|
Log-Analyse und Auswertung: Win 10 Rogue.953320 MalwareWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
01.03.2016, 09:54 | #1 |
| Win 10 Rogue.953320 Malware Hallo, mein AVIRA hat seit einigen Tagen einen Fund der "Rogue.953320" Malware gemeldet (s. Log). Daraufhin habe ich auch MBAM laufen lassen. Leider konnte die infizierte Datei nicht umbenannt/gelöscht werden. Mit jedem Suchlauf von AVIRA wurden mehr infizierte Dateien gefunden. Nach mehreren kompletten Suchläufen durch AVIRA wechselte ich die Strategie: Ich habe dann einen kompletten Suchlauf über die Recovery CD von AVIRA gefahren. Jetzt konnte die infizierte Datei umbenannt werden (irgendwas.vir). Leider war das Problem beim ersten Suchlauf nach dem Hochfahren des Win10 Systems wieder präsent. Ich brauche jetzt eure Hilfe, da ich an meiner Dissertation arbeite und Angst habe es könnte irgendwas passieren.. Hier die LOGS von AVIRA, MBAM und FRST Vielen Dank für eure Hilfe! Code:
ATTFilter Antivirus Pro Erstellungsdatum der Reportdatei: Dienstag, 1. März 2016 09:01 Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : XXXXXXXX Seriennummer : XXXXXXXX Plattform : Windows 10 Home Windowsversion : (plain) [10.0.10586] Boot Modus : Normal gebootet Benutzername : SYSTEM Computername : EARTH1 Versionsinformationen: build.dat : 15.0.15.141 93076 Bytes 17.02.2016 08:41:00 AVSCAN.EXE : 15.0.15.133 1202864 Bytes 20.02.2016 18:32:43 AVSCANRC.DLL : 15.0.15.137 66208 Bytes 20.02.2016 18:32:43 LUKE.DLL : 15.0.15.133 69248 Bytes 20.02.2016 18:32:46 AVSCPLR.DLL : 15.0.15.133 106352 Bytes 20.02.2016 18:32:43 REPAIR.DLL : 15.0.15.133 493608 Bytes 20.02.2016 18:32:42 repair.rdf : 1.0.14.98 1559068 Bytes 29.02.2016 17:05:24 AVREG.DLL : 15.0.15.133 345344 Bytes 20.02.2016 18:32:42 avlode.dll : 15.0.15.133 700712 Bytes 20.02.2016 18:32:42 avlode.rdf : 14.0.5.32 93671 Bytes 26.02.2016 10:03:33 XBV00006.VDF : 8.12.37.66 2048 Bytes 17.12.2015 14:30:15 XBV00007.VDF : 8.12.37.66 2048 Bytes 17.12.2015 14:30:15 XBV00008.VDF : 8.12.37.66 2048 Bytes 17.12.2015 14:30:15 XBV00009.VDF : 8.12.37.66 2048 Bytes 17.12.2015 14:30:15 XBV00010.VDF : 8.12.37.66 2048 Bytes 17.12.2015 14:30:15 XBV00011.VDF : 8.12.37.66 2048 Bytes 17.12.2015 14:30:15 XBV00012.VDF : 8.12.37.66 2048 Bytes 17.12.2015 14:30:15 XBV00013.VDF : 8.12.37.66 2048 Bytes 17.12.2015 14:30:15 XBV00014.VDF : 8.12.37.66 2048 Bytes 17.12.2015 14:30:15 XBV00015.VDF : 8.12.37.66 2048 Bytes 17.12.2015 14:30:15 XBV00016.VDF : 8.12.37.66 2048 Bytes 17.12.2015 14:30:15 XBV00017.VDF : 8.12.37.66 2048 Bytes 17.12.2015 14:30:15 XBV00018.VDF : 8.12.37.66 2048 Bytes 17.12.2015 14:30:15 XBV00019.VDF : 8.12.37.66 2048 Bytes 17.12.2015 14:30:15 XBV00020.VDF : 8.12.37.66 2048 Bytes 17.12.2015 14:30:15 XBV00021.VDF : 8.12.37.66 2048 Bytes 17.12.2015 14:30:15 XBV00022.VDF : 8.12.37.66 2048 Bytes 17.12.2015 14:30:15 XBV00023.VDF : 8.12.37.66 2048 Bytes 17.12.2015 14:30:15 XBV00024.VDF : 8.12.37.66 2048 Bytes 17.12.2015 14:30:15 XBV00025.VDF : 8.12.37.66 2048 Bytes 17.12.2015 14:30:15 XBV00026.VDF : 8.12.37.66 2048 Bytes 17.12.2015 14:30:15 XBV00027.VDF : 8.12.37.66 2048 Bytes 17.12.2015 14:30:15 XBV00028.VDF : 8.12.37.66 2048 Bytes 17.12.2015 14:30:15 XBV00029.VDF : 8.12.37.66 2048 Bytes 17.12.2015 14:30:15 XBV00030.VDF : 8.12.37.66 2048 Bytes 17.12.2015 14:30:15 XBV00031.VDF : 8.12.37.66 2048 Bytes 17.12.2015 14:30:15 XBV00032.VDF : 8.12.37.66 2048 Bytes 17.12.2015 14:30:15 XBV00033.VDF : 8.12.37.66 2048 Bytes 17.12.2015 14:30:15 XBV00034.VDF : 8.12.37.66 2048 Bytes 17.12.2015 14:30:15 XBV00035.VDF : 8.12.37.66 2048 Bytes 17.12.2015 14:30:15 XBV00036.VDF : 8.12.37.66 2048 Bytes 17.12.2015 14:30:15 XBV00037.VDF : 8.12.37.66 2048 Bytes 17.12.2015 14:30:15 XBV00038.VDF : 8.12.37.66 2048 Bytes 17.12.2015 14:30:15 XBV00039.VDF : 8.12.37.66 2048 Bytes 17.12.2015 14:30:15 XBV00040.VDF : 8.12.37.66 2048 Bytes 17.12.2015 14:30:15 XBV00041.VDF : 8.12.37.66 2048 Bytes 17.12.2015 14:30:15 XBV00064.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:44 XBV00065.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:45 XBV00066.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:45 XBV00067.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:45 XBV00068.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:45 XBV00069.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:45 XBV00070.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:45 XBV00071.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:45 XBV00072.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:45 XBV00073.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:45 XBV00074.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:45 XBV00075.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:45 XBV00076.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:45 XBV00077.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:45 XBV00078.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:45 XBV00079.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:45 XBV00080.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:45 XBV00081.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:45 XBV00082.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:45 XBV00083.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:45 XBV00084.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:45 XBV00085.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:45 XBV00086.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:45 XBV00087.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:45 XBV00088.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:45 XBV00089.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:45 XBV00090.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:45 XBV00091.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:45 XBV00092.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:45 XBV00093.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:45 XBV00094.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:45 XBV00095.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:45 XBV00096.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:45 XBV00097.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:45 XBV00098.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:45 XBV00099.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:45 XBV00100.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:45 XBV00101.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:45 XBV00102.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:45 XBV00103.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:45 XBV00104.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:45 XBV00105.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:45 XBV00106.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:45 XBV00107.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:45 XBV00108.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:45 XBV00109.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:45 XBV00110.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:45 XBV00111.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:45 XBV00112.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:45 XBV00113.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:45 XBV00114.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:45 XBV00115.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:45 XBV00116.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:45 XBV00117.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:45 XBV00118.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:45 XBV00119.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:45 XBV00120.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:45 XBV00121.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:45 XBV00122.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:45 XBV00123.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:45 XBV00124.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:45 XBV00125.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:45 XBV00126.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:46 XBV00127.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:46 XBV00128.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:46 XBV00129.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:46 XBV00130.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:46 XBV00131.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:46 XBV00132.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:46 XBV00133.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:46 XBV00134.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:46 XBV00135.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:46 XBV00136.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:46 XBV00137.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:46 XBV00138.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:46 XBV00139.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:46 XBV00140.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:46 XBV00141.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:46 XBV00142.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:46 XBV00143.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:46 XBV00144.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:46 XBV00145.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:46 XBV00146.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:46 XBV00147.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:46 XBV00148.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:46 XBV00149.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:46 XBV00150.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:46 XBV00151.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:46 XBV00152.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:46 XBV00153.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:46 XBV00154.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:46 XBV00155.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:46 XBV00156.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:46 XBV00157.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:46 XBV00158.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:46 XBV00159.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:46 XBV00160.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:46 XBV00161.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:46 XBV00162.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:46 XBV00163.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:46 XBV00164.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:46 XBV00165.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:46 XBV00166.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:46 XBV00167.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:46 XBV00168.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:46 XBV00169.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:46 XBV00170.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:46 XBV00171.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:46 XBV00172.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:46 XBV00173.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:46 XBV00174.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:46 XBV00175.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:46 XBV00176.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:46 XBV00177.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:46 XBV00178.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:46 XBV00179.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:46 XBV00180.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:46 XBV00181.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:46 XBV00182.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:46 XBV00183.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:46 XBV00184.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:47 XBV00185.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:47 XBV00186.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:47 XBV00187.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:47 XBV00188.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:47 XBV00189.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:47 XBV00190.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:47 XBV00191.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:47 XBV00192.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:47 XBV00193.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:47 XBV00194.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:47 XBV00195.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:47 XBV00196.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:47 XBV00197.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:47 XBV00198.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:47 XBV00199.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:47 XBV00200.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:47 XBV00201.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:47 XBV00202.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:47 XBV00203.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:47 XBV00204.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:47 XBV00205.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:47 XBV00206.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:47 XBV00207.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:47 XBV00208.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:47 XBV00209.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:47 XBV00210.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:47 XBV00211.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:47 XBV00212.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:47 XBV00213.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:47 XBV00214.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:47 XBV00215.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:47 XBV00216.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:47 XBV00217.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:47 XBV00218.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:47 XBV00219.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:47 XBV00220.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:47 XBV00221.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:47 XBV00222.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:47 XBV00223.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:47 XBV00224.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:47 XBV00225.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:47 XBV00226.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:47 XBV00227.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:47 XBV00228.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:47 XBV00229.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:47 XBV00230.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:47 XBV00231.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:47 XBV00232.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:47 XBV00233.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:47 XBV00234.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:47 XBV00235.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:47 XBV00236.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:47 XBV00237.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:47 XBV00238.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:47 XBV00239.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:47 XBV00240.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:47 XBV00241.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:47 XBV00242.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:47 XBV00243.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:47 XBV00244.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:48 XBV00245.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:48 XBV00246.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:48 XBV00247.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:48 XBV00248.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:48 XBV00249.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:48 XBV00250.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:48 XBV00251.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:48 XBV00252.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:48 XBV00253.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:48 XBV00254.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:48 XBV00255.VDF : 8.12.62.184 2048 Bytes 26.02.2016 09:29:48 XBV00000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 15:12:48 XBV00001.VDF : 7.11.237.0 48041984 Bytes 02.06.2015 14:30:10 XBV00002.VDF : 7.12.37.36 16452096 Bytes 17.12.2015 14:30:15 XBV00003.VDF : 8.12.44.142 3948032 Bytes 09.01.2016 15:12:18 XBV00004.VDF : 8.12.52.208 4036096 Bytes 02.02.2016 11:52:55 XBV00005.VDF : 8.12.62.184 2779136 Bytes 26.02.2016 09:29:44 XBV00042.VDF : 8.12.62.186 8192 Bytes 26.02.2016 09:29:44 XBV00043.VDF : 8.12.62.188 8704 Bytes 26.02.2016 09:29:44 XBV00044.VDF : 8.12.62.190 8704 Bytes 26.02.2016 09:29:44 XBV00045.VDF : 8.12.62.192 8704 Bytes 26.02.2016 09:29:44 XBV00046.VDF : 8.12.62.200 38400 Bytes 27.02.2016 13:20:41 XBV00047.VDF : 8.12.62.202 30720 Bytes 27.02.2016 15:20:41 XBV00048.VDF : 8.12.62.204 2048 Bytes 27.02.2016 15:20:41 XBV00049.VDF : 8.12.62.218 2048 Bytes 27.02.2016 15:20:41 XBV00050.VDF : 8.12.62.232 17408 Bytes 27.02.2016 15:20:41 XBV00051.VDF : 8.12.62.246 69632 Bytes 28.02.2016 11:05:11 XBV00052.VDF : 8.12.63.4 8192 Bytes 28.02.2016 11:05:11 XBV00053.VDF : 8.12.63.6 2048 Bytes 28.02.2016 11:05:11 XBV00054.VDF : 8.12.63.34 16384 Bytes 28.02.2016 11:05:11 XBV00055.VDF : 8.12.63.48 70144 Bytes 29.02.2016 11:05:12 XBV00056.VDF : 8.12.63.64 2048 Bytes 29.02.2016 11:05:12 XBV00057.VDF : 8.12.63.80 13312 Bytes 29.02.2016 11:05:12 XBV00058.VDF : 8.12.63.94 9216 Bytes 29.02.2016 11:05:12 XBV00059.VDF : 8.12.63.96 9216 Bytes 29.02.2016 11:05:12 XBV00060.VDF : 8.12.63.98 7680 Bytes 29.02.2016 13:05:11 XBV00061.VDF : 8.12.63.100 10240 Bytes 29.02.2016 13:05:11 XBV00062.VDF : 8.12.63.108 39936 Bytes 29.02.2016 19:05:24 XBV00063.VDF : 8.12.63.122 30208 Bytes 29.02.2016 21:05:24 LOCAL000.VDF : 8.12.63.122 144260096 Bytes 29.02.2016 21:05:34 Engineversion : 8.3.36.30 AEBB.DLL : 8.1.3.0 59296 Bytes 20.11.2015 15:23:32 AECORE.DLL : 8.3.9.0 249920 Bytes 12.11.2015 18:13:29 AEDROID.DLL : 8.4.3.348 1800104 Bytes 06.11.2015 12:06:12 AEEMU.DLL : 8.1.3.6 404328 Bytes 20.11.2015 15:23:32 AEEXP.DLL : 8.4.2.144 289920 Bytes 25.12.2015 09:38:39 AEGEN.DLL : 8.1.8.34 494440 Bytes 26.02.2016 10:03:33 AEHELP.DLL : 8.3.2.10 284584 Bytes 15.02.2016 11:54:47 AEHEUR.DLL : 8.1.4.2192 10129472 Bytes 25.02.2016 12:17:09 AEMOBILE.DLL : 8.1.8.10 301936 Bytes 26.11.2015 14:32:22 AEOFFICE.DLL : 8.3.1.104 446528 Bytes 26.02.2016 10:03:33 AEPACK.DLL : 8.4.2.8 804776 Bytes 23.02.2016 14:51:44 AERDL.DLL : 8.2.1.38 813928 Bytes 06.11.2015 12:06:12 AESBX.DLL : 8.2.21.2 1629032 Bytes 06.11.2015 12:06:12 AESCN.DLL : 8.3.4.2 142184 Bytes 22.01.2016 13:07:22 AESCRIPT.DLL : 8.3.0.42 571304 Bytes 26.02.2016 10:03:33 AEVDF.DLL : 8.3.3.2 141216 Bytes 10.02.2016 08:29:11 AVWINLL.DLL : 15.0.15.133 28632 Bytes 20.02.2016 18:32:39 AVPREF.DLL : 15.0.15.133 55864 Bytes 20.02.2016 18:32:42 AVREP.DLL : 15.0.15.133 224352 Bytes 20.02.2016 18:32:42 AVARKT.DLL : 15.0.15.133 231032 Bytes 20.02.2016 18:32:41 AVEVTLOG.DLL : 15.0.15.133 201600 Bytes 20.02.2016 18:32:41 SQLITE3.DLL : 15.0.15.133 461672 Bytes 20.02.2016 18:32:47 AVSMTP.DLL : 15.0.15.133 81152 Bytes 20.02.2016 18:32:43 NETNT.DLL : 15.0.15.133 18792 Bytes 20.02.2016 18:32:46 CommonImageRc.dll: 15.0.15.133 4308784 Bytes 20.02.2016 18:32:39 CommonTextRc.dll: 15.0.15.133 69816 Bytes 20.02.2016 18:32:39 Konfiguration für den aktuellen Suchlauf: Job Name..............................: AVGuardAsyncScan Konfigurationsdatei...................: G:\Avira\Antivirus\TEMP\AVGUARD_56d54a24\guard_slideup.avp Protokollierung.......................: standard Primäre Aktion........................: Reparieren Sekundäre Aktion......................: Quarantäne Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: aus Durchsuche aktive Programme...........: ein Durchsuche Registrierung..............: aus Suche nach Rootkits...................: ein Integritätsprüfung von Systemdateien..: aus Prüfe alle Dateien....................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Abweichende Archivtypen...............: +, +, +, +, +, +, +, +, Makrovirenheuristik...................: ein Dateiheuristik........................: Vollständig Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+SPR, Beginn des Suchlaufs: Dienstag, 1. März 2016 09:01 Der Suchlauf nach versteckten Objekten wird begonnen. Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'svchost.exe' - '68' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'dwm.exe' - '50' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '213' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '82' Modul(e) wurden durchsucht Durchsuche Prozess 'nvvsvc.exe' - '32' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '87' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '53' Modul(e) wurden durchsucht Durchsuche Prozess 'nvSCPAPISvr.exe' - '32' Modul(e) wurden durchsucht Durchsuche Prozess 'WUDFHost.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '77' Modul(e) wurden durchsucht Durchsuche Prozess 'nvxdsync.exe' - '58' Modul(e) wurden durchsucht Durchsuche Prozess 'nvvsvc.exe' - '48' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '73' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '88' Modul(e) wurden durchsucht Durchsuche Prozess 'vpnagent.exe' - '69' Modul(e) wurden durchsucht Durchsuche Prozess 'spoolsv.exe' - '91' Modul(e) wurden durchsucht Durchsuche Prozess 'dashost.exe' - '61' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '94' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '124' Modul(e) wurden durchsucht Durchsuche Prozess 'armsvc.exe' - '32' Modul(e) wurden durchsucht Durchsuche Prozess 'Avira.ServiceHost.exe' - '120' Modul(e) wurden durchsucht Durchsuche Prozess 'AppleMobileDeviceService.exe' - '60' Modul(e) wurden durchsucht Durchsuche Prozess 'mDNSResponder.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'cjpcsc.exe' - '48' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht Durchsuche Prozess 'SkypeC2CPNRSvc.exe' - '21' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '82' Modul(e) wurden durchsucht Durchsuche Prozess 'SkypeC2CAutoUpdateSvc.exe' - '34' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '46' Modul(e) wurden durchsucht Durchsuche Prozess 'mqsvc.exe' - '68' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht Durchsuche Prozess 'StarMoneyOnlineUpdate.exe' - '46' Modul(e) wurden durchsucht Durchsuche Prozess 'WDDriveService.exe' - '53' Modul(e) wurden durchsucht Durchsuche Prozess 'AdAwareService.exe' - '116' Modul(e) wurden durchsucht Durchsuche Prozess 'OfficeClickToRun.exe' - '89' Modul(e) wurden durchsucht Durchsuche Prozess 'mbamscheduler.exe' - '50' Modul(e) wurden durchsucht Durchsuche Prozess 'StarMoneyOnlineUpdate.exe' - '46' Modul(e) wurden durchsucht Durchsuche Prozess 'WDBackupEngine.exe' - '108' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'SMSvcHost.exe' - '41' Modul(e) wurden durchsucht Durchsuche Prozess 'SMSvcHost.exe' - '39' Modul(e) wurden durchsucht Durchsuche Prozess 'wmiprvse.exe' - '41' Modul(e) wurden durchsucht Durchsuche Prozess 'wmiprvse.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'avshadow.exe' - '25' Modul(e) wurden durchsucht Durchsuche Prozess 'avmailc7.exe' - '56' Modul(e) wurden durchsucht Durchsuche Prozess 'avwebg7.exe' - '59' Modul(e) wurden durchsucht Durchsuche Prozess 'sihost.exe' - '56' Modul(e) wurden durchsucht Durchsuche Prozess 'taskhostw.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'Explorer.EXE' - '252' Modul(e) wurden durchsucht Durchsuche Prozess 'RemindersServer.exe' - '63' Modul(e) wurden durchsucht Durchsuche Prozess 'SkypeHost.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'RuntimeBroker.exe' - '147' Modul(e) wurden durchsucht Durchsuche Prozess 'ShellExperienceHost.exe' - '81' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchUI.exe' - '172' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchIndexer.exe' - '52' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '80' Modul(e) wurden durchsucht Durchsuche Prozess 'GoogleCrashHandler.exe' - '34' Modul(e) wurden durchsucht Durchsuche Prozess 'GoogleCrashHandler64.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'nvtray.exe' - '59' Modul(e) wurden durchsucht Durchsuche Prozess 'RtkNGUI64.exe' - '58' Modul(e) wurden durchsucht Durchsuche Prozess 'ProfilerU.exe' - '38' Modul(e) wurden durchsucht Durchsuche Prozess 'SaiMfd.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'iTunesHelper.exe' - '67' Modul(e) wurden durchsucht Durchsuche Prozess 'AdAwareTray.exe' - '62' Modul(e) wurden durchsucht Durchsuche Prozess 'iCloudServices.exe' - '107' Modul(e) wurden durchsucht Durchsuche Prozess 'ApplePhotoStreams.exe' - '116' Modul(e) wurden durchsucht Durchsuche Prozess 'APSDaemon.exe' - '80' Modul(e) wurden durchsucht Durchsuche Prozess 'fontdrvhost.exe' - '8' Modul(e) wurden durchsucht Durchsuche Prozess 'iPodService.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'iCloudDrive.exe' - '101' Modul(e) wurden durchsucht Durchsuche Prozess 'AppleIEDAV.exe' - '68' Modul(e) wurden durchsucht Durchsuche Prozess 'Skype.exe' - '150' Modul(e) wurden durchsucht Durchsuche Prozess 'CCleaner64.exe' - '52' Modul(e) wurden durchsucht Durchsuche Prozess 'OneDrive.exe' - '109' Modul(e) wurden durchsucht Durchsuche Prozess 'onenotem.exe' - '44' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '118' Modul(e) wurden durchsucht Durchsuche Prozess 'Dropbox.exe' - '209' Modul(e) wurden durchsucht Durchsuche Prozess 'BrMfcWnd.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'BrMfimon.exe' - '49' Modul(e) wurden durchsucht Durchsuche Prozess 'winampa.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'acrotray.exe' - '49' Modul(e) wurden durchsucht Durchsuche Prozess 'vpnui.exe' - '83' Modul(e) wurden durchsucht Durchsuche Prozess 'Agile1pAgent.exe' - '62' Modul(e) wurden durchsucht Durchsuche Prozess 'HORNETDRIVE.exe' - '92' Modul(e) wurden durchsucht Durchsuche Prozess 'MsoSync.exe' - '74' Modul(e) wurden durchsucht Durchsuche Prozess 'WDDMStatus.exe' - '92' Modul(e) wurden durchsucht Durchsuche Prozess 'wmiprvse.