local\amazon music\amazon music helper.exe] => (Block) C:\users\fee-jonas\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC)
FirewallRules: [UDP Query User{E9ABB7B3-6642-45EB-B7CE-21FB2B16BB37}C:\users\fee-jonas\appdata\local\amazon music\amazon music helper.exe] => (Block) C:\users\fee-jonas\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC)
FirewallRules: [{D0ADA9D1-C122-47B6-B722-04184A6F7693}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cities_Skylines\Cities.exe ()
FirewallRules: [{93F522B6-50AB-4D3B-8E0C-4E03C4B666C2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cities_Skylines\Cities.exe ()
FirewallRules: [{73456120-CDD1-42EE-9BB0-BF6709711378}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Industry Giant 2\ig2_AddOn.exe (United Independent Entertainment GmbH)
FirewallRules: [{03F75FA7-2091-4580-97C8-80C7BFB27DB8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Industry Giant 2\ig2_AddOn.exe (United Independent Entertainment GmbH)
FirewallRules: [{10E28A7E-6051-4614-95AA-1A5EAD2C163B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\XCOM 2\Binaries\Win64\Launcher\ModLauncherWPF.exe (Microsoft)
FirewallRules: [{E0EA1A40-EF6A-461C-90DD-B368A4D8D4A2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\XCOM 2\Binaries\Win64\Launcher\ModLauncherWPF.exe (Microsoft)
FirewallRules: [TCP Query User{B29151AA-2AEA-41BD-AAB4-966FCD3D83D9}C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe (Firaxis Games)
FirewallRules: [UDP Query User{F2731B3F-E518-4C9F-8538-5A31E862C352}C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe (Firaxis Games)
FirewallRules: [{76320721-FC08-431C-AF44-2D5C9323F61A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Factorio\bin\x64\factorio.exe (Wube Software)
FirewallRules: [{E120D092-D08A-4DAE-9ADA-46BC0384CA75}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Factorio\bin\x64\factorio.exe (Wube Software)
FirewallRules: [{6816B626-A16A-4562-B930-8EFD43484AF5}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe (Electronic Arts Inc.)
FirewallRules: [{E08FE17A-1A37-4F6F-B59E-A9BCEA24A41C}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe (Electronic Arts Inc.)
FirewallRules: [{B8CC5228-73D5-4F19-9249-E95F336DAB1E}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts Inc.)
FirewallRules: [{19B5E915-9B64-4C59-ACE5-7731A9E33E49}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts Inc.)
FirewallRules: [{C4EE90AA-431D-4ABE-ADF6-BA6C89D723D0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe (Firaxis Games)
FirewallRules: [{B88C9348-0BF0-4B9C-874C-347987BEA66A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe (Firaxis Games)
FirewallRules: [{3EEF874E-2AA2-4B37-A6A8-5AAE1F2251A4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe (Firaxis Games)
FirewallRules: [{AECEE5ED-8F87-434F-8356-C2ACFA6F0B51}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe (Firaxis Games)
FirewallRules: [TCP Query User{44994FA2-6831-4594-AA9E-031D4A03BB8A}C:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe] => (Allow) C:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe (Blue Byte GmbH)
FirewallRules: [UDP Query User{9293AADF-43E1-4D71-9FB0-88247235307D}C:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe] => (Allow) C:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe (Blue Byte GmbH)
FirewallRules: [{A215A324-37FF-4595-996D-1348A8FEC10E}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
FirewallRules: [{E32948F0-4FAD-4704-B9AA-C7BA6B1142E3}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
FirewallRules: [{3B764539-BF20-4835-A39E-598AF9CEF614}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hearts of Iron IV\hoi4.exe (Paradox Interactive)
FirewallRules: [{A853CB92-E45C-46B8-A6D6-EB21004E08EB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hearts of Iron IV\hoi4.exe (Paradox Interactive)
FirewallRules: [{58C31393-E9DF-43D0-83FA-2DC53CB24324}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Technologies S.A.)
FirewallRules: [{14F66FEA-611F-49B1-957B-3F7353E1C26D}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Technologies S.A.)
FirewallRules: [{F0E7DB56-AD76-4858-9069-06D0FF5B387E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe ()
FirewallRules: [{2EF7B2EA-1A8D-49D6-9EC0-C5F5C2E8BE2D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe ()
FirewallRules: [{F3657BD6-5E02-4A9B-AAFB-8BC8A5485B06}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe ()
FirewallRules: [{70F4E1CE-8B97-47D0-BA3F-181AB0098393}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe ()
FirewallRules: [{DE4AB790-4C40-4417-98AE-F8FA9164A0C8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Crusader Kings II\CK2game.exe (Paradox Interactive)
FirewallRules: [{3D136507-38B0-4AAA-9675-8B60E3A49C03}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Crusader Kings II\CK2game.exe (Paradox Interactive)
FirewallRules: [{DFCF60D1-B8D5-4B8E-B0AE-20A68292D725}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software)
FirewallRules: [{74869600-35E5-4379-A1D6-3CD72BB9C925}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software)
FirewallRules: [{8DE35911-A6FC-4EA2-997B-5071F5BE7E98}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software)