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'Avira.Systray.exe' - '139' Modul(e) wurden durchsucht Durchsuche Prozess 'CSISYNCCLIENT.EXE' - '66' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '105' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '39' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '69' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '54' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '54' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '54' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '54' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '54' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '61' Modul(e) wurden durchsucht Durchsuche Prozess 'OUTLOOK.EXE' - '192' Modul(e) wurden durchsucht Durchsuche Prozess 'NOTEPAD.EXE' - '41' Modul(e) wurden durchsucht Durchsuche Prozess 'mbam.exe' - '115' Modul(e) wurden durchsucht Durchsuche Prozess 'WINWORD.EXE' - '143' Modul(e) wurden durchsucht Durchsuche Prozess 'vssvc.exe' - '32' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '27' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '127' Modul(e) wurden durchsucht Durchsuche Prozess 'taskeng.exe' - '20' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '114' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '112' Modul(e) wurden durchsucht Durchsuche Prozess 'update.exe' - '86' Modul(e) wurden durchsucht Durchsuche Prozess 'updrgui.exe' - '48' Modul(e) wurden durchsucht Durchsuche Prozess 'update.exe' - '59' Modul(e) wurden durchsucht Durchsuche Prozess 'lsass.exe' - '96' Modul(e) wurden durchsucht Durchsuche Prozess 'winlogon.exe' - '35' Modul(e) wurden durchsucht Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp000019ff' [INFO] RepairMalware: Disinfection of malware TR/Rogue.953320 needs a reboot to complete [INFO] RepairMalware: Disinfection of malware TR/Rogue.953320 needs the rescue cd to complete C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp000019ff [FUND] Ist das Trojanische Pferd TR/Rogue.953320 [HINWEIS] Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden! [HINWEIS] Die Datei existiert nicht! Beginne mit der Suche in 'C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp00001a01' Der zu durchsuchende Pfad C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp00001a01 konnte nicht geöffnet werden! Systemfehler [2]: Das System kann die angegebene Datei nicht finden. Beginne mit der Suche in 'C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp00001a03' Der zu durchsuchende Pfad C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp00001a03 konnte nicht geöffnet werden! Systemfehler [2]: Das System kann die angegebene Datei nicht finden. Beginne mit der Suche in 'C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp00001a05' Der zu durchsuchende Pfad C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp00001a05 konnte nicht geöffnet werden! Systemfehler [2]: Das System kann die angegebene Datei nicht finden. Beginne mit der Suche in 'C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp00001a07' Der zu durchsuchende Pfad C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp00001a07 konnte nicht geöffnet werden! Systemfehler [2]: Das System kann die angegebene Datei nicht finden. Beginne mit der Suche in 'C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp00001a09' Der zu durchsuchende Pfad C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp00001a09 konnte nicht geöffnet werden! Systemfehler [2]: Das System kann die angegebene Datei nicht finden. Beginne mit der Suche in 'C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp00001a0b' Der zu durchsuchende Pfad C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp00001a0b konnte nicht geöffnet werden! Systemfehler [2]: Das System kann die angegebene Datei nicht finden. Beginne mit der Suche in 'C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp00001a0d' Der zu durchsuchende Pfad C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp00001a0d konnte nicht geöffnet werden! Systemfehler [2]: Das System kann die angegebene Datei nicht finden. Beginne mit der Suche in 'C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp00001a0f' Der zu durchsuchende Pfad C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp00001a0f konnte nicht geöffnet werden! Systemfehler [2]: Das System kann die angegebene Datei nicht finden. Beginne mit der Suche in 'C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp00001a11' Der zu durchsuchende Pfad C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp00001a11 konnte nicht geöffnet werden! Systemfehler [2]: Das System kann die angegebene Datei nicht finden. Beginne mit der Suche in 'C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp00001a1b' Der zu durchsuchende Pfad C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp00001a1b konnte nicht geöffnet werden! Systemfehler [2]: Das System kann die angegebene Datei nicht finden. Beginne mit der Suche in 'C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp00001a1d' Der zu durchsuchende Pfad C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp00001a1d konnte nicht geöffnet werden! Systemfehler [2]: Das System kann die angegebene Datei nicht finden. Beginne mit der Suche in 'C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp00001a2e' Der zu durchsuchende Pfad C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp00001a2e konnte nicht geöffnet werden! Systemfehler [2]: Das System kann die angegebene Datei nicht finden. Beginne mit der Suche in 'C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp00001a3f' Der zu durchsuchende Pfad C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp00001a3f konnte nicht geöffnet werden! Systemfehler [2]: Das System kann die angegebene Datei nicht finden. Beginne mit der Suche in 'C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp00001a41' Der zu durchsuchende Pfad C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp00001a41 konnte nicht geöffnet werden! Systemfehler [2]: Das System kann die angegebene Datei nicht finden. Beginne mit der Suche in 'C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp00001a43' Der zu durchsuchende Pfad C:\Windows\Temp\ed9c7e94-4347-4785-a1ab-3bc270a98753\tmp000001b3\tmp00001a43 konnte nicht geöffnet werden! Systemfehler [2]: Das System kann die angegebene Datei nicht finden. Ende des Suchlaufs: Dienstag, 1. März 2016 09:04 Benötigte Zeit: 01:45 Minute(n) Der Suchlauf wurde vollständig durchgeführt. 0 Verzeichnisse wurden überprüft 2350 Dateien wurden geprüft 1 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 0 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 2349 Dateien ohne Befall 156 Archive wurden durchsucht 0 Warnungen 1 Hinweise 223361 Objekte wurden beim Rootkitscan durchsucht 0 Versteckte Objekte wurden gefunden Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 01.03.2016 Suchlaufzeit: 09:15 Protokolldatei: MBAM0103.txt Administrator: Ja Version: 2.2.0.1024 Malware-Datenbank: v2016.03.01.02 Rootkit-Datenbank: v2016.02.27.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 10 CPU: x64 Dateisystem: NTFS Benutzer: XXXXX Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 558066 Abgelaufene Zeit: 11 Min., 12 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 0 (keine bösartigen Elemente erkannt) Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:27-02-2016 durchgeführt von XXXXXX (Administrator) auf EARTH1 (01-03-2016 09:33:32) Gestartet von I:\PinheiroLLB\Downloads Geladene Profile: XXXXXX & (Verfügbare Profile:XXXXXX & UpdatusUser & Annabelle) Platform: Windows 10 Home Version 1511 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: Edge) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareService.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Malwarebytes) G:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) G:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe (Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTray.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Dropbox, Inc.) C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\Dropbox.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe (Nullsoft, Inc.) G:\Program Files (x86)\Winamp\winampa.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (AgileBits) G:\Program Files (x86)\1Password 4\Agile1pAgent.exe (antispameurope GmbH) C:\Program Files (x86)\HORNETDRIVE\HORNETDRIVE.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE (Malwarebytes) G:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (AgileBits) G:\Program Files (x86)\1Password 4\1Password.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.201.11370.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7560296 2011-12-12] (Realtek Semiconductor) HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2012-09-04] (Saitek) HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2012-09-04] (Saitek) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.) HKLM\...\Run: [] => [X] HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTray.exe [9581280 2016-01-28] () HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [804168 2016-02-20] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-12-17] (Apple Inc.) HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.) HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) HKLM-x32\...\Run: [WinampAgent] => G:\Program Files (x86)\Winamp\winampa.exe [85600 2013-11-26] (Nullsoft, Inc.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498720 2015-12-17] (Adobe Systems Inc.) HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2014-11-19] (Cisco Systems, Inc.) HKLM-x32\...\Run: [Agile1pAgent] => G:\Program Files (x86)\1Password 4\Agile1pAgent.exe [4882360 2016-02-23] (AgileBits) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-01-27] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-07-20] (Western Digital Technologies, Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated) HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.) HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Run: [SanDiskSecureAccess_Manager.exe] => C:\Users\PinheiroLLB\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [30705792 2012-02-14] (Gemalto N.V.) HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.) HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe [761056 2015-12-17] (Adobe Systems Incorporated) HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-10-21] (Apple Inc.) HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1079592 2015-06-26] (Apple Inc.) HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Run: [SkyDrive] => C:\Users\PinheiroLLB\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2015-03-21] (Microsoft Corporation) HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Run: [Dropbox Update] => C:\Users\PinheiroLLB\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.) HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50605696 2016-02-10] (Skype Technologies S.A.) HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd) HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.) HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SanDiskSecureAccess_Manager.exe] => C:\Users\PinheiroLLB\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [30705792 2012-02-14] (Gemalto N.V.) HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.) HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe [761056 2015-12-17] (Adobe Systems Incorporated) HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-10-21] (Apple Inc.) HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1079592 2015-06-26] (Apple Inc.) HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SkyDrive] => C:\Users\PinheiroLLB\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2015-03-21] (Microsoft Corporation) HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Dropbox Update] => C:\Users\PinheiroLLB\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.) HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50605696 2016-02-10] (Skype Technologies S.A.) HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd) HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.) HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [SanDiskSecureAccess_Manager.exe] => C:\Users\PinheiroLLB\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [30705792 2012-02-14] (Gemalto N.V.) HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.) HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe [761056 2015-12-17] (Adobe Systems Incorporated) HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-10-21] (Apple Inc.) HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1079592 2015-06-26] (Apple Inc.) HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [SkyDrive] => C:\Users\PinheiroLLB\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2015-03-21] (Microsoft Corporation) HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Dropbox Update] => C:\Users\PinheiroLLB\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.) HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50605696 2016-02-10] (Skype Technologies S.A.) HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd) HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.) HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [SanDiskSecureAccess_Manager.exe] => C:\Users\PinheiroLLB\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [30705792 2012-02-14] (Gemalto N.V.) HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.) HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe [761056 2015-12-17] (Adobe Systems Incorporated) HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-10-21] (Apple Inc.) HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1079592 2015-06-26] (Apple Inc.) HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [SkyDrive] => C:\Users\PinheiroLLB\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2015-03-21] (Microsoft Corporation) HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [Dropbox Update] => C:\Users\PinheiroLLB\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.) HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50605696 2016-02-10] (Skype Technologies S.A.) HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd) HKU\S-1-5-21-942671010-3624539665-887436449-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation) HKU\S-1-5-21-942671010-3624539665-887436449-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation) HKU\S-1-5-21-942671010-3624539665-887436449-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation) HKU\S-1-5-21-942671010-3624539665-887436449-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.) HKU\S-1-5-21-942671010-3624539665-887436449-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.) HKU\S-1-5-21-942671010-3624539665-887436449-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-10-21] (Apple Inc.) HKU\S-1-5-21-942671010-3624539665-887436449-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.) HKU\S-1-5-21-942671010-3624539665-887436449-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.) HKU\S-1-5-21-942671010-3624539665-887436449-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-10-21] (Apple Inc.) HKU\S-1-5-21-942671010-3624539665-887436449-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.) HKU\S-1-5-21-942671010-3624539665-887436449-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.) HKU\S-1-5-21-942671010-3624539665-887436449-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-10-21] (Apple Inc.) ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\PinheiroLLB\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918_6\amd64\SkyDriveShell64.dll [2015-03-21] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\PinheiroLLB\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918_6\amd64\SkyDriveShell64.dll [2015-03-21] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\PinheiroLLB\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918_6\amd64\SkyDriveShell64.dll [2015-03-21] (Microsoft Corporation) ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\PinheiroLLB\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_10\FileSyncShell.dll [2016-02-25] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\PinheiroLLB\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_10\FileSyncShell.dll [2016-02-25] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\PinheiroLLB\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_10\FileSyncShell.dll [2016-02-25] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation) Startup: C:\Users\PinheiroLLB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2016-02-27] ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation) Startup: C:\Users\PinheiroLLB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-02-22] ShortcutTarget: Dropbox.lnk -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\PinheiroLLB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HORNETDRIVE starten.lnk [2015-03-27] ShortcutTarget: HORNETDRIVE starten.lnk -> C:\Program Files (x86)\HORNETDRIVE\HORNETDRIVE.exe (antispameurope GmbH) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{e3750fe7-67b0-4170-b8e0-591dd6c63e62}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKU\S-1-5-21-942671010-3624539665-887436449-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-942671010-3624539665-887436449-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-942671010-3624539665-887436449-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: 1Password -> {037C06D5-3893-49E8-9AC0-41F7524AFBF5} -> G:\Program Files (x86)\1Password 4\x64\Agile1pIE4.dll [2016-02-23] (AgileBits) BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-02-23] (Microsoft Corporation) BHO: Kein Name -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> Keine Datei BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-02-23] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated) BHO-x32: 1Password -> {037C06D5-3893-49E8-9AC0-41F7524AFBF5} -> G:\Program Files (x86)\1Password 4\x86\Agile1pIE4.dll [2016-02-23] (AgileBits) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-02-23] (Microsoft Corporation) BHO-x32: Kein Name -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> Keine Datei BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-20] (Oracle Corporation) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-20] (Oracle Corporation) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-942671010-3624539665-887436449-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\PinheiroLLB\AppData\Roaming\Mozilla\Firefox\Profiles\5pzyhjcy.default FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-10] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2013-09-04] (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] () FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-20] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-20] (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-10-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-02-09] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-02-09] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> G:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-09-23] (VideoLAN) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2015-12-17] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems) FF Extension: Avira Browser Safety - C:\Users\PinheiroLLB\AppData\Roaming\Mozilla\Firefox\Profiles\5pzyhjcy.default\Extensions\abs@avira.com.xpi [2016-02-26] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-01-15] StartMenuInternet: FIREFOX.EXE - C:\Users\PinheiroLLB\Documents\Firefox Browser\App\Firefox\firefox.exe Chrome: ======= CHR Profile: C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-01] CHR Extension: (Google Docs) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-01] CHR Extension: (1Password: Password Manager and Secure Wallet) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomjjhallfgjeglblehebfpbcfeobpgk [2016-01-22] CHR Extension: (Google Drive) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-01] CHR Extension: (YouTube) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-01] CHR Extension: (Google Search) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01] CHR Extension: (Adobe Acrobat) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-11-10] CHR Extension: (Google Sheets) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-01] CHR Extension: (iCloud Bookmarks) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2015-11-01] CHR Extension: (Google Analytics Opt-out Add-on (by Google)) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh [2015-11-01] CHR Extension: (Avira Browser Safety) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-02-23] CHR Extension: (Google Docs Offline) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-20] CHR Extension: (Mailvelope) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajibbejlbohfaggdiogboambcijhkke [2016-02-25] CHR Extension: (Chrome Web Store Payments) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-01] CHR Extension: (Gmail) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-01] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2015-12-17] CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08] CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - hxxps://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [948392 2016-02-20] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [466408 2016-02-20] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [466408 2016-02-20] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1417592 2016-02-20] (Avira Operations GmbH & Co. KG) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.) R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [260456 2016-01-27] (Avira Operations GmbH & Co. KG) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation) R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [514128 2012-03-19] (REINER SCT) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2809072 2016-01-20] (Microsoft Corporation) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [Datei ist nicht signiert] R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareService.exe [712432 2016-01-28] () R2 MBAMScheduler; G:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) S2 MBAMService; G:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 StarMoney 10 OnlineUpdate; C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe [701760 2016-01-26] (Star Finanz-Software Entwicklung und Vertriebs GmbH) R2 StarMoney 8.0 OnlineUpdate; G:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH) R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-10-28] (Western Digital Technologies, Inc.) R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [307576 2015-10-28] (Western Digital Technologies, Inc.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [135880 2016-01-16] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [146704 2016-02-20] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2016-01-16] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [73032 2016-01-16] (Avira Operations GmbH & Co. KG) S3 cjusb; C:\Windows\system32\DRIVERS\cjusb.sys [34672 2011-03-29] (REINER SCT) R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.99.0\gzflt.sys [155912 2015-12-09] (BitDefender LLC) R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [37392 2009-08-31] (Paragon Software Group) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-01] (Malwarebytes) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek ) R3 SaiH0461; C:\Windows\system32\DRIVERS\SaiH0461.sys [171144 2007-05-01] (Saitek) S3 SaiH0763; C:\Windows\system32\DRIVERS\SaiH0763.sys [176640 2007-07-18] (Saitek) R3 SaiMini; C:\Windows\System32\drivers\SaiMini.sys [24680 2012-09-05] (Saitek) R3 SaiNtBus; C:\Windows\system32\drivers\SaiBus.sys [52200 2012-09-05] (Saitek) S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-12-09] (BitDefender S.R.L.) S3 vpnva; C:\Windows\System32\drivers\vpnva64-6.sys [52592 2014-11-19] (Cisco Systems, Inc.) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) U3 idsvc; kein ImagePath U3 wpcsvc; kein ImagePath ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-03-01 09:31 - 2016-03-01 09:32 - 00000000 ____D C:\Users\PinheiroLLB\Desktop\Rouge Malware 2016-02-29 21:40 - 2016-02-29 21:40 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2016-02-29 21:39 - 2016-02-29 21:41 - 00198726 _____ C:\WINDOWS\ntbtlog.txt 2016-02-29 21:21 - 2016-02-29 21:21 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Local\Avira-Scout 2016-02-29 21:20 - 2016-02-29 21:21 - 00002353 _____ C:\Users\PinheiroLLB\Desktop\Avira Scout.lnk 2016-02-29 21:20 - 2016-02-29 21:20 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Avira 2016-02-29 21:20 - 2016-02-29 21:20 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Local\Package Cache 2016-02-27 14:20 - 2016-02-27 14:20 - 00000000 ____D C:\Users\PinheiroLLB\SkyDrive 2016-02-27 12:01 - 2016-02-27 12:01 - 00000831 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2016-02-27 11:53 - 2016-02-27 11:56 - 00000000 ____D C:\AVZ 2016-02-27 10:46 - 2016-02-27 10:46 - 00000000 _____ C:\Users\PinheiroLLB\Desktop\Neues Textdokument (3).txt 2016-02-22 13:39 - 2016-02-22 18:27 - 00000000 ____D C:\Users\PinheiroLLB\Desktop\Dokumente 2016-02-22 11:48 - 2016-02-22 11:48 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-02-13 16:52 - 2016-02-13 16:52 - 00000000 ____D C:\Users\PinheiroLLB\Desktop\Glasgow UB Box 2016-02-12 09:05 - 2016-02-12 09:05 - 00143554 _____ C:\Users\PinheiroLLB\Desktop\CCR12022016_00000.pdf 2016-02-12 08:46 - 2016-02-12 08:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft 2016-02-12 08:46 - 2016-02-12 08:46 - 00000000 ____D C:\Program Files\Common Files\Lavasoft 2016-02-11 12:34 - 2016-02-11 12:34 - 00000949 _____ C:\Users\Public\Desktop\King's Quest II.lnk 2016-02-11 12:34 - 2016-02-11 12:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AGD Interactive 2016-02-10 12:43 - 2016-01-29 07:57 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2016-02-10 12:43 - 2016-01-29 07:33 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2016-02-10 12:43 - 2016-01-27 07:15 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2016-02-10 12:43 - 2016-01-27 07:15 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2016-02-10 12:43 - 2016-01-27 07:01 - 07476064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-02-10 12:43 - 2016-01-27 07:01 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2016-02-10 12:43 - 2016-01-27 07:01 - 01819720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2016-02-10 12:43 - 2016-01-27 06:59 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe 2016-02-10 12:43 - 2016-01-27 06:57 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2016-02-10 12:43 - 2016-01-27 06:57 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll 2016-02-10 12:43 - 2016-01-27 06:57 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll 2016-02-10 12:43 - 2016-01-27 06:56 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2016-02-10 12:43 - 2016-01-27 06:55 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2016-02-10 12:43 - 2016-01-27 06:55 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe 2016-02-10 12:43 - 2016-01-27 06:54 - 00295264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2016-02-10 12:43 - 2016-01-27 06:46 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll 2016-02-10 12:43 - 2016-01-27 06:46 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll 2016-02-10 12:43 - 2016-01-27 06:45 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2016-02-10 12:43 - 2016-01-27 06:45 - 06605544 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2016-02-10 12:43 - 2016-01-27 06:44 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2016-02-10 12:43 - 2016-01-27 06:44 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe 2016-02-10 12:43 - 2016-01-27 06:43 - 00359776 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2016-02-10 12:43 - 2016-01-27 06:37 - 01998176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2016-02-10 12:43 - 2016-01-27 06:37 - 00576352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2016-02-10 12:43 - 2016-01-27 06:21 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll 2016-02-10 12:43 - 2016-01-27 06:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll 2016-02-10 12:43 - 2016-01-27 06:13 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll 2016-02-10 12:43 - 2016-01-27 06:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2016-02-10 12:43 - 2016-01-27 06:11 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll 2016-02-10 12:43 - 2016-01-27 06:10 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2016-02-10 12:43 - 2016-01-27 06:10 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll 2016-02-10 12:43 - 2016-01-27 06:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll 2016-02-10 12:43 - 2016-01-27 06:08 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll 2016-02-10 12:43 - 2016-01-27 06:07 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll 2016-02-10 12:43 - 2016-01-27 06:05 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-02-10 12:43 - 2016-01-27 06:05 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2016-02-10 12:43 - 2016-01-27 06:05 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll 2016-02-10 12:43 - 2016-01-27 06:05 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2016-02-10 12:43 - 2016-01-27 06:04 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2016-02-10 12:43 - 2016-01-27 06:04 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll 2016-02-10 12:43 - 2016-01-27 06:03 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll 2016-02-10 12:43 - 2016-01-27 06:02 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll 2016-02-10 12:43 - 2016-01-27 06:01 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2016-02-10 12:43 - 2016-01-27 05:59 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll 2016-02-10 12:43 - 2016-01-27 05:58 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2016-02-10 12:43 - 2016-01-27 05:57 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2016-02-10 12:43 - 2016-01-27 05:55 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2016-02-10 12:43 - 2016-01-27 05:55 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2016-02-10 12:43 - 2016-01-27 05:54 - 24603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-02-10 12:43 - 2016-01-27 05:52 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2016-02-10 12:43 - 2016-01-27 05:50 - 02230784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2016-02-10 12:43 - 2016-01-27 05:50 - 01504768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2016-02-10 12:43 - 2016-01-27 05:50 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys 2016-02-10 12:43 - 2016-01-27 05:49 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2016-02-10 12:43 - 2016-01-27 05:48 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-02-10 12:43 - 2016-01-27 05:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll 2016-02-10 12:43 - 2016-01-27 05:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2016-02-10 12:43 - 2016-01-27 05:41 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2016-02-10 12:43 - 2016-01-27 05:39 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2016-02-10 12:43 - 2016-01-27 05:38 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2016-02-10 12:43 - 2016-01-27 05:38 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-02-10 12:43 - 2016-01-27 05:37 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2016-02-10 12:43 - 2016-01-27 05:36 - 02757120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2016-02-10 12:43 - 2016-01-27 05:32 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll 2016-02-10 12:43 - 2016-01-27 05:31 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll 2016-02-10 10:29 - 2016-02-10 10:29 - 00002402 _____ C:\Users\Annabelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-02-10 10:29 - 2016-02-10 10:29 - 00000000 ___RD C:\Users\Annabelle\OneDrive 2016-02-10 10:28 - 2016-02-10 10:29 - 00000000 ____D C:\Users\Annabelle\AppData\Local\Packages 2016-02-10 10:28 - 2016-02-10 10:28 - 00000020 ___SH C:\Users\Annabelle\ntuser.ini 2016-02-10 10:28 - 2016-02-10 10:28 - 00000000 ____D C:\Users\Annabelle\AppData\Local\TileDataLayer 2016-02-10 10:28 - 2016-02-10 10:28 - 00000000 ____D C:\Users\Annabelle\AppData\Local\Publishers 2016-02-01 09:39 - 2016-02-01 09:39 - 00000762 _____ C:\Users\PinheiroLLB\Desktop\SpeedFan.lnk 2016-02-01 09:03 - 2016-02-01 09:03 - 00000000 ____D C:\Program Files\Western Digital ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-03-01 09:33 - 2014-10-30 14:00 - 00000000 ____D C:\FRST 2016-03-01 09:24 - 2012-10-13 17:15 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-03-01 09:07 - 2012-10-03 14:32 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Local\3687D008-A3F4-44C5-9AB9-7FFCC06ABFD1.aplzod 2016-03-01 09:01 - 2012-12-09 15:26 - 00001132 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-03-01 08:57 - 2014-11-05 15:12 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-03-01 08:56 - 2016-01-16 12:35 - 02113870 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-03-01 08:56 - 2015-10-30 19:35 - 00898280 _____ C:\WINDOWS\system32\perfh007.dat 2016-03-01 08:56 - 2015-10-30 19:35 - 00201766 _____ C:\WINDOWS\system32\perfc007.dat 2016-03-01 08:56 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF 2016-03-01 08:53 - 2015-03-27 15:43 - 00000000 ___RD C:\Users\PinheiroLLB\Documents\Drives 2016-03-01 08:53 - 2015-03-27 15:42 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Roaming\HORNETDRIVE 2016-03-01 08:53 - 2014-11-05 15:21 - 00000000 ___RD C:\Users\PinheiroLLB\iCloudDrive 2016-03-01 08:53 - 2013-07-25 09:15 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Roaming\Dropbox 2016-03-01 08:52 - 2012-12-09 15:26 - 00001128 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-03-01 08:51 - 2016-01-16 12:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-03-01 08:51 - 2016-01-16 12:35 - 00000000 ____D C:\ProgramData\NVIDIA 2016-03-01 08:51 - 2015-09-20 18:27 - 00008192 _____ C:\WINDOWS\SysWOW64\WDPABKP.dat 2016-02-29 22:09 - 2015-10-30 07:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2016-02-29 22:00 - 2014-06-03 17:32 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Roaming\Skype 2016-02-29 21:20 - 2012-10-02 19:08 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Roaming\Avira 2016-02-29 20:49 - 2015-06-16 08:53 - 00001248 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-942671010-3624539665-887436449-1000UA.job 2016-02-29 20:42 - 2015-06-17 13:57 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Roaming\AgileBits 2016-02-29 11:40 - 2014-12-03 14:18 - 00004162 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{261599DF-B78D-4986-93D8-1E134244C5C4} 2016-02-27 14:20 - 2016-01-16 12:36 - 00000000 ____D C:\Users\PinheiroLLB 2016-02-27 13:49 - 2015-06-16 08:53 - 00001196 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-942671010-3624539665-887436449-1000Core.job 2016-02-27 12:31 - 2015-07-03 09:51 - 00000000 ____D C:\Users\PinheiroLLB\Desktop\Dirk Projekte 2016-02-27 12:11 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-02-27 12:01 - 2014-11-05 15:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2016-02-27 11:50 - 2016-01-16 12:47 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Local\Packages 2016-02-27 10:38 - 2015-05-23 13:15 - 00000000 ____D C:\Program Files (x86)\StarMoney 10 2016-02-26 18:04 - 2015-03-05 15:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2016-02-26 17:54 - 2013-12-15 18:30 - 00000000 ____D C:\ProgramData\Package Cache 2016-02-26 13:54 - 2012-10-07 14:55 - 00000974 _____ C:\WINDOWS\Brpfx04a.ini 2016-02-26 12:08 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps 2016-02-26 12:07 - 2015-03-21 20:46 - 00000000 ___RD C:\Users\PinheiroLLB\OneDrive 2016-02-26 11:15 - 2012-10-23 14:02 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Roaming\PC-FAX TX 2016-02-25 22:48 - 2016-01-17 16:30 - 00002437 _____ C:\Users\PinheiroLLB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-02-24 09:20 - 2015-10-30 08:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-02-24 09:19 - 2013-10-09 12:24 - 00000000 ____D C:\Program Files\Microsoft Office 15 2016-02-22 12:03 - 2015-11-01 12:39 - 00002264 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-02-20 19:32 - 2013-03-31 20:19 - 00146704 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys 2016-02-17 13:58 - 2016-01-16 12:32 - 00000000 ____D C:\Windows.old 2016-02-16 10:27 - 2014-06-03 17:32 - 00000000 ____D C:\ProgramData\Skype 2016-02-13 12:07 - 2014-11-05 15:21 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Local\Apple Inc 2016-02-12 09:29 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\rescache 2016-02-10 20:43 - 2016-01-16 12:47 - 00000000 __RHD C:\Users\Public\AccountPictures 2016-02-10 17:12 - 2015-10-30 19:44 - 00000000 ____D C:\Program Files\Windows Journal 2016-02-10 12:47 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-02-10 12:47 - 2014-08-23 13:21 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-02-10 12:43 - 2014-08-23 13:21 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-02-10 10:29 - 2016-01-16 12:36 - 00000000 ____D C:\Users\Annabelle 2016-02-10 10:29 - 2015-08-27 16:44 - 00000000 ___RD C:\Users\Annabelle\iCloudDrive 2016-02-10 10:28 - 2015-08-27 16:36 - 00002354 _____ C:\Users\Annabelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-02-10 10:28 - 2015-08-27 16:36 - 00002324 _____ C:\Users\Annabelle\Desktop\Google Chrome.lnk 2016-02-05 16:35 - 2015-11-26 17:38 - 00000000 ____D C:\ProgramData\RavensburgerTipToi3 2016-02-05 16:35 - 2015-11-26 17:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\tiptoi® Manager 2016-02-05 16:34 - 2015-11-26 17:30 - 00000000 ____D C:\Users\PinheiroLLB\.oracle_jre_usage 2016-02-05 16:34 - 2014-10-09 15:32 - 00000000 ____D C:\ProgramData\RavensburgerTipToi 2016-02-03 20:01 - 2015-10-30 08:26 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2016-02-03 20:01 - 2015-10-30 08:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2016-02-03 17:41 - 2016-01-16 12:58 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Local\MicrosoftEdge 2016-02-02 13:56 - 2012-12-09 15:26 - 00004190 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2016-02-02 13:56 - 2012-12-09 15:26 - 00003958 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2016-02-01 09:39 - 2015-04-30 09:34 - 00000045 _____ C:\WINDOWS\SysWOW64\initdebug.nfo 2016-02-01 09:03 - 2015-09-20 10:18 - 00000000 ____D C:\ProgramData\Western Digital 2016-02-01 09:03 - 2015-09-20 10:18 - 00000000 ____D C:\Program Files\Common Files\Western Digital 2016-02-01 09:03 - 2015-09-20 10:18 - 00000000 ____D C:\Program Files (x86)\Western Digital 2016-02-01 01:06 - 2015-10-30 08:24 - 00000000 ___SD C:\WINDOWS\system32\F12 2016-02-01 01:06 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog 2016-02-01 01:06 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2016-02-01 01:06 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2016-02-01 01:06 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\oobe 2016-02-01 01:06 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\appraiser 2016-02-01 01:06 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\bcastdvr ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2014-06-12 14:45 - 2014-06-12 14:45 - 0038515 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Durch Trennzeichen getrennte Werte.ADR 2015-02-03 09:30 - 2015-02-03 09:41 - 0000600 _____ () C:\Users\PinheiroLLB\AppData\Local\PUTTY.RND 2013-03-31 21:56 - 2015-04-19 15:52 - 0007636 _____ () C:\Users\PinheiroLLB\AppData\Local\resmon.resmoncfg 2012-12-12 15:36 - 2013-12-11 21:20 - 0000080 _____ () C:\Users\PinheiroLLB\AppData\Local\X-Plane Installer.prf 2012-12-12 10:59 - 2014-03-15 18:34 - 0000073 _____ () C:\Users\PinheiroLLB\AppData\Local\X-Plane_drm.prf 2012-12-12 11:03 - 2012-12-26 20:13 - 0000047 _____ () C:\Users\PinheiroLLB\AppData\Local\x-plane_install_10.txt Dateien, die verschoben oder gelöscht werden sollten: ==================== C:\Users\PinheiroLLB\FSDreamTeam_GSX.reg C:\Users\PinheiroLLB\FSDreamTeam_JFK V2.reg C:\Users\PinheiroLLB\FSDreamTeam_JFK.reg C:\Users\PinheiroLLB\FSDreamTeam_KLAS.reg C:\Users\PinheiroLLB\FSDreamTeam_Los Angeles V2.reg C:\Users\PinheiroLLB\QualityWings_Ultimate 757 Collection.reg Einige Dateien in TEMP: ==================== C:\Users\Annabelle\AppData\Local\Temp\avgnt.exe C:\Users\PinheiroLLB\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2016-02-29 15:31 ==================== Ende von FRST.txt ============================ |
01.03.2016, 09:55 | #2 |
| Win 10 Rogue.953320 MalwareCode:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:27-02-2016 durchgeführt von XXXXX (2016-03-01 09:33:52) Gestartet von I:\PinheiroLLB\Downloads Windows 10 Home Version 1511 (X64) (2016-01-16 11:47:43) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-942671010-3624539665-887436449-500 - Administrator - Disabled) Annabelle (S-1-5-21-942671010-3624539665-887436449-1005 - Limited - Enabled) => C:\Users\Annabelle DefaultAccount (S-1-5-21-942671010-3624539665-887436449-503 - Limited - Disabled) Gast (S-1-5-21-942671010-3624539665-887436449-501 - Limited - Disabled) PinheiroLLB (S-1-5-21-942671010-3624539665-887436449-1000 - Administrator - Enabled) => C:\Users\PinheiroLLB UpdatusUser (S-1-5-21-942671010-3624539665-887436449-1002 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Ad-Aware Antivirus (Enabled - Up to date) {B0CC18C6-E527-6EE6-874C-9D19920E5619} AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Ad-Aware Antivirus (Enabled - Up to date) {0BADF922-C31D-6168-BDFC-A66BE9891CA4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Ad-Aware Firewall (Disabled) {88F799E3-AF48-6FBE-AC13-342C6CDD1162} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) Active Sky Advanced (HKLM-x32\...\{9B091E1C-781A-4769-9A8D-9AFB6A39EBCC}) (Version: 1.00.0316 - HiFi Flightware) Ad-Aware Antivirus (HKLM\...\{50E2E8FE-1F8B-4F21-BE9F-F9152D3EA5B1}_AdAwareUpdater) (Version: 11.10.767.8917 - Lavasoft) AdAwareInstaller (Version: 11.10.767.8917 - Lavasoft) Hidden AdAwareUpdater (Version: 11.10.767.8917 - Lavasoft) Hidden Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.14 - Adobe Systems) Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\{BCFB58FF-181E-472F-A9DB-827B75C1EDF7}) (Version: 12.0.4.144 - Adobe Systems, Inc) Aerosoft's - Aerosoft Launcher (HKLM-x32\...\{EE11CFFC-898C-4875-8A63-8B732A9AD43B}) (Version: 1.2.0.3 - Aerosoft) Aerosoft's - Airbus A318-A319 - PREPAR3D V2.x (HKLM-x32\...\Airbus A318-A319 - PREPAR3D V2.x) (Version: 1.00 - Aerosoft) Aerosoft's - Airbus X Extended - FSX (HKLM-x32\...\Airbus X Extended - FSX) (Version: 1.16 - Aerosoft) Aerosoft's - Airbus X Extended - PrePar3D (HKLM-x32\...\Airbus X Extended - PrePar3D) (Version: 1.16 - Aerosoft) Aerosoft's - Anchorage X (HKLM-x32\...\{3D88DF20-8778-422F-933D-4C4D74210045}) (Version: 1.00 - Aerosoft) aerosoft's - FlightSim Commander 9 (HKLM-x32\...\{F941AABE-E868-42D9-9F38-884250F7898A}) (Version: 9.2.2.0 - aerosoft) Aerosoft's - Manhattan X (HKLM-x32\...\{6ED3756D-BA23-4938-94F9-7C2BFC9B86FC}) (Version: 1.20 - Aerosoft) aerosoft's - Mega Airport Frankfurt X (HKLM-x32\...\{BAEE0C24-C8C2-4820-9DF4-887909F1A286}) (Version: 1.04 - aerosoft) aerosoft's - Nice Cote dAzur X (HKLM-x32\...\{90447E05-DE8E-470D-8D3E-C871D2AE74AF}) (Version: 1.10 - aerosoft) aerosoft's - USCitiesX - San Francisco (HKLM-x32\...\{DF91C497-0315-43F9-BB85-24D82FE5B11A}) (Version: 1.01 - aerosoft) Airbus Series 2 - Evolution Upgrade (FSX) (HKLM-x32\...\Airbus Series 2 - Evolution Upgrade (FSX)) (Version: - ) Airbus Series Vol.2 (FS X) (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Airbus Series Vol.2 (FS X)) (Version: - ) Airbus Series Vol.2 (FS X) (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Airbus Series Vol.2 (FS X)) (Version: - ) Airbus Series Vol.2 (FS X) (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Airbus Series Vol.2 (FS X)) (Version: - ) Airbus Series Vol.2 (FS X) (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Airbus Series Vol.2 (FS X)) (Version: - ) Airport Amsterdam (HKLM-x32\...\Airport Amsterdam) (Version: 1.0.0.0 - Aerosoft GmbH) Airport Zurich (HKLM-x32\...\Airport Zurich) (Version: 1.1.0.0 - Aerosoft GmbH) AivlaSoft EFB (HKLM-x32\...\AivlaSoft EFB) (Version: 1.3.7 - AivlaSoft GmbH) AlacrityPC (HKLM-x32\...\{B6D0F294-B844-4FAF-9993-FAC10E9E0F94}) (Version: 1.0.0 - Ken Salter) Amazon Kindle (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Amazon Kindle) (Version: - Amazon) Amazon Kindle (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Amazon Kindle) (Version: - Amazon) Amazon Kindle (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Amazon Kindle) (Version: - Amazon) Amazon Kindle (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Amazon Kindle) (Version: - Amazon) AntimalwareEngine (Version: 3.0.99.0 - Lavasoft) Hidden Apple Application Support (32-Bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.) Apple Application Support (64-Bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.) Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.15.141 - Avira Operations GmbH & Co. KG) Avira Launcher (HKLM-x32\...\{3b87484e-d70b-4b4f-ad59-2ae89571e2cf}) (Version: 1.1.56.9119 - Avira Operations GmbH & Co. KG) Avira Launcher (x32 Version: 1.1.56.9119 - Avira Operations GmbH & Co. KG) Hidden Avira Scout (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\{3cc6cc67-d693-4af9-9320-241d34083394}) (Version: 16.2.15.170 - Avira Operations GmbH & Co. KG) Avira Scout (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{3cc6cc67-d693-4af9-9320-241d34083394}) (Version: 16.2.15.170 - Avira Operations GmbH & Co. KG) Avira Scout (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\{3cc6cc67-d693-4af9-9320-241d34083394}) (Version: 16.2.15.170 - Avira Operations GmbH & Co. KG) Avira Scout (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\{3cc6cc67-d693-4af9-9320-241d34083394}) (Version: 16.2.15.170 - Avira Operations GmbH & Co. KG) AviraScoutMsi (x32 Version: 16.02.15.00170 - Avira Operations GmbH & Co. KG) Hidden BlackBox Simulation - Airbus Xtreme (Prologue) (HKLM-x32\...\BlackBox Simulation-Airbus Xtreme (Prologue)) (Version: 0.75.0 - BlackBox Simulation) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Brother MFL-Pro Suite MFC-7440N (HKLM-x32\...\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}) (Version: 1.0.1.0 - Brother Industries, Ltd.) calibre (HKLM-x32\...\{1752D07B-9BEB-414F-9B51-AA529101F0E5}) (Version: 0.9.12 - Kovid Goyal) Canon SELPHY CP800 (HKLM\...\Canon SELPHY CP800) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform) Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.06073 - Cisco Systems, Inc.) Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.06073 - Cisco Systems, Inc.) Hidden Cisco Systems VPN Client 5.0.07.0440 (HKLM\...\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}) (Version: 5.0.7 - Cisco Systems, Inc.) Citavi (HKLM-x32\...\{E12C6653-1FF0-4686-ADB8-589C13AE761F}) (Version: 3.4.0.2 - Swiss Academic Software) Citavi 4 (HKLM-x32\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.4.0.28 - Swiss Academic Software) cyberJack Base Components (HKLM-x32\...\{FC338210-F594-11D3-BA24-00001C3AB4DF}) (Version: 6.10.0 - REINER SCT) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dropbox (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Dropbox) (Version: 3.14.7 - Dropbox, Inc.) Dropbox (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 3.14.7 - Dropbox, Inc.) Dropbox (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Dropbox) (Version: 3.14.7 - Dropbox, Inc.) Dropbox (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Dropbox) (Version: 3.14.7 - Dropbox, Inc.) FileZilla Client 3.9.0.3 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.3 - Tim Kosse) Firefox Browser (remove only) (HKLM-x32\...\Firefox Browser) (Version: - ) FlightParis Bundle (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\FlightParis Bundle) (Version: - ) FlightParis Bundle (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\FlightParis Bundle) (Version: - ) FlightParis Bundle (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\FlightParis Bundle) (Version: - ) FlightParis Bundle (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\FlightParis Bundle) (Version: - ) FormatFactory 3.3.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.5.0 - Format Factory) Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden FS Global 2010 (HKLM-x32\...\FS Global 2010) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.) Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden HORNETDRIVE (HKLM-x32\...\HORNETDRIVE) (Version: 3.3.1.1086 - antispameurope GmbH) iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.) iFly Jets - The 747-400 V2 for FSX - Hotfix 1 (HKLM-x32\...\iFly Jets - The 747-400 V2 for FSX - Hotfix 1) (Version: - ) iFly Jets - The 747-400 V2 for FSX (HKLM-x32\...\iFly Jets - The 747-400 V2 for FSX) (Version: - ) iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.) Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation) Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden KeyTweak - Keyboard Remapper (remove only) (HKLM-x32\...\KeyTweak) (Version: - ) LFPN - Toussus Le Noble FSX (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\LFPN - Toussus Le Noble FSX) (Version: - ) LFPN - Toussus Le Noble FSX (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\LFPN - Toussus Le Noble FSX) (Version: - ) LFPN - Toussus Le Noble FSX (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\LFPN - Toussus Le Noble FSX) (Version: - ) LFPN - Toussus Le Noble FSX (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\LFPN - Toussus Le Noble FSX) (Version: - ) Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM-x32\...\M2698023) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM-x32\...\M2833941) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM-x32\...\M979906) (Version: - ) Microsoft .NET Framework 1.1 SP1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: - ) Microsoft .NET Framework 1.1 SP1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft ESP SimConnect Client v1.0.20.0 (HKLM-x32\...\{C0A9FCC1-9725-4679-8AC2-FE501B139B63}) (Version: 1.0.20.0 - Microsoft Corporation) Microsoft Flight Simulator SimConnect Client v10.0.60905.0 (HKLM-x32\...\{D1AC9B0B-2727-4811-91DC-1FC3C4E47A9B}) (Version: 10.0.60905.0 - Microsoft Corporation) Microsoft Flight Simulator SimConnect Client v10.0.61242.0 (HKLM-x32\...\{85DF6786-66AA-42EE-8616-AE456B07BD99}) (Version: 10.0.61242.0 - Microsoft Corporation) Microsoft Flight Simulator SimConnect Client v10.0.61259.0 (HKLM-x32\...\{D61CA184-3F6D-4A50-B2CC-7A18447D6A8D}) (Version: 10.0.61259.0 - Microsoft Corporation) Microsoft Flight Simulator X Service Pack 2 (HKLM-x32\...\{E7CC4B85-DC2F-463F-8FEB-E7398E25C19A}) (Version: 10.0.61472.0 - Microsoft Game Studios) Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation) Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.4797.1003 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation) Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser und SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) NavDataPro (HKLM-x32\...\NavDataPro) (Version: 1.0.1.6 - Aerosoft GmbH) NVIDIA 3D Vision Controller-Treiber 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.07 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 314.07 - NVIDIA Corporation) NVIDIA Grafiktreiber 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.07 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.23.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.23.1 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation) NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4797.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4797.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4797.1003 - Microsoft Corporation) Hidden Paragon Festplatten Manager 10 - Drive Backup (HKLM-x32\...\{F8013DD1-574B-4921-A473-88A2F7A34D16}) (Version: 90.00.0003 - Paragon Software) Paragon Festplatten Manager 10 - Partition Manager (HKLM\...\{986A654F-F1E4-11DD-9FCA-005056C00008}) (Version: 90.00.0003 - Paragon Software) Parallels runtime modules (x32 Version: 1.00.0000 - Parallels) Hidden Parallels USB Driver (x32 Version: 6.00.23046 - Parallels) Hidden PMDG 737 6700 NGX RTM (HKLM-x32\...\{C7EE862A-D83D-4A9F-B746-CBDE39BD7001}) (Version: 1.00.3219 - PMDG Simulations, LLC.) PMDG 737 8900 NGX (HKLM-x32\...