==================== Wiederherstellungspunkte =========================

20-12-2018 14:36:14 Windows Update
03-01-2019 23:38:34 Windows Update
06-01-2019 19:46:47 Prüfpunkt von HitmanPro

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (01/06/2019 07:46:56 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (01/06/2019 07:46:46 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {38e69ccf-54ee-4a84-b3a1-666353ef4106}

Error: (01/06/2019 07:34:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbamtray.exe, Version: 3.1.0.1662, Zeitstempel: 0x5c070ada
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.18895, Zeitstempel: 0x5a4b127e
Ausnahmecode: 0xc0000142
Fehleroffset: 0x0009d4e2
ID des fehlerhaften Prozesses: 0x1258
Startzeit der fehlerhaften Anwendung: 0x01d4a5ee7af3754e
Pfad der fehlerhaften Anwendung: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Pfad des fehlerhaften Moduls: KERNELBASE.dll
Berichtskennung: c034bc52-11e1-11e9-8139-bc5ff47694e7
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (01/06/2019 07:32:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbamservice.exe, Version: 3.2.0.704, Zeitstempel: 0x5b9acf90
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.19153, Zeitstempel: 0x5b93ffa7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000003de0e
ID des fehlerhaften Prozesses: 0x8f8
Startzeit der fehlerhaften Anwendung: 0x01d4a4fa2afb9c8c
Pfad der fehlerhaften Anwendung: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll
Berichtskennung: 74c7e1be-11e1-11e9-8138-bc5ff47694e7
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (01/05/2019 02:26:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbamtray.exe, Version: 3.1.0.1662, Zeitstempel: 0x5c070ada
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.18895, Zeitstempel: 0x5a4b127e
Ausnahmecode: 0xc0000142
Fehleroffset: 0x0009d4e2
ID des fehlerhaften Prozesses: 0x1190
Startzeit der fehlerhaften Anwendung: 0x01d4a4fa41ab8056
Pfad der fehlerhaften Anwendung: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Pfad des fehlerhaften Moduls: KERNELBASE.dll
Berichtskennung: 888b9e5f-10ed-11e9-8138-bc5ff47694e7
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (01/03/2019 11:40:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Steam.exe, Version 4.83.53.91 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 980

Startzeit: 01d4a3b2ea85c727

Endzeit: 15

Anwendungspfad: C:\Program Files (x86)\Steam\Steam.exe

Berichts-ID: 91353099-0fa8-11e9-8132-bc5ff47694e7

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (01/03/2019 11:38:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (01/03/2019 11:14:09 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2118-12-10T22:14:09Z. Fehlercode: 0x80040154.


Systemfehler:
=============
Error: (01/06/2019 10:30:49 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (01/06/2019 09:00:29 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (01/06/2019 08:59:57 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (01/06/2019 07:51:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Treiber konnte nicht geladen werden.