\{20708FD5-E94D-4097-A21E-E28564CDBC06}) (Version: 1.00.3219 - PMDG Simulations, LLC.) PMDG 777-200LR/F Base Package FSX (HKLM-x32\...\{0F16340B-5B5B-4531-8D87-4952E3BCA6E6}) (Version: 1.10.6061 - PMDG Simulations, LLC.) PMDG MD-11 (FSX version of COMBO) (HKLM-x32\...\{CED6EAB9-9FFD-44B2-939A-D77905AD35F3}) (Version: 1.00.0003 - Precision Manuals Development Group) PMDGMD11X_GE_AA (HKLM-x32\...\{ABB4DB59-0284-414D-9346-4992E1856E7F}) (Version: 1.00.0000 - Precision Manuals Development Group) PMDGMD11X_GE_LH (HKLM-x32\...\{3DB1F8B4-96A5-45B8-9C50-CB5828A0B1C6}) (Version: 1.00.0000 - Precision Manuals Development Group) PMDGMD11X_PW_SR1 (HKLM-x32\...\{E5F249B9-4A7F-482E-951D-005F47F06A43}) (Version: 1.00.0000 - Precision Manuals Development Group) PMDGMD11XF_GE_LHF (HKLM-x32\...\{93ACD680-40F5-4D37-BC07-52FD96AFDDCD}) (Version: 1.00.0000 - Precision Manuals Development Group) Prepar3D v2 Academic (HKLM-x32\...\{92B3FF8A-3C33-4EFC-850D-CF29E54292D9}) (Version: 2.4.11570.0 - Lockheed Martin) Prepar3D v2 Academic (x32 Version: 2.0.9448.0 - Lockheed Martin) Hidden Professional Flight Planner X (HKLM-x32\...\{1A5D2729-4A3B-4CD5-85C8-4896FD44B78D}) (Version: 1.19 - aerosoft) RAAS Professional by FS2Crew (LOCKED) (HKLM-x32\...\RAAS Professional by FS2Crew (LOCKED)) (Version: - ) Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version: - ) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6526 - Realtek Semiconductor Corp.) REX Essential Plus Overdrive (HKLM-x32\...\{9F30A684-44DC-4BDF-89ED-70F9021B851F}) (Version: 3.5.2012.1029 - REX Game Studios) SanDiskSecureAccess_Manager.exe (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe) (Version: 1.1.19755 - Gemalto N.V.) SanDiskSecureAccess_Manager.exe (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe) (Version: 1.1.19755 - Gemalto N.V.) SanDiskSecureAccess_Manager.exe (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe) (Version: 1.1.19755 - Gemalto N.V.) SanDiskSecureAccess_Manager.exe (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe) (Version: 1.1.19755 - Gemalto N.V.) Sigel Beschriftungs-Software für Überweisung und Lastschrift (HKLM-x32\...\Sigel Beschriftungs-Software für Überweisung und Lastschrift) (Version: - ) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation) Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.) Smart Technology Programming Software 7.0.19.4 (HKLM\...\{1970C821-567B-415F-982C-134CB8FB8DAA}) (Version: 7.0.19.4 - Mad Catz) SnapAPI (x32 Version: 4.2.709 - Acronis) Hidden SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - ) StarMoney (x32 Version: 3.0.5.8 - StarFinanz) Hidden StarMoney (x32 Version: 5.0.0.226 - StarFinanz) Hidden StarMoney 10 (HKLM-x32\...\{86B730BC-FFDF-4B50-9127-851A6F152A68}) (Version: 10 - Star Finanz GmbH) StarMoney 8.0 (HKLM-x32\...\{EF2BE7ED-FE44-49B4-A6C3-919CE4790FDE}) (Version: 8.0 - Star Finanz GmbH) Streamripper (Remove only) (HKLM-x32\...\Streamripper) (Version: - ) Streamripper Plugin 1.61.27 (Remove only) (HKLM-x32\...\Streamripper.Plugin) (Version: - ) sv.net (HKLM-x32\...\sv.net) (Version: 15.0 - ITSG GmbH) syngo fastView (HKLM-x32\...\{4CF46E90-60EC-4177-9BE7-5F4BE89BC2E7}) (Version: VX57L38 - Siemens MedSW) tiptoi® Manager 3.0.9 (HKLM-x32\...\9978-5763-2995-5228) (Version: 3.0.9 - Ravensburger AG) TOPCAT 2.74 Beta 1 - Take-Off and Landing Performance Calculation Tool (HKLM-x32\...\TOPCAT) (Version: 2.74 Beta 1 - FSS GmbH) UK2000 Heathrow Xtreme FSX (HKLM-x32\...\UK2000 Heathrow Xtreme FSX) (Version: 3.0 - UK2000 Scenery) Ultimate Terrain X - Europe (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Ultimate Terrain X - Europe) (Version: - ) Ultimate Terrain X - Europe (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Ultimate Terrain X - Europe) (Version: - ) Ultimate Terrain X - Europe (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Ultimate Terrain X - Europe) (Version: - ) Ultimate Terrain X - Europe (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Ultimate Terrain X - Europe) (Version: - ) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN) vroute.info premium - 1 (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\b4d9024f4f0aca8c) (Version: 2.1.0.8 - vroute) vroute.info premium - 1 (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\b4d9024f4f0aca8c) (Version: 2.1.0.8 - vroute) vroute.info premium - 1 (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\b4d9024f4f0aca8c) (Version: 2.1.0.8 - vroute) vroute.info premium - 1 (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\b4d9024f4f0aca8c) (Version: 2.1.0.8 - vroute) vroute.info premium (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\e16201be0cba039f) (Version: 2.0.7.6 - vroute) vroute.info premium (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\e16201be0cba039f) (Version: 2.0.7.6 - vroute) vroute.info premium (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\e16201be0cba039f) (Version: 2.0.7.6 - vroute) vroute.info premium (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\e16201be0cba039f) (Version: 2.0.7.6 - vroute) WD Quick View (HKLM-x32\...\{4D0776BB-71B7-49A2-A439-24791A4620E1}) (Version: 2.4.14.13 - Western Digital Technologies, Inc.) WD SmartWare (HKLM\...\{37BF2365-3EC7-45E4-9D88-61489F932A0B}) (Version: 2.4.14.13 - Western Digital Technologies, Inc.) WD SmartWare Installer (HKLM-x32\...\{e72369b3-306a-4d10-a766-3433a65e8dc2}) (Version: 2.4.14.13 - Western Digital Technologies, Inc.) Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc) Winamp Erkennungs-Plug-in (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) Winamp Erkennungs-Plug-in (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) Winamp Erkennungs-Plug-in (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) Winamp Erkennungs-Plug-in (HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) WinRAR (HKLM\...\WinRAR archiver) (Version: - ) WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{4C810612-124B-4610-93ED-EF7357EA3EDC}) (Version: 21.00.8480 - Buhl Data Service GmbH) X-FMC (HKLM-x32\...\{D215611B-8A8A-4914-9C23-2EF36D8926CF}) (Version: 2.02 - X-FMC) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\PinheiroLLB\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_10\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.) ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {02D25461-8A94-4339-A4D5-72C73FD06B6C} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe Task: {0F573DF1-69F4-4F53-BFBA-5FC40A9A94B5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd) Task: {1532C4A2-9F69-4730-90F8-87E7A44A77EB} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Keine Datei <==== ACHTUNG Task: {1ED0FEE3-A4D0-4AF9-AAD3-505787FD7706} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe Task: {24C3E746-6452-459A-9E93-1D4A301F67D8} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG Task: {24FE594B-CC16-4D77-9ED0-7C8E004CD7C2} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG Task: {25C56614-3CEB-425E-B763-7EC3A508A8AF} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe Task: {2890FDBB-5547-411D-B472-DDE879ADECF1} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe Task: {33CC8B4F-0F03-4A72-9D9B-A4E7A5401D58} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG Task: {3C8E7229-112A-4E9D-95CD-B4653A68A123} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe Task: {42DFD782-7241-449A-9C16-3000CE033C0A} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {450FDACD-9D90-47E7-BADD-C82B624584E3} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {4B09F0D2-A506-4779-9266-C98EA768DA2C} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe Task: {4E59ED50-C5D8-4246-B1B7-C6ADB65E1BBB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated) Task: {4F953E1E-7E9C-4C24-AF6C-86D67D0CDE06} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {5749FA15-E717-4A30-B3C4-9BACA05290F3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {594C849D-DC95-4323-8508-0708E7A37F53} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe Task: {5BD7EE29-8843-48EB-A95A-6EA3038E324B} - System32\Tasks\{00710EDC-947D-4257-A20C-2F1780679420} => pcalua.exe -a C:\Users\PinheiroLLB\Downloads\HiJackThis204.exe -d C:\Users\PinheiroLLB\Downloads Task: {5F1EEA42-3777-40A9-8848-E702D088879E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG Task: {5F9C8D7F-FFD1-424B-9A3B-28358D50D00A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG Task: {6022AE36-967A-4366-A241-0B17AECD3994} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe Task: {63036FEE-3754-4790-89F4-1ED53D884167} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe Task: {68EE2EE5-CEE9-4781-8896-8CCACB349052} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-942671010-3624539665-887436449-1000Core => C:\Users\PinheiroLLB\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.) Task: {6E49DF11-B1BF-4839-B13B-43D9265A4662} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-01-12] (Microsoft Corporation) Task: {712C6861-2B14-4E72-92BA-22B6921FE2B7} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs Task: {72F91625-792E-40F4-AFDE-2057734E5437} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {772513A8-461E-40B1-87E1-4D62F8FABC73} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-01] (Google Inc.) Task: {7E0C0633-D75D-4E6A-AE88-7D42E6BB5D2C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-01] (Google Inc.) Task: {8632EC4F-0DF6-4982-A891-19549646C625} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Keine Datei <==== ACHTUNG Task: {8C7F210B-7703-4060-A8DC-CBD99340D288} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-942671010-3624539665-887436449-1000UA => C:\Users\PinheiroLLB\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.) Task: {8CFC4F80-28AD-4DCB-9F59-BDB30B2DA204} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe Task: {93738455-319D-416A-B75D-67EA051F549C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG Task: {99D23324-7E7F-440F-84AE-619A09734666} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG Task: {9B3BF89F-8FEB-485D-9B24-A0A9B726B7AA} - System32\Tasks\{F52C3292-A378-48F7-A667-A31DC6B87BB1} => pcalua.exe -a C:\Users\PinheiroLLB\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe -c --uninstall Task: {A798075D-9298-4A5C-8106-5A9354F2C71D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe Task: {B1F34822-C928-4172-BEC2-E216460AD834} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-27] (Microsoft Corporation) Task: {B49948F7-0663-4509-8CA6-74FD32D92D78} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe Task: {B57A3EAC-F055-412B-BC48-A3BCFD9A5CB1} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG Task: {B6493125-CB5A-44E4-8066-2A83AEA5FC4B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.) Task: {B9659609-4FBC-4382-83CF-A12B9611AA77} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG Task: {C1D527F1-8D21-4B03-96A2-9933D46769E2} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {CB89D200-0D95-4C40-A985-BB43DDC565C3} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe Task: {CBCB9AF3-FFCB-4AA5-9056-60961A31B62A} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe Task: {CE93E2C0-739D-4B04-B488-81855FD931D2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-01-12] (Microsoft Corporation) Task: {D2CCA1E3-A332-44F1-9A9A-4A1504CAA72E} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe Task: {D7E167E5-6342-4269-86B4-3A08BD29135A} - System32\Tasks\{955920E4-E7F9-47CF-94C4-F8E6A61CB687} => pcalua.exe -a E:\.\windows\setup.exe -d E:\ -c .\windows Task: {DC69A008-8069-4715-B7E8-FB5259456527} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG Task: {DDCC7B16-F1DF-42C3-A419-6F0CE2D85D11} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-27] (Microsoft Corporation) Task: {E841B6A3-96C0-4E06-8611-A489C577F14A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-10] (Adobe Systems Incorporated) Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs Task: {EAE387B3-2F6F-42BD-8A03-CF8A8B0EA352} - System32\Tasks\Western Digital\SmartWare\____Volume_cdbdcca7_0ca1_11e2_be20_806e6f6e6963__uuid_73656761_7465_7375_636b_0090a93953b9_SmartWare_ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe [2015-10-28] (Western Digital Technologies, Inc.) Task: {F544E0DA-E797-45D4-A13A-609AFD9B3E99} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe Task: {FE2F7AF1-CDDD-4CB5-ACBF-B8D6C2318E16} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-942671010-3624539665-887436449-1000Core.job => C:\Users\PinheiroLLB\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-942671010-3624539665-887436449-1000UA.job => C:\Users\PinheiroLLB\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2015-10-30 08:17 - 2015-10-30 08:17 - 00028672 _____ () C:\WINDOWS\SYSTEM32\efsext.dll 2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-01-16 12:35 - 2015-08-07 01:24 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2012-10-07 14:55 - 2005-04-22 12:36 - 00143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll 2016-01-28 16:44 - 2016-01-28 16:44 - 00712432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareService.exe 2016-01-28 16:48 - 2016-01-28 16:48 - 00025856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_system-vc120-mt-1_57.dll 2016-01-28 16:48 - 2016-01-28 16:48 - 00057096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_date_time-vc120-mt-1_57.dll 2016-01-28 16:48 - 2016-01-28 16:48 - 00123656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_filesystem-vc120-mt-1_57.dll 2016-01-28 16:48 - 2016-01-28 16:48 - 11674360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareServiceKernel.dll 2016-01-28 16:48 - 2016-01-28 16:48 - 03549904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\RCF.dll 2016-01-28 16:48 - 2016-01-28 16:48 - 00911616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_regex-vc120-mt-1_57.dll 2016-01-28 16:48 - 2016-01-28 16:48 - 00107776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_thread-vc120-mt-1_57.dll 2016-01-28 16:48 - 2016-01-28 16:48 - 00035072 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_chrono-vc120-mt-1_57.dll 2016-01-28 16:47 - 2016-01-28 16:47 - 00973040 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareActivation.dll 2016-01-28 16:48 - 2016-01-28 16:48 - 00561920 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareApplicationUpdater.dll 2016-01-28 16:48 - 2016-01-28 16:48 - 00847600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareGamingMode.dll 2016-01-28 16:48 - 2016-01-28 16:48 - 00101096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareReset.dll 2016-01-28 16:48 - 2016-01-28 16:48 - 00123104 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTime.dll 2016-01-28 16:48 - 2016-01-28 16:48 - 01030912 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareDefinitionsUpdater.dll 2016-01-28 16:48 - 2016-01-28 16:48 - 00905488 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareDefinitionsUpdaterScheduler.dll 2016-01-28 16:48 - 2016-01-28 16:48 - 01146608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareIgnoreList.dll 2016-01-28 16:48 - 2016-01-28 16:48 - 00243440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareQuarantine.dll 2016-01-28 16:47 - 2016-01-28 16:47 - 01594624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareAntiMalwareEngine.dll 2016-01-28 16:48 - 2016-01-28 16:48 - 00206080 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareAntiRootkitEngine.dll 2016-01-28 16:48 - 2016-01-28 16:48 - 01210616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareScannerHistory.dll 2016-01-28 16:48 - 2016-01-28 16:48 - 01373928 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareScanner.dll 2016-01-28 16:48 - 2016-01-28 16:48 - 00036096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_timer-vc120-mt-1_57.dll 2016-01-28 16:48 - 2016-01-28 16:48 - 01019640 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareScannerScheduler.dll 2016-01-28 16:48 - 2016-01-28 16:48 - 01190656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareRealTimeProtection.dll 2016-01-28 16:48 - 2016-01-28 16:48 - 02547448 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareIncompatibles.dll 2016-01-28 16:48 - 2016-01-28 16:48 - 01489640 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareAntiSpam.dll 2016-01-28 16:48 - 2016-01-28 16:48 - 01437424 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareAntiPhishing.dll 2016-01-28 16:48 - 2016-01-28 16:48 - 03263736 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareParentalControl.dll 2016-01-28 16:48 - 2016-01-28 16:48 - 03107576 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareWebProtection.dll 2016-01-28 16:48 - 2016-01-28 16:48 - 01325816 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareEmailProtection.dll 2016-01-28 16:48 - 2016-01-28 16:48 - 00059656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_iostreams-vc120-mt-1_57.dll 2016-01-28 16:48 - 2016-01-28 16:48 - 01878784 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareNetworkProtection.dll 2016-01-28 16:48 - 2016-01-28 16:48 - 01024744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwarePromo.dll 2016-01-28 16:48 - 2016-01-28 16:48 - 00457448 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareFeedback.dll 2016-01-28 16:48 - 2016-01-28 16:48 - 02958592 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareThreatWorkAlliance.dll 2016-01-28 16:48 - 2016-01-28 16:48 - 01310952 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwarePinCode.dll 2016-01-28 16:48 - 2016-01-28 16:48 - 01027304 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareNotice.dll 2016-01-28 16:48 - 2016-01-28 16:48 - 01563888 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareAvcEngine.dll 2016-01-28 16:48 - 2016-01-28 16:48 - 01222416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareRealTimeProtectionHistory.dll 2016-01-28 16:48 - 2016-01-28 16:48 - 00519920 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareStatistics.dll 2014-08-12 09:11 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2016-01-16 12:32 - 2016-01-16 12:32 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-01-16 12:32 - 2016-01-16 12:32 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2014-05-01 20:29 - 2014-05-01 20:29 - 00098304 _____ () G:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2016-01-16 12:32 - 2016-01-16 12:32 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-01-22 09:43 - 2016-01-22 09:43 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2016-01-16 12:32 - 2016-01-16 12:32 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-01-16 12:32 - 2016-01-16 12:32 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-01-28 16:48 - 2016-01-28 16:48 - 09581280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTray.exe 2016-01-28 16:48 - 2016-01-28 16:48 - 00492288 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_locale-vc120-mt-1_57.dll 2016-01-28 16:48 - 2016-01-28 16:48 - 02266344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\HtmlFramework.dll 2016-01-28 16:48 - 2016-01-28 16:48 - 00868600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTrayDefaultSkin.dll 2016-01-16 12:32 - 2016-01-16 12:32 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-01-16 12:32 - 2016-01-16 12:32 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2016-01-29 17:25 - 2016-01-16 06:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-01-29 17:25 - 2016-01-16 06:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-01-16 12:32 - 2016-01-16 12:32 - 00529408 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.NodeWinrtWrap.dll 2015-10-30 08:18 - 2015-10-30 19:44 - 00037888 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\winrt-projections\bin\Winrt_Projections.node 2015-10-30 08:18 - 2015-10-30 19:44 - 00796160 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http\bin\NodeRT_Windows_Web_Http.node 2015-10-30 08:18 - 2015-10-30 19:44 - 00961024 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.headers\bin\NodeRT_Windows_Web_Http_Headers.node 2015-10-30 08:18 - 2015-10-30 19:44 - 00206336 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.filters\bin\NodeRT_Windows_Web_Http_Filters.node 2015-10-30 08:18 - 2015-10-30 19:44 - 00558592 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.storage.streams\bin\NodeRT_Windows_Storage_Streams.node 2015-10-30 08:18 - 2015-10-30 19:44 - 00397824 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.foundation\bin\NodeRT_Windows_Foundation.node 2015-10-30 08:18 - 2015-10-30 19:44 - 00181248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\nodert-buffer-utils\bin\NodeRT_Buffer_Utils.node 2015-10-30 08:18 - 2015-10-30 19:44 - 00093696 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.security.cryptography\bin\NodeRT_Windows_Security_Cryptography.node 2015-10-30 08:18 - 2015-10-30 19:43 - 00200192 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.cortana.pal\bin\NodeRT_Windows_Cortana_PAL.node 2016-02-09 10:47 - 2016-02-09 10:47 - 00015872 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.201.11370.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe 2016-02-09 10:47 - 2016-02-09 10:47 - 14869504 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.201.11370.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll 2016-01-16 13:26 - 2016-01-16 13:27 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.201.11370.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll 2014-11-19 16:36 - 2014-11-19 16:36 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll 2016-02-25 09:04 - 2011-01-13 10:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney 10\ouservice\PATCHW32.dll 2013-02-13 13:23 - 2011-01-13 10:44 - 00232800 _____ () G:\Program Files (x86)\StarMoney 8.0\ouservice\PATCHW32.dll 2016-01-22 09:43 - 2016-01-22 09:43 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2016-01-22 09:43 - 2016-01-22 09:43 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll 2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2015-10-13 05:45 - 2015-10-13 05:45 - 00237328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll 2015-10-13 05:46 - 2015-10-13 05:46 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-04-13 13:16 - 2016-02-23 09:48 - 00325824 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll 2015-12-13 10:50 - 2016-01-12 19:44 - 00034768 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd 2016-02-22 11:48 - 2016-01-12 19:45 - 00019408 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\faulthandler.pyd 2015-12-13 10:50 - 2016-01-12 19:44 - 00116688 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\pywintypes27.dll 2015-12-13 10:50 - 2016-01-12 19:44 - 00093640 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\_ctypes.pyd 2015-12-13 10:50 - 2016-01-12 19:44 - 00018376 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\select.pyd 2015-12-13 10:50 - 2016-02-16 19:39 - 00019760 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd 2015-12-13 10:50 - 2016-01-12 19:46 - 00105928 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\win32api.pyd 2015-12-13 10:50 - 2016-01-12 19:44 - 00392144 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\pythoncom27.dll 2015-12-13 10:50 - 2016-02-16 19:39 - 00381752 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd 2015-12-13 10:50 - 2016-01-12 19:44 - 00692688 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\unicodedata.pyd 2016-02-22 11:48 - 2016-02-16 19:38 - 00020816 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd 2015-12-13 10:50 - 2016-01-12 19:45 - 00112592 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd 2016-02-22 11:48 - 2016-02-16 19:38 - 01682760 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd 2016-02-22 11:48 - 2016-02-16 19:38 - 00020808 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd 2015-12-13 10:50 - 2016-02-16 19:39 - 00020800 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\_cffi_python_x66cf7a7cx17a72769.pyd 2015-12-13 10:50 - 2016-02-16 19:39 - 00021840 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd 2016-02-22 11:48 - 2016-02-16 19:39 - 00038696 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\fastpath.pyd 2016-02-22 11:48 - 2016-01-12 19:46 - 00020936 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\mmapfile.pyd 2015-12-13 10:50 - 2016-01-12 19:46 - 00024528 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\win32event.pyd 2015-12-13 10:50 - 2016-01-12 19:47 - 00114640 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\win32security.pyd 2015-12-13 10:50 - 2016-01-12 19:46 - 00124880 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\win32file.pyd 2016-02-22 11:48 - 2016-02-16 19:39 - 00021832 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd 2015-12-13 10:50 - 2016-01-12 19:46 - 00024016 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\win32clipboard.pyd 2015-12-13 10:50 - 2016-01-12 19:46 - 00175560 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\win32gui.pyd 2015-12-13 10:50 - 2016-01-12 19:47 - 00030160 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\win32pipe.pyd 2015-12-13 10:50 - 2016-01-12 19:47 - 00043472 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\win32process.pyd 2015-12-13 10:50 - 2016-01-12 19:47 - 00028616 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\win32ts.pyd 2015-12-13 10:50 - 2016-01-12 19:47 - 00048592 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\win32service.pyd 2016-02-22 11:48 - 2016-02-16 19:39 - 00026456 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd 2015-12-13 10:50 - 2016-01-12 19:46 - 00057808 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\win32evtlog.pyd 2015-12-13 10:50 - 2016-01-12 19:47 - 00024016 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\win32profile.pyd 2016-02-22 11:48 - 2016-02-16 19:38 - 00117056 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd 2016-02-22 11:48 - 2016-02-16 19:39 - 00024392 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd 2016-02-22 11:48 - 2016-01-12 19:47 - 00036296 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\librsync.dll 2016-02-22 11:48 - 2016-02-16 19:39 - 00031568 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\enterprise_data.compiled._enterprise_data.pyd 2016-02-22 11:48 - 2015-11-05 01:04 - 00293392 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\EnterpriseDataAdapter.dll 2015-12-13 10:50 - 2016-02-16 19:39 - 00023376 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd 2015-12-13 10:50 - 2016-01-12 19:44 - 00134608 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\_elementtree.pyd 2015-12-13 10:50 - 2016-01-12 19:44 - 00134088 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\pyexpat.pyd 2016-02-22 11:48 - 2016-01-12 19:45 - 00240584 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\jpegtran.pyd 2015-12-13 10:50 - 2016-02-16 19:39 - 00052024 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd 2016-02-22 11:48 - 2016-02-16 19:39 - 00020800 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd 2016-02-22 11:48 - 2016-02-16 19:39 - 00021824 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\winffi.kernel32._winffi_kernel32.pyd 2016-02-22 11:48 - 2016-02-16 19:39 - 00019776 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd 2016-02-22 11:48 - 2016-02-16 19:39 - 00020800 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd 2016-02-22 11:48 - 2016-02-16 19:38 - 00020280 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd 2015-12-13 10:50 - 2016-01-12 19:47 - 00350152 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\winxpgui.pyd 2016-02-22 11:48 - 2016-02-16 19:39 - 00022352 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd 2016-02-22 11:48 - 2016-02-16 19:39 - 00084792 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL 2015-12-13 10:50 - 2016-02-16 19:39 - 01826096 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd 2015-12-13 10:50 - 2016-01-12 19:45 - 00083912 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\sip.pyd 2015-12-13 10:50 - 2016-02-16 19:39 - 03928880 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd 2015-12-13 10:50 - 2016-02-16 19:39 - 01971504 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd 2015-12-13 10:50 - 2016-02-16 19:39 - 00531248 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd 2015-12-13 10:50 - 2016-02-16 19:39 - 00132912 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd 2015-12-13 10:50 - 2016-02-16 19:39 - 00223544 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd 2015-12-13 10:50 - 2016-02-16 19:39 - 00207672 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd 2016-02-22 11:48 - 2016-02-16 19:39 - 00158008 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd 2016-02-22 11:48 - 2016-02-16 19:39 - 00042808 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd 2016-02-22 11:48 - 2016-01-12 19:49 - 00017864 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\libEGL.dll 2016-02-22 11:48 - 2016-01-12 19:49 - 01631184 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\libGLESv2.dll 2015-12-13 10:50 - 2016-02-16 19:39 - 00024904 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd 2015-12-13 10:50 - 2016-02-16 19:39 - 00546096 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd 2015-12-13 10:50 - 2016-02-16 19:39 - 00357680 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd 2015-03-04 22:45 - 2016-01-12 19:52 - 00697304 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll 2012-10-07 14:55 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll 2012-09-23 20:43 - 2012-09-23 20:43 - 00010240 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\de_de\acrotray.deu 2015-06-17 13:56 - 2015-04-28 09:50 - 00376832 _____ () G:\Program Files (x86)\1Password 4\js3215R.dll 2014-04-13 13:18 - 2016-02-23 09:50 - 00325824 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll 2016-02-22 12:03 - 2016-02-18 05:14 - 01630360 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libglesv2.dll 2016-02-22 12:03 - 2016-02-18 05:14 - 00085656 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libegl.