Error: (01/06/2019 07:51:24 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Admin\AppData\Local\Temp\ehdrv.sys

Error: (01/06/2019 07:51:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Treiber konnte nicht geladen werden.

Error: (01/06/2019 07:51:24 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Admin\AppData\Local\Temp\ehdrv.sys

Error: (01/06/2019 07:51:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Treiber konnte nicht geladen werden.


Windows Defender:
===================================
Date: 2013-03-08 12:48:06.137
Description:
Die Windows Defender-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {CE77E50C-6F4F-4C63-B1C2-181706E9A2C7}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM

Date: 2013-02-02 17:16:31.827
Description:
Die Windows Defender-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {6D0A8998-6BEF-48F9-A25D-8B839C367F24}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM

Date: 2013-01-05 00:12:33.150
Description:
Die Windows Defender-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {02CC17D8-2F71-49EB-8574-410B230987B5}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM

Date: 2016-10-07 16:44:03.697
Description:
Fehler von Windows Defender beim Laden von Signaturen. Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen.
Betroffene Signaturen: Sicherung
Fehlercode: 0x80073aba
Fehlerbeschreibung: Die Ressource ist zu alt und daher nicht mehr kompatibel.
Signaturversion: 1.147.1246.0;1.147.1246.0
Modulversion: 1.1.9302.0

Date: 2016-10-07 16:44:01.825
Description:
Fehler von Windows Defender beim Laden von Signaturen. Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen.
Betroffene Signaturen: Aktuell
Fehlercode: 0x80073aba
Fehlerbeschreibung: Die Ressource ist zu alt und daher nicht mehr kompatibel.
Signaturversion: 1.147.1631.0;1.147.1631.0
Modulversion: 1.1.9302.0

Date: 2013-04-11 21:40:15.013
Description:
Fehler von Windows Defender beim Aktualisieren von Signaturen.
Neue Signaturversion:
Vorherige Signaturversion: 1.147.1246.0
Updatequelle: Microsoft Update-Server
Signaturtyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion:
Vorherige Modulversion: 1.1.9302.0
Fehlercode: 0x80240016
Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie unter "Hilfe und Support".

Date: 2013-04-11 21:40:15.013
Description:
Fehler von Windows Defender beim Aktualisieren von Signaturen.
Neue Signaturversion:
Vorherige Signaturversion: 1.147.1246.0
Updatequelle: Microsoft Update-Server
Signaturtyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion:
Vorherige Modulversion: 1.1.9302.0
Fehlercode: 0x80240016
Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie unter "Hilfe und Support".

Date: 2013-04-11 21:40:15.013
Description:
Fehler von Windows Defender beim Aktualisieren von Signaturen.
Neue Signaturversion:
Vorherige Signaturversion: 1.147.1246.0
Updatequelle: Microsoft Update-Server
Signaturtyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion:
Vorherige Modulversion: 1.1.9302.0
Fehlercode: 0x80240016
Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie unter "Hilfe und Support".

==================== Speicherinformationen ===========================

Prozessor: AMD A10-5800K APU with Radeon(tm) HD Graphics
Prozentuale Nutzung des RAM: 38%
Installierter physikalischer RAM: 8146.26 MB
Verfügbarer physikalischer RAM: 5028.18 MB
Summe virtueller Speicher: 9682.26 MB
Verfügbarer virtueller Speicher: 5678.6 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:1667.7 GB) (Free:960.39 GB) NTFS
Drive d: (Daten) (Fixed) (Total:97.31 GB) (Free:92.59 GB) NTFS

\\?\Volume{95d81160-523f-11e2-be65-806e6f6e6963}\ (System-reserviert) (Fixed) (Total:0.34 GB) (Free:0.29 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: B3AEF03F)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=97.7 GB) - (Type=06)
Partition 4: (Not Active) - (Size=1667.7 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================
Hinsichtlich der Fragen: Keine Probleme, mein Browser bietet mir aber seit neuestem startpage.com aus neue Suchmaschine an. War nicht bestellt, ist aber wahrscheinlich ganz gut so ;-)

Danke Dir auf jeden Fall soweit!

M-K-D-B 07.01.2019 15:26
Schritt 1
  • Kopiere den gesamten Inhalt der folgenden Code-Box:
    Code:
    Start::
    S2 APXACC; \SystemRoot\system32\DRIVERS\appexDrv.sys [X]
    DeleteKey: HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
    DeleteQuarantine:
    Reboot:
    End::
  • Starte nun FRST und klicke direkt den Entfernen Button. Wichtig: Du brauchst den Inhalt der Code-Box nirgends einfügen, da sich FRST den Code aus der Zwischenablage holt!
  • Das Tool führt die gewünschten Schritte aus und erstellt eine fixlog.txt im selben Verzeichnis, in dem sich die FRST/FRST64.exe befindet.
  • Gegebenenfalls muss dein Rechner dafür neu gestartet werden.
  • Poste mir den Inhalt der fixlog.txt mit deiner nächsten Antwort.







Schritt 2
Alle Logs gepostet? Dann lade Dir bitte das TBCleanUpTool herunter.
  • Schließe alle offenen Programme.
  • Rechtsklicke auf die TBCleanUp.bat und wähle Als Administrator ausführen.
  • Solltest du die Meldung "Der Computer wurde durch Windows geschützt" erhalten, klicke auf Weitere Informationen und dann auf Trotzdem ausführen.
  • Es öffnet sich ein schwarzes Fenster der Kommandozeile.
  • Drücke eine beliebige Taste, um den Entfernungsprozess zu starten.
  • Am Ende wird dein Rechner automatisch neu gestartet.
Hinweis:
Das TBCleanUpTool entfernt die verwendeten Programme, die Quarantäne unserer Scanner und löscht sich abschließend selbst.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, die du nicht mehr verwenden möchtest, kannst du diese über die Systemsteuerung deinstallieren.










Dann wären wir durch!
Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber. :daumenhoc

Wenn Du möchtest, kannst Du hier sagen, ob du mit mir und meiner Hilfe zufrieden warst...:dankeschoen:
Vielleicht möchtest du das Forum mit einer kleinen Spende https://www.trojaner-board.de/extra/spende.png unterstützen. :applaus:

Hinweise:
Bitte gib mir eine kurze Rückmeldung, sobald alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.


Wichtige Tipps und Hinweise zur Absicherung deines Computers findest du hier:


Lesestoff:
Anleitung: Maßnahmen zur Absicherung des Rechners

dirk_92 09.01.2019 13:57
Step 1 - fixlog
 
Hallo Matthias,
das letzte fixlog ist erfolgreich durchgelaufen:

Code:
Entfernungsergebnis von Farbar Recovery Scan Tool (x64) Version: 09.01.2019
durchgeführt von Admin (09-01-2019 13:15:13) Run:3
Gestartet von C:\Users\Admin\Desktop
Geladene Profile: Admin (Verfügbare Profile: Admin & Fee-Jonas & Dirk)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
S2 APXACC; \SystemRoot\system32\DRIVERS\appexDrv.sys [X]
DeleteKey: HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
DeleteQuarantine:
Reboot:

*****************

HKLM\System\CurrentControlSet\Services\APXACC => erfolgreich entfernt
APXACC => Dienst erfolgreich entfernt
HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => erfolgreich entfernt
"C:\FRST\Quarantine" => erfolgreich entfernt


Das System musste neu gestartet werden.

==== Ende von Fixlog 13:15:13 ====
Danke für Deine Unterstützung!

M-K-D-B 09.01.2019 16:26
Ich bin froh, dass wir helfen konnten :abklatsch:

In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest:
Lob, Kritik und Wünsche
Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank! :)

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke uns bitte eine Erinnerung inklusive Link zum Thema.

Jeder andere bitte hier klicken und ein eigenes Thema erstellen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 00:55 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131