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) AlternateDataStreams: C:\ProgramData\TEMP:74603393 AlternateDataStreams: C:\Users\PinheiroLLB\.DS_Store:AFP_AfpInfo ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) IE trusted site: HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\uni-koeln.de -> hxxps://vpngate.uni-koeln.de IE trusted site: HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\uni-koeln.de -> hxxps://vpngate.uni-koeln.de IE trusted site: HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\uni-koeln.de -> hxxps://vpngate.uni-koeln.de IE trusted site: HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\uni-koeln.de -> hxxps://vpngate.uni-koeln.de ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2006-11-02 13:34 - 2014-11-04 19:19 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-942671010-3624539665-887436449-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\PinheiroLLB\AppData\Local\Microsoft\Windows\Themes\img17.jpg HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\PinheiroLLB\AppData\Local\Microsoft\Windows\Themes\img17.jpg HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> C:\Users\PinheiroLLB\AppData\Local\Microsoft\Windows\Themes\img17.jpg HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Control Panel\Desktop\\Wallpaper -> C:\Users\PinheiroLLB\AppData\Local\Microsoft\Windows\Themes\img17.jpg HKU\S-1-5-21-942671010-3624539665-887436449-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> HKU\S-1-5-21-942671010-3624539665-887436449-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> HKU\S-1-5-21-942671010-3624539665-887436449-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Control Panel\Desktop\\Wallpaper -> HKU\S-1-5-21-942671010-3624539665-887436449-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg HKU\S-1-5-21-942671010-3624539665-887436449-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg HKU\S-1-5-21-942671010-3624539665-887436449-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg DNS Servers: 192.168.178.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKLM\...\StartupApproved\Run32: => "ControlCenter3" HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\StartupApproved\Run: => "SkyDrive" HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "SkyDrive" HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\StartupApproved\Run: => "SkyDrive" HKU\S-1-5-21-942671010-3624539665-887436449-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\StartupApproved\Run: => "SkyDrive" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808 FirewallRules: [{DABF8B65-4EAD-47C6-A76A-6975F9BF0179}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{9080D6F9-11C2-4943-BD3A-590E7206B865}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{D44E990A-1C0E-471A-ABE4-396F9F7F716C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{63AB1C45-34BD-4D72-AAA9-2579C3E52970}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{1DCDF590-12BC-412B-8E4D-EB237E660A9D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{34A0857F-C12A-4857-BAF3-F3183506780C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{F5F240FD-C28C-475F-8D57-12FE0409FF6E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{3DF0AC30-998F-4392-BDC9-04D11149AF0C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{46DB165E-B162-4947-BAED-DE0F73061D82}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{A06FB2EB-6751-4290-8ADF-808F1F95E459}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlupdater.exe FirewallRules: [{3FBA1DE5-90DB-4E5B-A899-EC39324C8758}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlupdater.exe FirewallRules: [{7D4A5320-14D6-4D2D-AAD6-14C4E76F22EB}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlactivator.exe FirewallRules: [{26ABC75B-081D-4BFA-9E34-D779EC269C7C}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlactivator.exe FirewallRules: [{1517D475-0977-4EB2-A9CC-8BBF78AE57FF}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlhtmlrenderer.exe FirewallRules: [{ABFCAD0D-7E63-4FF4-A893-347D268471B0}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlhtmlrenderer.exe FirewallRules: [{7E4A4DD7-EBE8-48E1-B6FD-8541EE2E117F}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\ActivePresenter.exe FirewallRules: [{E9E752E9-5DEE-472B-A115-6EFF96E20235}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\ActivePresenter.exe FirewallRules: [{B8F9E71D-A404-448E-B998-EB23552B5DE0}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlupdater.exe FirewallRules: [{79D79628-82B0-4F24-BAB8-2CF6172C7C32}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlupdater.exe FirewallRules: [{4D047BB9-FA13-412E-855D-692DBFA3A480}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlactivator.exe FirewallRules: [{BFFDFB52-BD9A-4B44-A540-2D634D7713C1}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlactivator.exe FirewallRules: [{D84594B8-98CF-407E-9821-BED784B894CB}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlhtmlrenderer.exe FirewallRules: [{F3943234-A711-4457-ACA4-5B150D204FA8}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlhtmlrenderer.exe FirewallRules: [{5B9AEDAF-67CD-4C6B-B1A7-3930D43F85DD}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\ActivePresenter.exe FirewallRules: [{D26CE3FE-3718-4490-BDB0-2968380BE985}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\ActivePresenter.exe FirewallRules: [UDP Query User{E0F078E5-80F8-432B-9BE2-6273EB952751}G:\program files (x86)\1password 4\1password.exe] => (Allow) G:\program files (x86)\1password 4\1password.exe FirewallRules: [TCP Query User{3BF9C57B-CEAB-4E39-8FA4-4F3768757B80}G:\program files (x86)\1password 4\1password.exe] => (Allow) G:\program files (x86)\1password 4\1password.exe FirewallRules: [{C1D66DB4-22F1-4051-9C54-F6B3BA25FE43}] => (Allow) C:\Program Files (x86)\StarMoney 10\app\StarMoney.exe FirewallRules: [{0F552548-4FB8-4928-A0C4-91EB93ADF1D4}] => (Allow) C:\Program Files (x86)\StarMoney 10\app\StarMoney.exe FirewallRules: [{BB98C012-9C7F-4C38-8F56-EE99D703B5BE}] => (Allow) C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe FirewallRules: [{8630D67C-7F10-4BB6-8D44-29B9C6950C68}] => (Allow) C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe FirewallRules: [{FE8617D4-1406-44EB-AD00-EC64AEFA4D78}] => (Allow) C:\Users\PinheiroLLB\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{D79C223F-85B8-4E9B-8DAB-E30279A3E188}] => (Allow) C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{507BDD47-791E-4A45-9CA4-875E7A922369}] => (Allow) C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{4C2A0F0D-84BC-46EE-9F39-67AFF1FAE1D2}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{9B4613FA-3B91-4499-AA4F-95F2847B0063}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{FE01352C-66CD-45A2-8539-5E7220DEC187}] => (Allow) LPort=4500 FirewallRules: [{CF7056F1-23C0-4B24-A238-EB0C4ABB181E}] => (Allow) LPort=10000 FirewallRules: [{D85A221E-73D2-47CD-8A86-CA370C816E06}] => (Allow) LPort=500 FirewallRules: [UDP Query User{F8D61252-179D-4599-9382-7B1513B8BE84}F:\microsoft games\microsoft flight simulator x\aerosoft\airbus x extended\airbusxconnectextended_ipad_mod_v1.4.exe] => (Allow) F:\microsoft games\microsoft flight simulator x\aerosoft\airbus x extended\airbusxconnectextended_ipad_mod_v1.4.exe FirewallRules: [TCP Query User{DB04BFEF-4A51-4A8D-95B8-4F99B034EF3C}F:\microsoft games\microsoft flight simulator x\aerosoft\airbus x extended\airbusxconnectextended_ipad_mod_v1.4.exe] => (Allow) F:\microsoft games\microsoft flight simulator x\aerosoft\airbus x extended\airbusxconnectextended_ipad_mod_v1.4.exe FirewallRules: [UDP Query User{A9CBE811-BD24-49BF-8E15-580CF9FC98F1}H:\program files (x86)\lockheed martin\prepar3d v2\aerosoft\airbus x extended\airbusxconnectextended.exe] => (Allow) H:\program files (x86)\lockheed martin\prepar3d v2\aerosoft\airbus x extended\airbusxconnectextended.exe FirewallRules: [TCP Query User{82786FD4-1425-4C05-BE85-B725BCC2C878}H:\program files (x86)\lockheed martin\prepar3d v2\aerosoft\airbus x extended\airbusxconnectextended.exe] => (Allow) H:\program files (x86)\lockheed martin\prepar3d v2\aerosoft\airbus x extended\airbusxconnectextended.exe FirewallRules: [{D093013E-0821-41DA-83D4-6EEEFFD480B9}] => (Allow) H:\Program Files (x86)\Lockheed Martin\Prepar3D v2\Prepar3D.exe FirewallRules: [{3A762963-6493-4B6D-9EB3-B14251B0BC95}] => (Allow) H:\Program Files (x86)\Lockheed Martin\Prepar3D v2\Prepar3D.exe FirewallRules: [UDP Query User{5A31A57E-D4CC-4318-8FD7-A3ABE2BCA9BC}F:\program files\ivao\ivai\ivai.exe] => (Allow) F:\program files\ivao\ivai\ivai.exe FirewallRules: [TCP Query User{DDEC5E28-CC7C-4CB9-A741-3E24FE1AEED1}F:\program files\ivao\ivai\ivai.exe] => (Allow) F:\program files\ivao\ivai\ivai.exe FirewallRules: [{51038772-1D25-49D1-8BE6-3F939F655994}] => (Allow) G:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [{5D30B5BE-E3D4-42F1-80C9-5045A31DE548}] => (Allow) G:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [UDP Query User{67AC74AE-F3E2-4095-9813-744AB8E0C987}F:\program files (x86)\aivlasoft\efb\aivlasoft.efb.displayunit.exe] => (Allow) F:\program files (x86)\aivlasoft\efb\aivlasoft.efb.displayunit.exe FirewallRules: [TCP Query User{4B96B91D-C891-4850-BADD-529CD5EBE506}F:\program files (x86)\aivlasoft\efb\aivlasoft.efb.displayunit.exe] => (Allow) F:\program files (x86)\aivlasoft\efb\aivlasoft.efb.displayunit.exe FirewallRules: [UDP Query User{72B00CC3-A400-41D8-A027-C8482C163A11}C:\users\pinheirollb\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\pinheirollb\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [TCP Query User{3E711164-2730-4735-AE10-8D8E0A393D4B}C:\users\pinheirollb\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\pinheirollb\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{E28D8A5E-6ADD-43CF-8702-E18FAF86D751}F:\program files (x86)\aivlasoft\efb\aivlasoft.efb.dataprovider.exe] => (Allow) F:\program files (x86)\aivlasoft\efb\aivlasoft.efb.dataprovider.exe FirewallRules: [TCP Query User{8D50B573-4756-4BC8-8EA8-8DE1E888C5E1}F:\program files (x86)\aivlasoft\efb\aivlasoft.efb.dataprovider.exe] => (Allow) F:\program files (x86)\aivlasoft\efb\aivlasoft.efb.dataprovider.exe FirewallRules: [{3E31C00A-5DC9-4B81-B4C3-3710D245EF2C}] => (Allow) LPort=1900 FirewallRules: [{7220DCA1-8511-4950-B0AD-E1CCD4AF7B42}] => (Allow) LPort=2869 FirewallRules: [{36FCB705-AC62-43A4-9927-E6682197E73D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{19D68882-2617-4759-B846-B5A344854A41}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{F91326F8-3F6A-458C-AA30-F0E7F8C00319}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [UDP Query User{6B7C2993-BAA9-40BB-88E5-ECF227ACADC0}H:\x-plane 10\x-plane-32bit.exe] => (Allow) H:\x-plane 10\x-plane-32bit.exe FirewallRules: [TCP Query User{3F36C02A-F6EE-4F7D-8CF5-19B1AACBA089}H:\x-plane 10\x-plane-32bit.exe] => (Allow) H:\x-plane 10\x-plane-32bit.exe FirewallRules: [UDP Query User{D02E9227-ECD3-4C95-BCAE-7AEA76AA77BC}F:\microsoft games\microsoft flight simulator x\aerosoft\airbus x extended\airbusxconnectextended.exe] => (Allow) F:\microsoft games\microsoft flight simulator x\aerosoft\airbus x extended\airbusxconnectextended.exe FirewallRules: [TCP Query User{DFF071A9-8E9F-4041-848E-AE65E30CC6FA}F:\microsoft games\microsoft flight simulator x\aerosoft\airbus x extended\airbusxconnectextended.exe] => (Allow) F:\microsoft games\microsoft flight simulator x\aerosoft\airbus x extended\airbusxconnectextended.exe FirewallRules: [UDP Query User{EFAE5E0B-AB66-46BC-B914-8E5E23EAD514}H:\x-plane 10\x-plane.exe] => (Allow) H:\x-plane 10\x-plane.exe FirewallRules: [TCP Query User{3ADA6EFB-0E17-40CE-B989-8515A78E35A7}H:\x-plane 10\x-plane.exe] => (Allow) H:\x-plane 10\x-plane.exe FirewallRules: [{AFFA48EF-62B0-4D5B-A60A-30EEDE5D6A7C}] => (Allow) LPort=54925 FirewallRules: [{1D481604-9168-4D80-8823-E8EB9A391C0F}] => (Allow) C:\Program Files (x86)\Brother\Brmfl07b\FAXRX.exe FirewallRules: [{859F9BF3-5318-4FAD-8E64-B3ECF1BC1F1A}] => (Allow) C:\Program Files (x86)\Brother\Brmfl07b\FAXRX.exe FirewallRules: [{858C7A23-E377-463C-9637-DF2046E41CF8}] => (Allow) G:\Program Files (x86)\StarMoney 8.0\app\StarMoney.exe FirewallRules: [{5D17DB09-8083-4EE6-A9F0-31388644D735}] => (Allow) G:\Program Files (x86)\StarMoney 8.0\app\StarMoney.exe FirewallRules: [{3CF72D51-4E7A-4E4D-9BAC-A9124934E19B}] => (Allow) G:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe FirewallRules: [{1C9BDFCE-7C41-45A9-9784-8669270E2371}] => (Allow) G:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe FirewallRules: [{E9D1C01F-8F2E-45F9-80A7-C5366AF5719E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{EE1E4EFA-EBFF-4241-914D-5F0151A50170}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{40291CBD-534A-4967-815A-104A7910DD39}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{EE9F1749-47FC-4F7D-AEB9-4A1B3E664280}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{83973102-9920-47E8-8CE9-BED29C2CED10}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{445E180C-2AE7-4FEF-A1CC-248CD1C0FBB5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{EB36A764-5C91-4C27-ABFB-557AE031B835}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Wiederherstellungspunkte ========================= ACHTUNG: Systemwiederherstellung ist deaktiviert ==================== Fehlerhafte Geräte im Gerätemanager ============= Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Unbekanntes USB-Gerät (Fehler beim Anfordern einer Gerätebeschreibung.) Description: Unbekanntes USB-Gerät (Fehler beim Anfordern einer Gerätebeschreibung.) Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: (Standard-USB-Hostcontroller) Service: Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (03/01/2016 09:29:19 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: AppleChromeDAV.exe, Version: 1.4.20.0, Zeitstempel: 0x5551e31d Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x003e002f ID des fehlerhaften Prozesses: 0x30f8 Startzeit der fehlerhaften Anwendung: 0xAppleChromeDAV.exe0 Pfad der fehlerhaften Anwendung: AppleChromeDAV.exe1 Pfad des fehlerhaften Moduls: AppleChromeDAV.exe2 Berichtskennung: AppleChromeDAV.exe3 Vollständiger Name des fehlerhaften Pakets: AppleChromeDAV.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AppleChromeDAV.exe5 Error: (03/01/2016 09:02:46 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Earth1) Description: Das Paket „Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy+CortanaUI“ wurde beendet, da das Anhalten zu lange dauerte. Error: (03/01/2016 08:54:39 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: AppleChromeDAV.exe, Version: 1.4.20.0, Zeitstempel: 0x5551e31d Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x003e002f ID des fehlerhaften Prozesses: 0x2b08 Startzeit der fehlerhaften Anwendung: 0xAppleChromeDAV.exe0 Pfad der fehlerhaften Anwendung: AppleChromeDAV.exe1 Pfad des fehlerhaften Moduls: AppleChromeDAV.exe2 Berichtskennung: AppleChromeDAV.exe3 Vollständiger Name des fehlerhaften Pakets: AppleChromeDAV.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AppleChromeDAV.exe5 Error: (02/29/2016 10:01:07 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: AppleChromeDAV.exe, Version: 1.4.20.0, Zeitstempel: 0x5551e31d Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x003e002f ID des fehlerhaften Prozesses: 0x2bac Startzeit der fehlerhaften Anwendung: 0xAppleChromeDAV.exe0 Pfad der fehlerhaften Anwendung: AppleChromeDAV.exe1 Pfad des fehlerhaften Moduls: AppleChromeDAV.exe2 Berichtskennung: AppleChromeDAV.exe3 Vollständiger Name des fehlerhaften Pakets: AppleChromeDAV.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AppleChromeDAV.exe5 Error: (02/29/2016 09:51:11 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: AppleChromeDAV.exe, Version: 1.4.20.0, Zeitstempel: 0x5551e31d Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x003e002f ID des fehlerhaften Prozesses: 0x1d78 Startzeit der fehlerhaften Anwendung: 0xAppleChromeDAV.exe0 Pfad der fehlerhaften Anwendung: AppleChromeDAV.exe1 Pfad des fehlerhaften Moduls: AppleChromeDAV.exe2 Berichtskennung: AppleChromeDAV.exe3 Vollständiger Name des fehlerhaften Pakets: AppleChromeDAV.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AppleChromeDAV.exe5 Error: (02/29/2016 09:40:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Earth1) Description: Bei der Aktivierung der App „Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe:MicrosoftEdge.AppX9zvsr9qeth9e9a03yr0g7rpdrcrwgn5r.mca“ ist folgender Fehler aufgetreten: -2144927149. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (02/29/2016 09:31:37 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: AppleChromeDAV.exe, Version: 1.4.20.0, Zeitstempel: 0x5551e31d Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x003e002f ID des fehlerhaften Prozesses: 0x1118 Startzeit der fehlerhaften Anwendung: 0xAppleChromeDAV.exe0 Pfad der fehlerhaften Anwendung: AppleChromeDAV.exe1 Pfad des fehlerhaften Moduls: AppleChromeDAV.exe2 Berichtskennung: AppleChromeDAV.exe3 Vollständiger Name des fehlerhaften Pakets: AppleChromeDAV.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AppleChromeDAV.exe5 Error: (02/29/2016 09:24:16 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: AppleChromeDAV.exe, Version: 1.4.20.0, Zeitstempel: 0x5551e31d Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x003e002f ID des fehlerhaften Prozesses: 0x20e8 Startzeit der fehlerhaften Anwendung: 0xAppleChromeDAV.exe0 Pfad der fehlerhaften Anwendung: AppleChromeDAV.exe1 Pfad des fehlerhaften Moduls: AppleChromeDAV.exe2 Berichtskennung: AppleChromeDAV.exe3 Vollständiger Name des fehlerhaften Pakets: AppleChromeDAV.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AppleChromeDAV.exe5 Error: (02/29/2016 07:59:27 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: AppleChromeDAV.exe, Version: 1.4.20.0, Zeitstempel: 0x5551e31d Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x003e002f ID des fehlerhaften Prozesses: 0x2864 Startzeit der fehlerhaften Anwendung: 0xAppleChromeDAV.exe0 Pfad der fehlerhaften Anwendung: AppleChromeDAV.exe1 Pfad des fehlerhaften Moduls: AppleChromeDAV.exe2 Berichtskennung: AppleChromeDAV.exe3 Vollständiger Name des fehlerhaften Pakets: AppleChromeDAV.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AppleChromeDAV.exe5 Error: (02/29/2016 12:15:04 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: AppleChromeDAV.exe, Version: 1.4.20.0, Zeitstempel: 0x5551e31d Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x003e002f ID des fehlerhaften Prozesses: 0x1250 Startzeit der fehlerhaften Anwendung: 0xAppleChromeDAV.exe0 Pfad der fehlerhaften Anwendung: AppleChromeDAV.exe1 Pfad des fehlerhaften Moduls: AppleChromeDAV.exe2 Berichtskennung: AppleChromeDAV.exe3 Vollständiger Name des fehlerhaften Pakets: AppleChromeDAV.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AppleChromeDAV.exe5 Systemfehler: ============= Error: (03/01/2016 09:31:43 AM) (Source: bowser) (EventID: 8003) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "FRITZ-NAS", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{E3750FE7-67B0-4170-B8E0-591DD6C63E62}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (03/01/2016 08:54:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (03/01/2016 08:54:07 AM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (03/01/2016 08:51:57 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "NetTcpActivator" ist vom Dienst "NetTcpPortSharing" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error: (02/29/2016 10:09:24 PM) (Source: DCOM) (EventID: 10010) (User: Earth1) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (02/29/2016 10:09:24 PM) (Source: DCOM) (EventID: 10010) (User: Earth1) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (02/29/2016 10:09:24 PM) (Source: DCOM) (EventID: 10010) (User: Earth1) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (02/29/2016 10:09:24 PM) (Source: DCOM) (EventID: 10010) (User: Earth1) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (02/29/2016 10:09:24 PM) (Source: DCOM) (EventID: 10010) (User: Earth1) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (02/29/2016 10:09:24 PM) (Source: DCOM) (EventID: 10010) (User: Earth1) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} CodeIntegrity: =================================== Date: 2016-02-24 15:10:05.810 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements. Date: 2016-02-24 15:10:05.732 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements. Date: 2016-02-11 20:17:38.658 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-02-11 13:53:57.982 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements. Date: 2016-02-11 13:53:57.883 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements. Date: 2016-02-11 13:50:16.716 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements. Date: 2016-02-11 13:50:16.665 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements. Date: 2016-02-10 20:43:30.427 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-02-10 16:47:23.601 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-02-01 08:57:53.482 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz Prozentuale Nutzung des RAM: 43% Installierter physikalischer RAM: 8147 MB Verfügbarer physikalischer RAM: 4570.31 MB Summe virtueller Speicher: 16339 MB Verfügbarer virtueller Speicher: 11992.02 MB ==================== Laufwerke ================================ Drive c: () (Fixed) (Total:118.7 GB) (Free:31.65 GB) NTFS Drive d: () (Fixed) (Total:0.1 GB) (Free:0.05 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)] Drive f: (FSX) (Fixed) (Total:244.14 GB) (Free:164 GB) NTFS Drive g: (Programme) (Fixed) (Total:48.83 GB) (Free:45.78 GB) NTFS Drive h: (XPlane) (Fixed) (Total:292.97 GB) (Free:213.16 GB) NTFS Drive i: (Data) (Fixed) (Total:345.56 GB) (Free:290.33 GB) NTFS Drive j: (Backup HD) (Fixed) (Total:931.51 GB) (Free:654.3 GB) NTFS Drive l: () (Fixed) (Total:14.9 GB) (Free:12.65 GB) FAT32 ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 7DB1A4CF) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=118.7 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=450 MB) - (Type=27) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7F75FE5A) Partition 1: (Not Active) - (Size=48.8 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=244.1 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=293 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=345.6 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (Size: 14.9 GB) (Disk ID: BD941F46) Partition 1: (Not Active) - (Size=14.9 GB) - (Type=0C) ======================================================== Disk: 3 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 28FDA0DC) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== Ende von Addition.txt ============================ |
01.03.2016, 12:08 | #3 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win 10 Rogue.953320 Malware moin
__________________ist das ein gewerblich genutzter Rechner?
__________________ |
01.03.2016, 12:18 | #4 |
| Win 10 Rogue.953320 Malware nein, der Firmenlaptop ist glücklicherweise clean. Es handelt sich um den Familienrechner! Wie kommst du dadrauf? vg |
01.03.2016, 13:09 | #5 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win 10 Rogue.953320 Malware Deswegen: Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
01.03.2016, 13:20 | #6 |
| Win 10 Rogue.953320 Malware ach so. Als Student bekommt man diese Produkte recht günstig (Office für 10€). Hat nichts mit der Firma zu tun. Ich kann dir gerne per Email nachweise meiner beruflichen Tätigkeit erbringen, wenn du das möchtest. Die Flugsimulationssoftware deutet darauf hin ;-) |
01.03.2016, 13:21 | #7 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win 10 Rogue.953320 Malware OK Bitte Avira deinstallieren. Das Teil empfehlen wir schon seit Jahren aus mehreren Gründen nicht mehr. Ein Grund ist ne rel. hohe Fehlalarmquote, der zweite Hauptgrund ist, dass die immer noch mit ASK zusammenarbeiten (Avira Suchfunktion geht über ASK). Auch andere Freewareanbieter wie AVG, Avast oder Panda sprangen auf diesen Zug auf; so was ist bei Sicherheitssoftware einfach inakzeptabel. Vgl. Antivirensoftware: Schutz für Ihre Dateien, aber auf Kosten Ihrer Privatsphäre? | Emsisoft Blog Wenn wir hier durch sind, kannst du auf einen anderen Virenscanner umsteigen. Gib Bescheid wenn Avira weg ist. Bitte bei der Gelegenheit auch alles von Lavasoft deinstallieren (Adaware - das ist nutzlose Software)
__________________ Logfiles bitte immer in CODE-Tags posten |
01.03.2016, 13:32 | #8 |
| Win 10 Rogue.953320 Malware darüber hinaus ist die FS Software Standardsoftware, die von vielen Simmern verwendet wird: hxxp://www.flightsimsoft.com/pfpx/ TOPCAT da verstehe ich die Kritik nicht.... okay, mache ich... unfassbar. Habe mir gerade erst AVIRA gekauft für 50€..... könnte |
01.03.2016, 13:39 | #9 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win 10 Rogue.953320 Malware das soll keine Kritik sein, ich hab EINFACH NUR GEFRAGT was diese Software soll, sowas sieht man nicht auf JEDEM privaten PC! Ist das so schwer zu verstehen? Wie gesagt, von Avira raten wir ab. Ich weiß nicht wie genau die kostenpflichtige Version tickt, aber die Firma Avira ist ein rotes Tuch, wie kann man als Sicherheitsunternehmen (Anbieter von Virenscanner - einem Produkt, das SICHERHEIT bieten) soll mit sowas wie ASK zusammenarbeiten...Gier frisst Hirn
__________________ Logfiles bitte immer in CODE-Tags posten |
01.03.2016, 14:12 | #10 |
| Win 10 Rogue.953320 Malware entschuldige bitte, war unhöflich ausgedrückt. also avira und lavasoft programme sind gelöscht. |
01.03.2016, 14:14 | #11 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win 10 Rogue.953320 Malware schon guut, ich hab mich nur gewundert wegen der Software Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
01.03.2016, 14:30 | #12 |
| Win 10 Rogue.953320 Malware okay MBAR sagt er habe nichts gefunden... Code:
ATTFilter --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.09.3.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 10.0.9200 Windows 10 x64 Account is Administrative Internet Explorer version: 11.103.10586.0 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED, H:\ DRIVE_FIXED, I:\ DRIVE_FIXED, J:\ DRIVE_FIXED, L:\ DRIVE_FIXED CPU speed: 3.500000 GHz Memory total: 8542752768, free: 4827906048 Downloaded database version: v2016.03.01.04 Downloaded database version: v2016.02.27.01 Downloaded database version: v2016.02.22.02 ======================================= Initializing... ------------ Kernel report ------------ 03/01/2016 14:21:39 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kd.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\System32\drivers\werkernel.sys \SystemRoot\System32\drivers\CLFS.SYS \SystemRoot\System32\drivers\tm.sys \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\System32\drivers\cmimcext.sys \SystemRoot\System32\drivers\ntosext.sys \SystemRoot\system32\CI.dll \SystemRoot\System32\drivers\msrpc.sys \SystemRoot\System32\drivers\FLTMGR.SYS \SystemRoot\System32\drivers\ksecdd.sys \SystemRoot\System32\drivers\clipsp.sys \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\System32\Drivers\acpiex.sys \SystemRoot\System32\Drivers\WppRecorder.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\ACPI.sys \SystemRoot\System32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\WindowsTrustedRT.sys \SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\drivers\msisadrv.sys \SystemRoot\System32\drivers\pci.sys \SystemRoot\System32\drivers\vdrvroot.sys \SystemRoot\system32\drivers\pdc.sys \SystemRoot\system32\drivers\CEA.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\System32\drivers\spaceport.sys \SystemRoot\System32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\System32\drivers\storahci.sys \SystemRoot\System32\drivers\storport.sys \SystemRoot\System32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Wof.sys \SystemRoot\System32\Drivers\NTFS.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\System32\drivers\wfplwfs.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\System32\drivers\iusb3hcs.sys \SystemRoot\System32\drivers\volsnap.sys \SystemRoot\system32\DRIVERS\snapman.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\system32\DRIVERS\hotcore3.sys \SystemRoot\system32\DRIVERS\fltsrv.sys \SystemRoot\System32\drivers\disk.sys \SystemRoot\System32\drivers\CLASSPNP.SYS \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\drivers\cdrom.sys \SystemRoot\system32\drivers\filecrypt.sys \SystemRoot\system32\drivers\tbs.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\BasicDisplay.sys \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\BasicRender.sys \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\drivers\vwififlt.sys \SystemRoot\System32\drivers\pacer.sys \SystemRoot\system32\drivers\netbios.sys \SystemRoot\system32\DRIVERS\avkmgr.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\System32\drivers\npsvctrig.sys \SystemRoot\System32\drivers\mssmbios.sys \SystemRoot\System32\drivers\gpuenergydrv.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\ahcache.sys \SystemRoot\system32\drivers\SaiBus.sys \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys \SystemRoot\System32\drivers\kdnic.sys \SystemRoot\System32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\nvlddmkm.sys \SystemRoot\System32\drivers\HDAudBus.sys \SystemRoot\System32\drivers\portcls.sys \SystemRoot\System32\drivers\drmk.sys \SystemRoot\System32\drivers\ks.sys \SystemRoot\System32\drivers\USBXHCI.SYS \SystemRoot\system32\drivers\ucx01000.sys \SystemRoot\System32\drivers\HECIx64.sys \SystemRoot\System32\drivers\usbehci.sys \SystemRoot\System32\drivers\USBPORT.SYS \SystemRoot\System32\drivers\rt640x64.sys \SystemRoot\System32\drivers\serial.sys \SystemRoot\System32\drivers\serenum.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\System32\drivers\intelppm.sys \SystemRoot\System32\drivers\wmiacpi.sys \SystemRoot\system32\DRIVERS\serscan.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\System32\drivers\NdisVirtualBus.sys \SystemRoot\System32\drivers\swenum.sys \SystemRoot\System32\drivers\rdpbus.sys \SystemRoot\System32\drivers\SaiMini.sys \SystemRoot\System32\drivers\HIDCLASS.SYS \SystemRoot\System32\drivers\HIDPARSE.SYS \SystemRoot\System32\drivers\usbhub.sys \SystemRoot\System32\drivers\USBD.SYS \SystemRoot\system32\drivers\nvhda64v.sys \SystemRoot\System32\drivers\UsbHub3.sys \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\System32\drivers\kbdhid.sys \SystemRoot\System32\drivers\kbdclass.sys \SystemRoot\System32\drivers\mouhid.sys \SystemRoot\System32\drivers\mouclass.sys \SystemRoot\System32\drivers\USBSTOR.SYS \SystemRoot\System32\drivers\hidusb.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\System32\drivers\usbccgp.sys \SystemRoot\system32\DRIVERS\lvuvc64.sys \SystemRoot\system32\drivers\usbaudio.sys \SystemRoot\system32\DRIVERS\lvrs64.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\win32kfull.sys \SystemRoot\System32\win32kbase.sys \SystemRoot\System32\Drivers\dump_diskdump.sys \SystemRoot\System32\Drivers\dump_storahci.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\drivers\dxgmms2.sys \SystemRoot\System32\drivers\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\drivers\storqosflt.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\System32\drivers\WpdUpFltr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\drivers\mslldp.sys \SystemRoot\system32\drivers\lltdio.sys \SystemRoot\system32\drivers\rspndr.sys \SystemRoot\system32\DRIVERS\SaiH0461.sys \SystemRoot\system32\drivers\mmcss.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\System32\drivers\mpsdrv.sys \??\C:\Windows\system32\drivers\cpuz135_x64.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\DRIVERS\srv2.sys \??\C:\WINDOWS\system32\drivers\mbam.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\drivers\mqac.sys \SystemRoot\system32\drivers\peauth.sys \??\C:\WINDOWS\SysWOW64\speedfan.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\system32\drivers\Ndu.sys \SystemRoot\System32\drivers\tunnel.sys \??\C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.99.0\gzflt.sys \SystemRoot\System32\drivers\condrv.sys \SystemRoot\System32\ATMFD.DLL \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys \SystemRoot\system32\drivers\WdFilter.sys \SystemRoot\system32\Drivers\WdNisDrv.sys \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys ----------- End ----------- Done! Scan started Database versions: main: v2016.03.01.04 rootkit: v2016.02.27.01 <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffe001d9170060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffe001d91718f0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffe001d9170060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ DevicePointer: 0xffffe001d903ce40, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xffffe001d9110060, DeviceName: \Device\00000027\, DriverName: \Driver\storahci\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... Done! Drive 0 This is a System drive Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 7DB1A4CF Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition is bootable Partition file system is NTFS Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 248938496 Partition is not bootable Partition file system is NTFS Partition 2 type is Other (0x27) Partition is NOT ACTIVE. Partition starts at LBA: 249145344 Numsec = 921600 Partition is not bootable Partition file system is NTFS Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Disk Size: 128035676160 bytes Sector size: 512 bytes Done! Physical Sector Size: 512 Drive: 1, DevicePointer: 0xffffe001d916f060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffe001d9063b10, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffe001d916f060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ DevicePointer: 0xffffe001d9176e40, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xffffe001d917a060, DeviceName: \Device\00000029\, DriverName: \Driver\storahci\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: 7F75FE5A Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 102414312 Partition is not bootable Partition file system is NTFS Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 102414375 Numsec = 512007615 Partition is not bootable Partition file system is NTFS Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 614421990 Numsec = 614405925 Partition is not bootable Partition file system is NTFS Partition 3 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 1228827915 Numsec = 724692150 Partition is not bootable Partition file system is NTFS Disk Size: 1000203804160 bytes Sector size: 512 bytes Done! Physical Sector Size: 512 Drive: 2, DevicePointer: 0xffffe001d95f6510, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffe001d9633b10, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffe001d95f6510, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\ DevicePointer: 0xffffe001d9635b10, DeviceName: \Device\00000043\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 2 Scanning MBR on drive 2... Inspecting partition table: MBR Signature: 55AA Disk Signature: BD941F46 Partition information: Partition 0 type is Other (0xc) Partition is NOT ACTIVE. Partition starts at LBA: 32 Numsec = 31266784 Partition is not bootable Partition file system is FAT32 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Disk Size: 16013942784 bytes Sector size: 512 bytes Done! Physical Sector Size: 512 Drive: 3, DevicePointer: 0xffffe001d96c4060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffe001d96c6610, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffe001d96c4060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\ DevicePointer: 0xffffe001d96ca060, DeviceName: \Device\00000045\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 3 Scanning MBR on drive 3... Inspecting partition table: MBR Signature: 55AA Disk Signature: 28FDA0DC Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 1953519616 Partition is not bootable Partition file system is NTFS Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Disk Size: 1000204886016 bytes Sector size: 512 bytes Done! File "C:\Windows\System32\KERNELBASE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\KERNELBASE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\apphelp.dll" is sparse (flags = 32768) File "C:\Windows\System32\psapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\user32.dll" is sparse (flags = 32768) File "C:\Windows\System32\gdi32.dll" is sparse (flags = 32768) File "C:\Windows\System32\advapi32.dll" is sparse (flags = 32768) File "C:\Windows\System32\msvcrt.dll" is sparse (flags = 32768) File "C:\Windows\System32\sechost.dll" is sparse (flags = 32768) File "C:\Windows\System32\rpcrt4.dll" is sparse (flags = 32768) File "C:\Windows\System32\sspicli.dll" is sparse (flags = 32768) File "C:\Windows\System32\CRYPTBASE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\BCRYPTPRIMITIVES.DLL" is sparse (flags = 32768) File "C:\Windows\System32\imm32.dll" is sparse (flags = 32768) File "C:\Windows\System32\shlwapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\combase.dll" is sparse (flags = 32768) File "C:\Windows\System32\shell32.dll" is sparse (flags = 32768) File "C:\Windows\System32\version.dll" is sparse (flags = 32768) File "C:\Windows\System32\cfgmgr32.dll" is sparse (flags = 32768) File "C:\Windows\System32\WINDOWS.STORAGE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WINDOWS.STORAGE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\KERNEL.APPCORE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\SHCore.dll" is sparse (flags = 32768) File "C:\Windows\System32\powrprof.dll" is sparse (flags = 32768) File "C:\Windows\System32\profapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\ole32.dll" is sparse (flags = 32768) File "C:\Windows\System32\netapi32.dll" is sparse (flags = 32768) File "C:\Windows\System32\wintrust.dll" is sparse (flags = 32768) File "C:\Windows\System32\msasn1.dll" is sparse (flags = 32768) File "C:\Windows\System32\crypt32.dll" is sparse (flags = 32768) File "C:\Windows\System32\wininet.dll" is sparse (flags = 32768) File "C:\Windows\System32\imagehlp.dll" is sparse (flags = 32768) File "C:\Windows\System32\userenv.dll" is sparse (flags = 32768) File "C:\Windows\System32\mpr.dll" is sparse (flags = 32768) File "C:\Windows\System32\sfc_os.dll" is sparse (flags = 32768) File "C:\Windows\System32\netutils.dll" is sparse (flags = 32768) File "C:\Windows\System32\ws2_32.dll" is sparse (flags = 32768) File "C:\Windows\System32\comdlg32.dll" is sparse (flags = 32768) File "C:\Windows\System32\FIREWALLAPI.DLL" is sparse (flags = 32768) File "C:\Windows\System32\oleaut32.dll" is sparse (flags = 32768) File "C:\Windows\System32\winmm.dll" is sparse (flags = 32768) File "C:\Windows\System32\winspool.drv" is sparse (flags = 32768) File "C:\Windows\System32\davhlpr.dll" is sparse (flags = 32768) File "C:\Windows\System32\WINMMBASE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\bcrypt.dll" is sparse (flags = 32768) File "C:\Windows\System32\cryptsp.dll" is sparse (flags = 32768) File "C:\Windows\System32\rsaenh.dll" is sparse (flags = 32768) File "C:\Windows\System32\fwbase.dll" is sparse (flags = 32768) File "C:\Windows\System32\wkscli.dll" is sparse (flags = 32768) File "C:\Windows\System32\cscapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\uxtheme.dll" is sparse (flags = 32768) File "C:\Windows\System32\iertutil.dll" is sparse (flags = 32768) File "C:\Windows\System32\iertutil.dll" is sparse (flags = 32768) File "C:\Windows\System32\ONDEMANDCONNROUTEHELPER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\IPHLPAPI.DLL" is sparse (flags = 32768) File "C:\Windows\System32\winhttp.dll" is sparse (flags = 32768) File "C:\Windows\System32\mswsock.dll" is sparse (flags = 32768) File "C:\Windows\System32\nsi.dll" is sparse (flags = 32768) File "C:\Windows\System32\winnsi.dll" is sparse (flags = 32768) File "C:\Windows\System32\dnsapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\urlmon.dll" is sparse (flags = 32768) File "C:\Windows\System32\rasadhlp.dll" is sparse (flags = 32768) File "C:\Windows\System32\FWPUCLNT.DLL" is sparse (flags = 32768) File "C:\Windows\System32\msctf.dll" is sparse (flags = 32768) File "C:\Windows\System32\dwmapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\dhcpcsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\ntmarta.dll" is sparse (flags = 32768) File "C:\Windows\System32\clbcatq.dll" is sparse (flags = 32768) File "C:\Windows\System32\wtsapi32.dll" is sparse (flags = 32768) File "C:\Windows\System32\winsta.dll" is sparse (flags = 32768) File "C:\Windows\System32\efswrt.dll" is sparse (flags = 32768) File "C:\Windows\System32\WinTypes.dll" is sparse (flags = 32768) File "C:\Windows\System32\edputil.dll" is sparse (flags = 32768) File "C:\Windows\System32\propsys.dll" is sparse (flags = 32768) File "C:\Windows\System32\mssprxy.dll" is sparse (flags = 32768) File "C:\Windows\System32\smss.exe" is sparse (flags = 32768) File "C:\Windows\System32\csrss.exe" is sparse (flags = 32768) File "C:\Windows\System32\wininit.exe" is sparse (flags = 32768) File "C:\Windows\System32\services.exe" is sparse (flags = 32768) File "C:\Windows\System32\lsass.exe" is sparse (flags = 32768) File "C:\Windows\System32\svchost.exe" is sparse (flags = 32768) File "C:\Windows\System32\winlogon.exe" is sparse (flags = 32768) File "C:\Windows\System32\dwm.exe" is sparse (flags = 32768) File "C:\Windows\System32\setupapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\devobj.dll" is sparse (flags = 32768) File "C:\Windows\System32\devrtl.dll" is sparse (flags = 32768) File "C:\Windows\System32\SPInf.dll" is sparse (flags = 32768) File "C:\Windows\System32\drvstore.dll" is sparse (flags = 32768) File "C:\Windows\System32\WUDFHost.exe" is sparse (flags = 32768) File "C:\Windows\System32\msvcp60.dll" is sparse (flags = 32768) File "C:\Windows\System32\rasapi32.dll" is sparse (flags = 32768) File "C:\Windows\System32\rasman.dll" is sparse (flags = 32768) File "C:\Windows\System32\dbghelp.dll" is sparse (flags = 32768) File "C:\Windows\System32\dbgcore.dll" is sparse (flags = 32768) File "C:\Windows\System32\msxml6.dll" is sparse (flags = 32768) File "C:\Windows\System32\DHCPCSVC6.DLL" is sparse (flags = 32768) File "C:\Windows\System32\NETSETUPSHIM.DLL" is sparse (flags = 32768) File "C:\Windows\System32\NETSETUPAPI.DLL" is sparse (flags = 32768) File "C:\Windows\System32\gpapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\WinSCard.dll" is sparse (flags = 32768) File "C:\Windows\System32\spoolsv.exe" is sparse (flags = 32768) File "C:\Windows\System32\dasHost.exe" is sparse (flags = 32768) File "C:\Windows\System32\sxs.dll" is sparse (flags = 32768) File "C:\Windows\System32\httpapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\msi.dll" is sparse (flags = 32768) File "C:\Windows\System32\webio.dll" is sparse (flags = 32768) File "C:\Windows\System32\schannel.dll" is sparse (flags = 32768) File "C:\Windows\System32\MSKEYPROTECT.DLL" is sparse (flags = 32768) File "C:\Windows\System32\ncrypt.dll" is sparse (flags = 32768) File "C:\Windows\System32\ntasn1.dll" is sparse (flags = 32768) File "C:\Windows\System32\NCRYPTSSLP.DLL" is sparse (flags = 32768) File "C:\Windows\System32\dpapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\mqsvc.exe" is sparse (flags = 32768) File "C:\Windows\System32\cabinet.dll" is sparse (flags = 32768) File "C:\Windows\System32\wsock32.dll" is sparse (flags = 32768) File "C:\Windows\System32\upnp.dll" is sparse (flags = 32768) File "C:\Windows\System32\ssdpapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\wshqos.dll" is sparse (flags = 32768) File "C:\Windows\System32\WSHTCPIP.DLL" is sparse (flags = 32768) File "C:\Windows\System32\wship6.dll" is sparse (flags = 32768) File "C:\Windows\System32\secur32.dll" is sparse (flags = 32768) File "C:\Windows\System32\mscoree.dll" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll" is sparse (flags = 32768) File "C:\Windows\System32\MSVCR120_CLR0400.DLL" is sparse (flags = 32768) File "C:\Windows\System32\MSVCR120_CLR0400.DLL" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System\c9b4fd28dc3c397b3d68f1082b65c3fc\System.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\aef92996898ded5b2ca78fecfa86d323\System.Core.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\dbc19a007569ea2001a975050da8b3af\System.Configuration.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e556397747c99d9c4fc5f4f939c8c6f0\System.Xml.ni.dll" is sparse (flags = 32768) File "C:\Windows\System32\pdh.dll" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\PERFCOUNTER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\ASPNET_COUNTERS.DLL" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASPNET_PERF.DLL" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASPNET_PERF.DLL" is sparse (flags = 32768) File "C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9193_none_d09188224426efcd\msvcr80.dll" is sparse (flags = 32768) File "C:\Windows\System32\browcli.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\9c808d0eeb670a8e8b1781c54c2b8b1e\System.Data.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\9f90efb52ff4cc437c4c19789ca2c5f3\System.Transactions.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\74c4d0f229613635264b9eea34d19217\Microsoft.VisualC.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Ente96d83b35#\f32330064138abf3a5c752b7f3d84b2b\System.EnterpriseServices.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Ente96d83b35#\f32330064138abf3a5c752b7f3d84b2b\System.EnterpriseServices.Wrapper.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\187bd685c44f610586ac25dac5327c26\CustomMarshalers.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Compba577418#\fe3adf1c22cb1e3609dd675a87efd7ac\System.ComponentModel.Composition.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\0521c88cc609dcdfc595b00aeaffc1cc\WindowsBase.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\2be64c7b72fe6d610b0d9368d9ec88df\PresentationCore.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\cdb09dfde216cb81df179801e5fbc764\PresentationFramework.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\eea5df710c79332df59430bf7854018c\System.Xaml.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\29d45c65598ec75c9ad1f324ace8955c\System.Runtime.Serialization.ni.dll" is sparse (flags = 32768) File "C:\Windows\System32\DWrite.dll" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFGFX_V0400.DLL" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PRESENTATIONNATIVE_V0400.DLL" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\10a6336dea6e3c1f1fe4d9e2f75a236c\System.Numerics.ni.dll" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\DIASYMREADER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\perfproc.dll" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSVCHOST.EXE" is sparse (flags = 32768) File "C:\Windows\System32\wbem\WmiPrvSE.exe" is sparse (flags = 32768) File "C:\Windows\System32\sihost.exe" is sparse (flags = 32768) File "C:\Windows\System32\TASKHOSTW.EXE" is sparse (flags = 32768) File "C:\Windows\explorer.exe" is sparse (flags = 32768) File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\REMINDERSSERVER.EXE" is sparse (flags = 32768) File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\REMINDERSSERVER.EXE" is sparse (flags = 32768) File "C:\Windows\System32\TWINAPI.APPCORE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\MrmCoreR.dll" is sparse (flags = 32768) File "C:\Windows\System32\actxprxy.dll" is sparse (flags = 32768) File "C:\Windows\System32\biwinrt.dll" is sparse (flags = 32768) File "C:\Windows\System32\WINDOWS.NETWORKING.CONNECTIVITY.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WINDOWS.NETWORKING.CONNECTIVITY.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WINDOWS.SECURITY.AUTHENTICATION.ONLINEID.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WINDOWS.SECURITY.AUTHENTICATION.ONLINEID.DLL" is sparse (flags = 32768) File "C:\Windows\System32\MMDevAPI.dll" is sparse (flags = 32768) File "C:\Windows\System32\mfplat.dll" is sparse (flags = 32768) File "C:\Windows\System32\WINDOWS.NETWORKING.DLL" is sparse (flags = 32768) File "C:\Windows\System32\MFREADWRITE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\d3d11.dll" is sparse (flags = 32768) File "C:\Windows\System32\dxgi.dll" is sparse (flags = 32768) File "C:\Windows\System32\WINDOWS.NETWORKING.HOSTNAME.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WINDOWS.NETWORKING.HOSTNAME.DLL" is sparse (flags = 32768) File "C:\Windows\System32\RTWorkQ.dll" is sparse (flags = 32768) File "C:\Windows\System32\THREADPOOLWINRT.DLL" is sparse (flags = 32768) File "C:\Windows\System32\RUNTIMEBROKER.EXE" is sparse (flags = 32768) File "C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\SHELLEXPERIENCEHOST.EXE" is sparse (flags = 32768) File "C:\Windows\System32\SEARCHINDEXER.EXE" is sparse (flags = 32768) File "C:\Windows\System32\FONTDRVHOST.EXE" is sparse (flags = 32768) File "C:\Windows\System32\APPLICATIONFRAMEHOST.EXE" is sparse (flags = 32768) File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" is sparse (flags = 32768) File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" is sparse (flags = 32768) File "C:\Windows\System32\opengl32.dll" is sparse (flags = 32768) File "C:\Windows\System32\glu32.dll" is sparse (flags = 32768) File "C:\Windows\System32\ddraw.dll" is sparse (flags = 32768) File "C:\Windows\System32\dciman32.dll" is sparse (flags = 32768) File "C:\Windows\System32\srvcli.dll" is sparse (flags = 32768) File "C:\Windows\System32\wbem\wbemprox.dll" is sparse (flags = 32768) File "C:\Windows\System32\wbemcomn.dll" is sparse (flags = 32768) File "C:\Windows\System32\wbem\wbemsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\wbem\fastprox.dll" is sparse (flags = 32768) File "C:\Windows\System32\DATAEXCHANGE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\dcomp.dll" is sparse (flags = 32768) File "C:\Windows\System32\ieframe.dll" is sparse (flags = 32768) File "C:\Windows\System32\WINDOWSCODECS.DLL" is sparse (flags = 32768) File "C:\Windows\System32\ntshrui.dll" is sparse (flags = 32768) File "C:\Windows\System32\THUMBCACHE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\ICONCODECSERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\SETTINGSYNCHOST.EXE" is sparse (flags = 32768) File "C:\Windows\System32\SYSTEMSETTINGSBROKER.EXE" is sparse (flags = 32768) File "C:\Windows\System32\usp10.dll" is sparse (flags = 32768) File "C:\Windows\System32\credui.dll" is sparse (flags = 32768) File "C:\Windows\System32\hid.dll" is sparse (flags = 32768) File "C:\Windows\System32\oleacc.dll" is sparse (flags = 32768) File "C:\Windows\System32\ntdsapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\samcli.dll" is sparse (flags = 32768) File "C:\Windows\System32\nlaapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\AudioSes.dll" is sparse (flags = 32768) File "C:\Windows\System32\wlanapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\Wpc.dll" is sparse (flags = 32768) File "C:\Windows\System32\MSVCP_WIN.DLL" is sparse (flags = 32768) File "C:\Windows\System32\ucrtbase.dll" is sparse (flags = 32768) File "C:\Windows\System32\DIRECTMANIPULATION.DLL" is sparse (flags = 32768) File "C:\Windows\System32\EXPLORERFRAME.DLL" is sparse (flags = 32768) File "C:\Windows\System32\bthprops.cpl" is sparse (flags = 32768) File "C:\Windows\System32\cryptnet.dll" is sparse (flags = 32768) File "C:\Windows\System32\linkinfo.dll" is sparse (flags = 32768) File "C:\Windows\System32\samlib.dll" is sparse (flags = 32768) File "C:\Windows\System32\mscms.dll" is sparse (flags = 32768) File "C:\Windows\System32\icm32.dll" is sparse (flags = 32768) File "C:\Windows\System32\coml2.dll" is sparse (flags = 32768) File "C:\Windows\System32\shdocvw.dll" is sparse (flags = 32768) File "C:\Windows\System32\MSMPEG2VDEC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\MFPERFHELPER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\msvproc.dll" is sparse (flags = 32768) File "C:\Windows\System32\D3DCOMPILER_47.DLL" is sparse (flags = 32768) File "C:\Windows\System32\d3d9.dll" is sparse (flags = 32768) File "C:\Windows\System32\cryptui.dll" is sparse (flags = 32768) File "C:\Windows\System32\cryptdll.dll" is sparse (flags = 32768) File "C:\Program Files\Windows Defender\MsMpEng.exe" is sparse (flags = 32768) File "C:\Program Files\Windows Defender\NisSrv.exe" is sparse (flags = 32768) File "C:\Program Files\Windows Defender\MpCmdRun.exe" is sparse (flags = 32768) File "C:\Program Files\Windows Defender\MSASCui.exe" is sparse (flags = 32768) File "C:\Windows\System32\SEARCHPROTOCOLHOST.EXE" is sparse (flags = 32768) File "C:\Windows\System32\SEARCHFILTERHOST.EXE" is sparse (flags = 32768) File "C:\Windows\SysWOW64\cmd.exe" is sparse (flags = 32768) File "C:\Windows\System32\cmdext.dll" is sparse (flags = 32768) File "C:\Windows\System32\conhost.exe" is sparse (flags = 32768) File "C:\Windows\SysWOW64\ONEDRIVESETUP.EXE" is sparse (flags = 32768) File "C:\Program Files\Windows Mail\wab.exe" is sparse (flags = 32768) File "C:\Windows\System32\credssp.dll" is sparse (flags = 32768) File "C:\Windows\System32\userinit.exe" is sparse (flags = 32768) File "C:\Windows\System32\scecli.dll" is sparse (flags = 32768) File "C:\Windows\System32\msv1_0.dll" is sparse (flags = 32768) File "C:\Windows\System32\kerberos.dll" is sparse (flags = 32768) File "C:\Windows\System32\wdigest.dll" is sparse (flags = 32768) File "C:\Windows\System32\TSpkg.dll" is sparse (flags = 32768) File "C:\Windows\System32\pku2u.dll" is sparse (flags = 32768) File "C:\Windows\System32\drivers\1394ohci.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\flpydisk.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mspclock.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\acpiex.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\acpi.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\isapnp.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\acpipmi.sys" is sparse (flags = 32768) File "C:\Windows\System32\Locator.exe" is sparse (flags = 32768) File "C:\Windows\System32\drivers\amdk8.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\acpipagr.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\acpitime.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mpsdrv.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\afd.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\BthhfHid.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\asyncmac.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\srv.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\AGP440.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\sdstor.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ahcache.sys" is sparse (flags = 32768) File "C:\Windows\System32\alg.exe" is sparse (flags = 32768) File "C:\Windows\System32\drivers\BASICRENDER.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\BASICRENDER.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\amdppm.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\circlass.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\appid.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\irenum.sys" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASPNET_STATE.EXE" is sparse (flags = 32768) File "C:\Windows\System32\drivers\srv2.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\atapi.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\pciide.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\BASICDISPLAY.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\BASICDISPLAY.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\Ndu.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\bthmodem.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\bowser.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\BTHAVRCPTG.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\BTHAVRCPTG.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\volmgr.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\BUTTONCONVERTER.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\BUTTONCONVERTER.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\BTHHFENUM.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\BTHHFENUM.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\udfs.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\uefi.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\cdfs.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\clfs.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\cdrom.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mup.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\CmBatt.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\cng.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\CNGHWASSIST.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\dfsc.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\disk.sys" is sparse (flags = 32768) File "C:\Windows\System32\dllhost.exe" is sparse (flags = 32768) File "C:\Windows\System32\drivers\condrv.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\dam.sys" is sparse (flags = 32768) File "C:\Windows\System32\DiagSvcs\DIAGNOSTICSHUB.STANDARDCOLLECTOR.SERVICE.EXE" is sparse (flags = 32768) File "C:\Windows\System32\DiagSvcs\DIAGNOSTICSHUB.STANDARDCOLLECTOR.SERVICE.EXE" is sparse (flags = 32768) File "C:\Windows\System32\drivers\dmvsc.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\drmkaud.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\drmkaud.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\serial.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\dxgkrnl.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\umpass.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\tcpip.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\EHSTORCLASS.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\EHSTORTCGDRV.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\EHSTORTCGDRV.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\errdev.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\fileinfo.sys" is sparse (flags = 32768) File "C:\Windows\System32\FXSSVC.exe" is sparse (flags = 32768) File "C:\Windows\System32\drivers\fdc.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\FILECRYPT.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vmstorfl.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ipfltdrv.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\FILETRACE.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\fltMgr.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\monitor.sys" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PRESENTATIONFONTCACHE.EXE" is sparse (flags = 32768) File "C:\Windows\System32\drivers\FSDEPENDS.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\srvnet.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mouclass.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\STORQOSFLT.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\fvevol.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\GAGP30KX.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\VMGENCOUNTER.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\VMGENCOUNTER.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ndisuio.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\MSGPIOCLX.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\WUDFRd.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\wanarp.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\GPUENERGYDRV.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\rasl2tp.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mrxsmb.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\hdaudbus.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\hidbatt.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\hidbth.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\winusb.sys" is sparse (flags = 32768) File "C:\Windows\System32\wbengine.exe" is sparse (flags = 32768) File "C:\Windows\System32\drivers\hidi2c.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\HIDINTERRUPT.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\HIDINTERRUPT.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\hidir.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\hidusb.sys" is sparse (flags = 32768) File "C:\Windows\SysWOW64\perfhost.exe" is sparse (flags = 32768) File "C:\Windows\System32\drivers\http.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\hwpolicy.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\hyperkbd.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ndproxy.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\i8042prt.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ioqos.sys" is sparse (flags = 32768) File "C:\Windows\System32\IEETWCOLLECTOR.EXE" is sparse (flags = 32768) File "C:\Windows\System32\drivers\intelide.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\intelpep.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\intelppm.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\IPMIDrv.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ipnat.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\msiscsi.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mssmbios.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\kbdclass.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\kbdhid.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ksecdd.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ksecpkg.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ksthunk.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\lltdio.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\luafv.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\pcmcia.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vwififlt.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mqac.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mmcss.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mskssrv.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\wimmount.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mrxdav.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\modem.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mspqm.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mouhid.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mountmgr.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mrxsmb10.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mrxsmb20.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\Ucx01000.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ufx01000.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\bridge.sys" is sparse (flags = 32768) File "C:\Windows\System32\msdtc.exe" is sparse (flags = 32768) File "C:\Windows\System32\VSSVC.exe" is sparse (flags = 32768) File "C:\Windows\System32\drivers\MSGPIOWIN32.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\MSGPIOWIN32.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\MSHIDKMDF.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\MSHIDUMDF.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\msisadrv.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mstee.sys" is sparse (flags = 32768) File "C:\Windows\System32\msiexec.exe" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mslldp.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\MTConfig.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\nwifi.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\netbios.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ndis.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ndiscap.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\NDISIMPLATFORM.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\tunnel.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ndistapi.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\usbhub.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\NDISVIRTUALBUS.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ndiswan.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\netbt.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\nsiproxy.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\scfilter.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\WdFilter.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\NV_AGP.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\usbehci.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\usbohci.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\usbuhci.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\USBXHCI.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\parport.sys" is sparse (flags = 32768) File "C:\Windows\System32\vds.exe" is sparse (flags = 32768) File "C:\Windows\System32\drivers\partmgr.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\pci.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\pcw.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\pdc.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\PEAuth.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\qwavedrv.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\raspptp.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\processr.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\pacer.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\rasacd.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\rasacd.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\agilevpn.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\raspppoe.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\rassstp.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\rdbss.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\rdpbus.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\rdpdr.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\RDPVIDEOMINIPORT.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\rdyboost.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\rspndr.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vms3cap.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\swenum.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\sbp2port.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\sdbus.sys" is sparse (flags = 32768) File "C:\Windows\System32\SENSORDATASERVICE.EXE" is sparse (flags = 32768) File "C:\Windows\System32\drivers\SerCx.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\SpbCx.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\serenum.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\SerCx2.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\sermouse.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\URSCX01000.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\sfloppy.sys" is sparse (flags = 32768) File "C:\Windows\System32\snmptrap.exe" is sparse (flags = 32768) File "C:\Windows\System32\drivers\Wdf01000.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\SPACEPORT.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\SPACEPORT.SYS" is sparse (flags = 32768) File "C:\Windows\System32\sppsvc.exe" is sparse (flags = 32768) File "C:\Windows\System32\drivers\volmgrx.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\storahci.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\stornvme.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\storufs.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\storvsc.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\tcpipreg.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\tdx.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\tpm.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\terminpt.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vdrvroot.sys" is sparse (flags = 32768) File "C:\Windows\System32\TIERINGENGINESERVICE.EXE" is sparse (flags = 32768) File "C:\Windows\servicing\TRUSTEDINSTALLER.EXE" is sparse (flags = 32768) File "C:\Windows\System32\drivers\TsUsbFlt.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\TsUsbGD.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\UAGP35.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\uaspstor.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\UcmCx.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\Udecx.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\usbccgp.sys" is sparse (flags = 32768) File "C:\Windows\System32\UI0DETECT.EXE" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ULIAGPKX.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\umbus.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\USBAUDIO.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\usbcir.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\USBHUB3.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\usbprint.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\usbser.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\USBSTOR.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\VERIFIEREXT.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vhdmp.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vhf.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vmbus.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\VMBusHID.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\volsnap.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vpci.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vsmraid.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vwifibus.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\wacompen.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\WdBoot.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\WdiWiFi.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\WdNisDrv.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\wfplwfs.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\WINDOWSTRUSTEDRT.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\wmiacpi.sys" is sparse (flags = 32768) File "C:\Windows\System32\wbem\WmiApSrv.exe" is sparse (flags = 32768) File "C:\Program Files\Windows Media Player\wmpnetwk.exe" is sparse (flags = 32768) File "C:\Windows\System32\drivers\wpcfltr.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\WPDUPFLTR.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ws2ifsl.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\WSDPrint.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\WUDFPf.sys" is sparse (flags = 32768) File "C:\Windows\System32\AJRouter.dll" is sparse (flags = 32768) File "C:\Windows\System32\WINDOWS.STATEREPOSITORY.DLL" is sparse (flags = 32768) File "C:\Windows\System32\AUDIOENDPOINTBUILDER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\AUDIOENDPOINTBUILDER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WALLETSERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\APPXDEPLOYMENTSERVER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\EMBEDDEDMODESVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\inetsrv\APPHOSTSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\ipnathlp.dll" is sparse (flags = 32768) File "C:\Windows\System32\lsm.dll" is sparse (flags = 32768) File "C:\Windows\System32\umpnpmgr.dll" is sparse (flags = 32768) File "C:\Windows\System32\rpcss.dll" is sparse (flags = 32768) File "C:\Windows\System32\appinfo.dll" is sparse (flags = 32768) File "C:\Windows\System32\MESSAGINGSERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\appidsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\AxInstSv.dll" is sparse (flags = 32768) File "C:\Windows\System32\dcpsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\APPREADINESS.DLL" is sparse (flags = 32768) File "C:\Windows\System32\audiosrv.dll" is sparse (flags = 32768) File "C:\Windows\System32\RpcEpMap.dll" is sparse (flags = 32768) File "C:\Windows\System32\dssvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\bdesvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\BFE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\XBLAUTHMANAGER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\netman.dll" is sparse (flags = 32768) File "C:\Windows\System32\DEVICESETUPMANAGER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\cdpsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\umpo.dll" is sparse (flags = 32768) File "C:\Windows\System32\qmgr.dll" is sparse (flags = 32768) File "C:\Windows\System32\ListSvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\lltdsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\bisrv.dll" is sparse (flags = 32768) File "C:\Windows\System32\dhcpcore.dll" is sparse (flags = 32768) File "C:\Windows\System32\browser.dll" is sparse (flags = 32768) File "C:\Windows\System32\BthHFSrv.dll" is sparse (flags = 32768) File "C:\Windows\System32\profsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\pnrpsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\bthserv.dll" is sparse (flags = 32768) File "C:\Windows\System32\provsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\das.dll" is sparse (flags = 32768) File "C:\Windows\System32\LICENSEMANAGERSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\certprop.dll" is sparse (flags = 32768) File "C:\Windows\System32\DMWAPPUSHSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\ClipSVC.dll" is sparse (flags = 32768) File "C:\Windows\System32\COREMESSAGING.DLL" is sparse (flags = 32768) File "C:\Windows\System32\cryptsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\TETHERINGSERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\moshost.dll" is sparse (flags = 32768) File "C:\Windows\System32\DEFRAGSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\DEVQUERYBROKER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\wscsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\WsmSvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\wersvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\wecsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\wcmsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\wkssvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\dot3svc.dll" is sparse (flags = 32768) File "C:\Windows\System32\DIAGTRACK.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WINDOWS.INTERNAL.MANAGEMENT.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WINDOWS.INTERNAL.MANAGEMENT.DLL" is sparse (flags = 32768) File "C:\Windows\System32\MPSSVC.dll" is sparse (flags = 32768) File "C:\Windows\System32\fdPHost.dll" is sparse (flags = 32768) File "C:\Windows\System32\dnsrslvr.dll" is sparse (flags = 32768) File "C:\Windows\System32\dps.dll" is sparse (flags = 32768) File "C:\Windows\System32\WERCPLSUPPORT.DLL" is sparse (flags = 32768) File "C:\Windows\System32\eapsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\efssvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\ENTERPRISEAPPMGMTSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\FntCache.dll" is sparse (flags = 32768) File "C:\Windows\System32\es.dll" is sparse (flags = 32768) File "C:\Windows\System32\sdrsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\srvsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\FDResPub.dll" is sparse (flags = 32768) File "C:\Windows\System32\upnphost.dll" is sparse (flags = 32768) File "C:\Windows\System32\fhsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\gpsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\hidserv.dll" is sparse (flags = 32768) File "C:\Windows\System32\IKEEXT.DLL" is sparse (flags = 32768) File "C:\Windows\System32\iphlpsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\keyiso.dll" is sparse (flags = 32768) File "C:\Windows\System32\msdtckrm.dll" is sparse (flags = 32768) File "C:\Windows\System32\lfsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\lmhsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\iscsiexe.dll" is sparse (flags = 32768) File "C:\Windows\System32\nsisvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\nlasvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\ngcsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\NcaSvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\NCDAUTOSETUP.DLL" is sparse (flags = 32768) File "C:\Windows\System32\NCBSERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\netlogon.dll" is sparse (flags = 32768) File "C:\Windows\System32\trkwks.dll" is sparse (flags = 32768) File "C:\Windows\System32\NETPROFMSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\NETSETUPSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\icsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\NGCCTNRSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\APHOSTSERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\pcasvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\p2psvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\PHONESERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\PIMINDEXMAINTENANCE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\pla.dll" is sparse (flags = 32768) File "C:\Windows\System32\pnrpauto.dll" is sparse (flags = 32768) File "C:\Windows\System32\IPSECSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\qwave.dll" is sparse (flags = 32768) File "C:\Windows\System32\rasauto.dll" is sparse (flags = 32768) File "C:\Windows\System32\rasmans.dll" is sparse (flags = 32768) File "C:\Windows\System32\mprdim.dll" is sparse (flags = 32768) File "C:\Windows\System32\regsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\RDXSERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\schedsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\SCardSvr.dll" is sparse (flags = 32768) File "C:\Windows\System32\XBLGAMESAVE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\SCDEVICEENUM.DLL" is sparse (flags = 32768) File "C:\Windows\System32\seclogon.dll" is sparse (flags = 32768) File "C:\Windows\System32\Sens.dll" is sparse (flags = 32768) File "C:\Windows\System32\SENSORSERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\sensrsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\SessEnv.dll" is sparse (flags = 32768) File "C:\Windows\System32\shsvcs.dll" is sparse (flags = 32768) File "C:\Windows\System32\TILEOBJSERVER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\smphost.dll" is sparse (flags = 32768) File "C:\Windows\System32\SMSROUTERSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\SMSROUTERSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\StorSvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\sstpsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\ssdpsrv.dll" is sparse (flags = 32768) File "C:\Windows\System32\wiaservc.dll" is sparse (flags = 32768) File "C:\Windows\System32\svsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\swprv.dll" is sparse (flags = 32768) File "C:\Windows\System32\inetsrv\iisw3adm.dll" is sparse (flags = 32768) File "C:\Windows\System32\sysmain.dll" is sparse (flags = 32768) File "C:\Windows\System32\SYSTEMEVENTSBROKERSERVER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\SYSTEMEVENTSBROKERSERVER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\TabSvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\termsrv.dll" is sparse (flags = 32768) File "C:\Windows\System32\tapisrv.dll" is sparse (flags = 32768) File "C:\Windows\System32\THEMESERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\TIMEBROKERSERVER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\TZAUTOUPDATE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\umrdp.dll" is sparse (flags = 32768) File "C:\Windows\System32\Unistore.dll" is sparse (flags = 32768) File "C:\Windows\System32\USERDATASERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\usermgr.dll" is sparse (flags = 32768) File "C:\Windows\System32\usocore.dll" is sparse (flags = 32768) File "C:\Windows\System32\vaultsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\w32time.dll" is sparse (flags = 32768) File "C:\Windows\System32\inetsrv\w3logsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\wbiosrvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\wwansvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\WUDFSvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\wlidsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\wlansvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\wcncsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\WebClnt.dll" is sparse (flags = 32768) File "C:\Windows\System32\WCSPLUGINSERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\wdi.dll" is sparse (flags = 32768) File "C:\Windows\System32\WEPHOSTSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\wiarpc.dll" is sparse (flags = 32768) File "C:\Windows\System32\wbem\WMIsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\WORKFOLDERSSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WPDBUSENUM.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WPNSERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WSSERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\wuaueng.dll" is sparse (flags = 32768) File "C:\Windows\System32\XBOXNETAPISVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\rundll32.exe" is sparse (flags = 32768) File "C:\Program Files\Windows Mail\WinMail.exe" is sparse (flags = 32768) File "C:\Windows\System32\unregmp2.exe" is sparse (flags = 32768) File "C:\Windows\System32\ie4uinit.exe" is sparse (flags = 32768) File "C:\Windows\SysWOW64\rundll32.exe" is sparse (flags = 32768) File "C:\Users\PinheiroLLB\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768) File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768) Scan finished ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-206848-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-249145344-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-63-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-1-102414375-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-2-614421990-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-3-1228827915-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-2-0-32-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-3-0-2048-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-r.mbam... Removal finished |
01.03.2016, 14:39 | #13 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win 10 Rogue.953320 Malware Adware/Junkware/Toolbars entfernen Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop! Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren! 1. Schritt: adwCleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
01.03.2016, 15:23 | #14 |
| Win 10 Rogue.953320 Malware okay hier adwclean: Code:
ATTFilter # AdwCleaner v5.037 - Bericht erstellt am 01/03/2016 um 15:01:02 # Aktualisiert am 28/02/2016 von Xplode # Datenbank : 2016-02-28.2 [Lokal] # Betriebssystem : Windows 10 Home (x64) # Benutzername : xxxx # Gestartet von : C:\Users\PinheiroLLB\Desktop\AdwCleaner_5.037 (1).exe # Option : Suchlauf # Unterstützung : hxxp://toolslib.net/forum ***** [ Dienste ] ***** ***** [ Ordner ] ***** ***** [ Dateien ] ***** ***** [ DLL ] ***** ***** [ Verknüpfungen ] ***** ***** [ Aufgabenplanung ] ***** ***** [ Registrierungsdatenbank ] ***** ***** [ Internetbrowser ] ***** ************************* C:\AdwCleaner\AdwCleaner[C1].txt - [2568 Bytes] - [01/03/2016 15:00:18] C:\AdwCleaner\AdwCleaner[R0].txt - [1085 Bytes] - [05/11/2014 15:27:36] C:\AdwCleaner\AdwCleaner[S0].txt - [1138 Bytes] - [05/11/2014 15:28:32] C:\AdwCleaner\AdwCleaner[S1].txt - [2616 Bytes] - [01/03/2016 14:59:15] C:\AdwCleaner\AdwCleaner[S2].txt - [954 Bytes] - [01/03/2016 15:01:02] ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1026 Bytes] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.3 (02.09.2016) Operating System: Windows 10 Home x64 Ran by XXXXX (Administrator) on 01.03.2016 at 15:03:01,77 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 2 Successfully deleted: C:\ProgramData\esellerate (Folder) Successfully deleted: C:\WINDOWS\wininit.ini (File) Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 01.03.2016 at 15:03:57,83 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:27-02-2016 durchgeführt von XXXX (Administrator) auf EARTH1 (01-03-2016 15:04:59) Gestartet von C:\Users\PinheiroLLB\Desktop Geladene Profile: XXXXX (Verfügbare Profile: XXXXX & UpdatusUser & Annabelle) Platform: Windows 10 Home Version 1511 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: Edge) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7560296 2011-12-12] (Realtek Semiconductor) HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2012-09-04] (Saitek) HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2012-09-04] (Saitek) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-12-17] (Apple Inc.) HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.) HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) HKLM-x32\...\Run: [WinampAgent] => G:\Program Files (x86)\Winamp\winampa.exe [85600 2013-11-26] (Nullsoft, Inc.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498720 2015-12-17] (Adobe Systems Inc.) HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2014-11-19] (Cisco Systems, Inc.) HKLM-x32\...\Run: [Agile1pAgent] => G:\Program Files (x86)\1Password 4\Agile1pAgent.exe [4882360 2016-02-23] (AgileBits) HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-07-20] (Western Digital Technologies, Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated) HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.) HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Run: [SanDiskSecureAccess_Manager.exe] => C:\Users\PinheiroLLB\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [30705792 2012-02-14] (Gemalto N.V.) HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.) HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe [761056 2015-12-17] (Adobe Systems Incorporated) HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-10-21] (Apple Inc.) HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1079592 2015-06-26] (Apple Inc.) HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Run: [SkyDrive] => C:\Users\PinheiroLLB\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2015-03-21] (Microsoft Corporation) HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Run: [Dropbox Update] => C:\Users\PinheiroLLB\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.) HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50605696 2016-02-10] (Skype Technologies S.A.) HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd) ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\PinheiroLLB\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918_6\amd64\SkyDriveShell64.dll [2015-03-21] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\PinheiroLLB\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918_6\amd64\SkyDriveShell64.dll [2015-03-21] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\PinheiroLLB\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918_6\amd64\SkyDriveShell64.dll [2015-03-21] (Microsoft Corporation) ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\PinheiroLLB\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_10\FileSyncShell.dll [2016-02-25] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\PinheiroLLB\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_10\FileSyncShell.dll [2016-02-25] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\PinheiroLLB\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_10\FileSyncShell.dll [2016-02-25] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation) Startup: C:\Users\PinheiroLLB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2016-03-01] ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation) Startup: C:\Users\PinheiroLLB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-02-22] ShortcutTarget: Dropbox.lnk -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\PinheiroLLB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HORNETDRIVE starten.lnk [2015-03-27] ShortcutTarget: HORNETDRIVE starten.lnk -> C:\Program Files (x86)\HORNETDRIVE\HORNETDRIVE.exe (antispameurope GmbH) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{e3750fe7-67b0-4170-b8e0-591dd6c63e62}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKU\S-1-5-21-942671010-3624539665-887436449-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-942671010-3624539665-887436449-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-942671010-3624539665-887436449-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: 1Password -> {037C06D5-3893-49E8-9AC0-41F7524AFBF5} -> G:\Program Files (x86)\1Password 4\x64\Agile1pIE4.dll [2016-02-23] (AgileBits) BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-02-23] (Microsoft Corporation) BHO: Kein Name -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> Keine Datei BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-02-23] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated) BHO-x32: 1Password -> {037C06D5-3893-49E8-9AC0-41F7524AFBF5} -> G:\Program Files (x86)\1Password 4\x86\Agile1pIE4.dll [2016-02-23] (AgileBits) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-02-23] (Microsoft Corporation) BHO-x32: Kein Name -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> Keine Datei BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-20] (Oracle Corporation) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-20] (Oracle Corporation) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-942671010-3624539665-887436449-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\PinheiroLLB\AppData\Roaming\Mozilla\Firefox\Profiles\5pzyhjcy.default FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-10] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2013-09-04] (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] () FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-20] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-20] (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-10-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-02-09] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-02-09] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> G:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-09-23] (VideoLAN) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2015-12-17] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems) FF Extension: Avira Browser Safety - C:\Users\PinheiroLLB\AppData\Roaming\Mozilla\Firefox\Profiles\5pzyhjcy.default\Extensions\abs@avira.com.xpi [2016-02-26] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-01-15] StartMenuInternet: FIREFOX.EXE - C:\Users\PinheiroLLB\Documents\Firefox Browser\App\Firefox\firefox.exe Chrome: ======= CHR Profile: C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-01] CHR Extension: (Google Docs) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-01] CHR Extension: (1Password: Password Manager and Secure Wallet) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomjjhallfgjeglblehebfpbcfeobpgk [2016-01-22] CHR Extension: (Google Drive) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-01] CHR Extension: (YouTube) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-01] CHR Extension: (Google Search) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01] CHR Extension: (Adobe Acrobat) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-11-10] CHR Extension: (Google Sheets) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-01] CHR Extension: (iCloud Bookmarks) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2015-11-01] CHR Extension: (Google Analytics Opt-out Add-on (by Google)) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh [2015-11-01] CHR Extension: (Avira Browser Safety) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-02-23] CHR Extension: (Google Docs Offline) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-20] CHR Extension: (Mailvelope) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajibbejlbohfaggdiogboambcijhkke [2016-02-25] CHR Extension: (Chrome Web Store Payments) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-01] CHR Extension: (Gmail) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-01] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2015-12-17] CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08] CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - hxxps://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.) S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation) S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation) S2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [514128 2012-03-19] (REINER SCT) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2809072 2016-01-20] (Microsoft Corporation) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [Datei ist nicht signiert] S2 MBAMScheduler; G:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) S2 MBAMService; G:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) S2 StarMoney 10 OnlineUpdate; C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe [701760 2016-01-26] (Star Finanz-Software Entwicklung und Vertriebs GmbH) S2 StarMoney 8.0 OnlineUpdate; G:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH) R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-10-28] (Western Digital Technologies, Inc.) R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [307576 2015-10-28] (Western Digital Technologies, Inc.) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R4 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2016-01-16] (Avira Operations GmbH & Co. KG) S3 cjusb; C:\Windows\system32\DRIVERS\cjusb.sys [34672 2011-03-29] (REINER SCT) R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [37392 2009-08-31] (Paragon Software Group) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek ) R3 SaiH0461; C:\Windows\system32\DRIVERS\SaiH0461.sys [171144 2007-05-01] (Saitek) S3 SaiH0763; C:\Windows\system32\DRIVERS\SaiH0763.sys [176640 2007-07-18] (Saitek) R3 SaiMini; C:\Windows\System32\drivers\SaiMini.sys [24680 2012-09-05] (Saitek) R3 SaiNtBus; C:\Windows\system32\drivers\SaiBus.sys [52200 2012-09-05] (Saitek) S3 vpnva; C:\Windows\System32\drivers\vpnva64-6.sys [52592 2014-11-19] (Cisco Systems, Inc.) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) R4 gzflt; \??\C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.99.0\gzflt.sys [X] U3 idsvc; kein ImagePath U3 wpcsvc; kein ImagePath ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-03-01 15:04 - 2016-03-01 15:05 - 00027284 _____ C:\Users\PinheiroLLB\Desktop\FRST.txt 2016-03-01 15:04 - 2016-03-01 09:33 - 02371072 _____ (Farbar) C:\Users\PinheiroLLB\Desktop\FRST64.exe 2016-03-01 15:03 - 2016-03-01 15:03 - 00000666 _____ C:\Users\PinheiroLLB\Desktop\JRT.txt 2016-03-01 15:02 - 2016-03-01 15:02 - 01609216 _____ (Malwarebytes) C:\Users\PinheiroLLB\Desktop\JRT.exe 2016-03-01 14:57 - 2016-03-01 14:57 - 01518592 _____ C:\Users\PinheiroLLB\Desktop\AdwCleaner_5.037 (1).exe 2016-03-01 14:21 - 2016-03-01 14:30 - 00000000 ____D C:\Users\PinheiroLLB\Desktop\mbar 2016-03-01 14:21 - 2016-03-01 14:30 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2016-03-01 14:20 - 2016-03-01 14:20 - 16563352 _____ (Malwarebytes Corp.) C:\Users\PinheiroLLB\Desktop\mbar-1.09.3.1001.exe 2016-03-01 14:10 - 2016-03-01 14:10 - 00000000 _____ C:\ProgramData\rebootpending.txt 2016-03-01 13:35 - 2016-03-01 13:35 - 00000017 _____ C:\ProgramData\adaware-installer-reboot-required.tmp 2016-03-01 09:31 - 2016-03-01 15:04 - 00000000 ____D C:\Users\PinheiroLLB\Desktop\Rouge Malware 2016-02-29 21:40 - 2016-02-29 21:40 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2016-02-29 21:39 - 2016-02-29 21:41 - 00198726 _____ C:\WINDOWS\ntbtlog.txt 2016-02-29 21:21 - 2016-02-29 21:21 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Local\Avira-Scout 2016-02-27 14:20 - 2016-02-27 14:20 - 00000000 ____D C:\Users\PinheiroLLB\SkyDrive 2016-02-27 12:01 - 2016-02-27 12:01 - 00000831 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2016-02-27 11:53 - 2016-02-27 11:56 - 00000000 ____D C:\AVZ 2016-02-27 10:46 - 2016-02-27 10:46 - 00000000 _____ C:\Users\PinheiroLLB\Desktop\Neues Textdokument (3).txt 2016-02-22 13:39 - 2016-02-22 18:27 - 00000000 ____D C:\Users\PinheiroLLB\Desktop\Dokumente 2016-02-22 11:48 - 2016-02-22 11:48 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-02-13 16:52 - 2016-02-13 16:52 - 00000000 ____D C:\Users\PinheiroLLB\Desktop\Glasgow UB Box 2016-02-12 09:05 - 2016-02-12 09:05 - 00143554 _____ C:\Users\PinheiroLLB\Desktop\CCR12022016_00000.pdf 2016-02-11 12:34 - 2016-02-11 12:34 - 00000949 _____ C:\Users\Public\Desktop\King's Quest II.lnk 2016-02-11 12:34 - 2016-02-11 12:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AGD Interactive 2016-02-10 12:43 - 2016-01-29 07:57 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2016-02-10 12:43 - 2016-01-29 07:33 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2016-02-10 12:43 - 2016-01-27 07:15 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2016-02-10 12:43 - 2016-01-27 07:15 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2016-02-10 12:43 - 2016-01-27 07:01 - 07476064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-02-10 12:43 - 2016-01-27 07:01 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2016-02-10 12:43 - 2016-01-27 07:01 - 01819720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2016-02-10 12:43 - 2016-01-27 06:59 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe 2016-02-10 12:43 - 2016-01-27 06:57 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2016-02-10 12:43 - 2016-01-27 06:57 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll 2016-02-10 12:43 - 2016-01-27 06:57 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll 2016-02-10 12:43 - 2016-01-27 06:56 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2016-02-10 12:43 - 2016-01-27 06:55 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2016-02-10 12:43 - 2016-01-27 06:55 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe 2016-02-10 12:43 - 2016-01-27 06:54 - 00295264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2016-02-10 12:43 - 2016-01-27 06:46 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll 2016-02-10 12:43 - 2016-01-27 06:46 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll 2016-02-10 12:43 - 2016-01-27 06:45 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2016-02-10 12:43 - 2016-01-27 06:45 - 06605544 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2016-02-10 12:43 - 2016-01-27 06:44 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2016-02-10 12:43 - 2016-01-27 06:44 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe 2016-02-10 12:43 - 2016-01-27 06:43 - 00359776 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2016-02-10 12:43 - 2016-01-27 06:37 - 01998176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2016-02-10 12:43 - 2016-01-27 06:37 - 00576352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2016-02-10 12:43 - 2016-01-27 06:21 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll 2016-02-10 12:43 - 2016-01-27 06:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll 2016-02-10 12:43 - 2016-01-27 06:13 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll 2016-02-10 12:43 - 2016-01-27 06:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2016-02-10 12:43 - 2016-01-27 06:11 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll 2016-02-10 12:43 - 2016-01-27 06:10 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2016-02-10 12:43 - 2016-01-27 06:10 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll 2016-02-10 12:43 - 2016-01-27 06:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll 2016-02-10 12:43 - 2016-01-27 06:08 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll 2016-02-10 12:43 - 2016-01-27 06:07 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll 2016-02-10 12:43 - 2016-01-27 06:05 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-02-10 12:43 - 2016-01-27 06:05 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2016-02-10 12:43 - 2016-01-27 06:05 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll 2016-02-10 12:43 - 2016-01-27 06:05 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2016-02-10 12:43 - 2016-01-27 06:04 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2016-02-10 12:43 - 2016-01-27 06:04 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll 2016-02-10 12:43 - 2016-01-27 06:03 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll 2016-02-10 12:43 - 2016-01-27 06:02 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll 2016-02-10 12:43 - 2016-01-27 06:01 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2016-02-10 12:43 - 2016-01-27 05:59 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll 2016-02-10 12:43 - 2016-01-27 05:58 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2016-02-10 12:43 - 2016-01-27 05:57 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2016-02-10 12:43 - 2016-01-27 05:55 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2016-02-10 12:43 - 2016-01-27 05:55 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2016-02-10 12:43 - 2016-01-27 05:54 - 24603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-02-10 12:43 - 2016-01-27 05:52 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2016-02-10 12:43 - 2016-01-27 05:50 - 02230784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2016-02-10 12:43 - 2016-01-27 05:50 - 01504768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2016-02-10 12:43 - 2016-01-27 05:50 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys 2016-02-10 12:43 - 2016-01-27 05:49 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2016-02-10 12:43 - 2016-01-27 05:48 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-02-10 12:43 - 2016-01-27 05:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll 2016-02-10 12:43 - 2016-01-27 05:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2016-02-10 12:43 - 2016-01-27 05:41 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2016-02-10 12:43 - 2016-01-27 05:39 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2016-02-10 12:43 - 2016-01-27 05:38 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2016-02-10 12:43 - 2016-01-27 05:38 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-02-10 12:43 - 2016-01-27 05:37 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2016-02-10 12:43 - 2016-01-27 05:36 - 02757120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2016-02-10 12:43 - 2016-01-27 05:32 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll 2016-02-10 12:43 - 2016-01-27 05:31 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll 2016-02-10 10:29 - 2016-02-10 10:29 - 00002402 _____ C:\Users\Annabelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-02-10 10:29 - 2016-02-10 10:29 - 00000000 ___RD C:\Users\Annabelle\OneDrive 2016-02-10 10:28 - 2016-02-10 10:29 - 00000000 ____D C:\Users\Annabelle\AppData\Local\Packages 2016-02-10 10:28 - 2016-02-10 10:28 - 00000020 ___SH C:\Users\Annabelle\ntuser.ini 2016-02-10 10:28 - 2016-02-10 10:28 - 00000000 ____D C:\Users\Annabelle\AppData\Local\TileDataLayer 2016-02-10 10:28 - 2016-02-10 10:28 - 00000000 ____D C:\Users\Annabelle\AppData\Local\Publishers 2016-02-01 09:39 - 2016-02-01 09:39 - 00000762 _____ C:\Users\PinheiroLLB\Desktop\SpeedFan.lnk 2016-02-01 09:03 - 2016-02-01 09:03 - 00000000 ____D C:\Program Files\Western Digital ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-03-01 15:04 - 2014-10-30 14:00 - 00000000 ____D C:\FRST 2016-03-01 15:01 - 2014-11-05 15:27 - 00000000 ____D C:\AdwCleaner 2016-03-01 15:01 - 2012-12-09 15:26 - 00001132 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-03-01 15:00 - 2015-09-20 18:27 - 00008192 _____ C:\WINDOWS\SysWOW64\WDPABKP.dat 2016-03-01 14:49 - 2015-06-16 08:53 - 00001248 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-942671010-3624539665-887436449-1000UA.job 2016-03-01 14:36 - 2012-10-03 14:32 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Local\3687D008-A3F4-44C5-9AB9-7FFCC06ABFD1.aplzod 2016-03-01 14:24 - 2012-10-13 17:15 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-03-01 14:21 - 2014-11-05 15:11 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2016-03-01 14:11 - 2013-12-15 18:30 - 00000000 ____D C:\ProgramData\Package Cache 2016-03-01 14:11 - 2012-10-02 19:02 - 00000000 ____D C:\ProgramData\Avira 2016-03-01 14:11 - 2012-10-02 19:02 - 00000000 ____D C:\Program Files (x86)\Avira 2016-03-01 14:06 - 2014-11-05 15:12 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-03-01 14:01 - 2012-12-09 15:26 - 00001128 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-03-01 13:49 - 2015-06-16 08:53 - 00001196 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-942671010-3624539665-887436449-1000Core.job 2016-03-01 12:21 - 2014-12-03 14:18 - 00004162 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{261599DF-B78D-4986-93D8-1E134244C5C4} 2016-03-01 08:56 - 2016-01-16 12:35 - 02113870 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-03-01 08:56 - 2015-10-30 19:35 - 00898280 _____ C:\WINDOWS\system32\perfh007.dat 2016-03-01 08:56 - 2015-10-30 19:35 - 00201766 _____ C:\WINDOWS\system32\perfc007.dat 2016-03-01 08:56 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF 2016-03-01 08:53 - 2015-03-27 15:43 - 00000000 ___RD C:\Users\PinheiroLLB\Documents\Drives 2016-03-01 08:53 - 2015-03-27 15:42 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Roaming\HORNETDRIVE 2016-03-01 08:53 - 2014-11-05 15:21 - 00000000 ___RD C:\Users\PinheiroLLB\iCloudDrive 2016-03-01 08:53 - 2013-07-25 09:15 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Roaming\Dropbox 2016-03-01 08:51 - 2016-01-16 12:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-03-01 08:51 - 2016-01-16 12:35 - 00000000 ____D C:\ProgramData\NVIDIA 2016-02-29 22:09 - 2015-10-30 07:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2016-02-29 22:00 - 2014-06-03 17:32 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Roaming\Skype 2016-02-29 20:42 - 2015-06-17 13:57 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Roaming\AgileBits 2016-02-27 14:20 - 2016-01-16 12:36 - 00000000 ____D C:\Users\PinheiroLLB 2016-02-27 12:31 - 2015-07-03 09:51 - 00000000 ____D C:\Users\PinheiroLLB\Desktop\Dirk Projekte 2016-02-27 12:11 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-02-27 12:01 - 2014-11-05 15:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2016-02-27 11:50 - 2016-01-16 12:47 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Local\Packages 2016-02-27 10:38 - 2015-05-23 13:15 - 00000000 ____D C:\Program Files (x86)\StarMoney 10 2016-02-26 13:54 - 2012-10-07 14:55 - 00000974 _____ C:\WINDOWS\Brpfx04a.ini 2016-02-26 12:08 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps 2016-02-26 12:07 - 2015-03-21 20:46 - 00000000 ___RD C:\Users\PinheiroLLB\OneDrive 2016-02-26 11:15 - 2012-10-23 14:02 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Roaming\PC-FAX TX 2016-02-25 22:48 - 2016-01-17 16:30 - 00002437 _____ C:\Users\PinheiroLLB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-02-24 09:20 - 2015-10-30 08:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-02-24 09:19 - 2013-10-09 12:24 - 00000000 ____D C:\Program Files\Microsoft Office 15 2016-02-22 12:03 - 2015-11-01 12:39 - 00002264 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-02-17 13:58 - 2016-01-16 12:32 - 00000000 ____D C:\Windows.old 2016-02-16 10:27 - 2014-06-03 17:32 - 00000000 ____D C:\ProgramData\Skype 2016-02-13 12:07 - 2014-11-05 15:21 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Local\Apple Inc 2016-02-12 09:29 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\rescache 2016-02-10 20:43 - 2016-01-16 12:47 - 00000000 __RHD C:\Users\Public\AccountPictures 2016-02-10 17:12 - 2015-10-30 19:44 - 00000000 ____D C:\Program Files\Windows Journal 2016-02-10 12:47 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-02-10 12:47 - 2014-08-23 13:21 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-02-10 12:43 - 2014-08-23 13:21 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-02-10 10:29 - 2016-01-16 12:36 - 00000000 ____D C:\Users\Annabelle 2016-02-10 10:29 - 2015-08-27 16:44 - 00000000 ___RD C:\Users\Annabelle\iCloudDrive 2016-02-10 10:28 - 2015-08-27 16:36 - 00002354 _____ C:\Users\Annabelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-02-10 10:28 - 2015-08-27 16:36 - 00002324 _____ C:\Users\Annabelle\Desktop\Google Chrome.lnk 2016-02-05 16:35 - 2015-11-26 17:38 - 00000000 ____D C:\ProgramData\RavensburgerTipToi3 2016-02-05 16:35 - 2015-11-26 17:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\tiptoi® Manager 2016-02-05 16:34 - 2015-11-26 17:30 - 00000000 ____D C:\Users\PinheiroLLB\.oracle_jre_usage 2016-02-05 16:34 - 2014-10-09 15:32 - 00000000 ____D C:\ProgramData\RavensburgerTipToi 2016-02-03 20:01 - 2015-10-30 08:26 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2016-02-03 20:01 - 2015-10-30 08:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2016-02-03 17:41 - 2016-01-16 12:58 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Local\MicrosoftEdge 2016-02-02 13:56 - 2012-12-09 15:26 - 00004190 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2016-02-02 13:56 - 2012-12-09 15:26 - 00003958 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2016-02-01 09:39 - 2015-04-30 09:34 - 00000045 _____ C:\WINDOWS\SysWOW64\initdebug.nfo 2016-02-01 09:03 - 2015-09-20 10:18 - 00000000 ____D C:\ProgramData\Western Digital 2016-02-01 09:03 - 2015-09-20 10:18 - 00000000 ____D C:\Program Files\Common Files\Western Digital 2016-02-01 09:03 - 2015-09-20 10:18 - 00000000 ____D C:\Program Files (x86)\Western Digital 2016-02-01 01:06 - 2015-10-30 08:24 - 00000000 ___SD C:\WINDOWS\system32\F12 2016-02-01 01:06 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog 2016-02-01 01:06 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2016-02-01 01:06 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2016-02-01 01:06 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\oobe 2016-02-01 01:06 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\appraiser 2016-02-01 01:06 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\bcastdvr ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2014-06-12 14:45 - 2014-06-12 14:45 - 0038515 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Durch Trennzeichen getrennte Werte.ADR 2015-02-03 09:30 - 2015-02-03 09:41 - 0000600 _____ () C:\Users\PinheiroLLB\AppData\Local\PUTTY.RND 2013-03-31 21:56 - 2015-04-19 15:52 - 0007636 _____ () C:\Users\PinheiroLLB\AppData\Local\resmon.resmoncfg 2012-12-12 15:36 - 2013-12-11 21:20 - 0000080 _____ () C:\Users\PinheiroLLB\AppData\Local\X-Plane Installer.prf 2012-12-12 10:59 - 2014-03-15 18:34 - 0000073 _____ () C:\Users\PinheiroLLB\AppData\Local\X-Plane_drm.prf 2012-12-12 11:03 - 2012-12-26 20:13 - 0000047 _____ () C:\Users\PinheiroLLB\AppData\Local\x-plane_install_10.txt 2016-03-01 13:35 - 2016-03-01 13:35 - 0000017 _____ () C:\ProgramData\adaware-installer-reboot-required.tmp 2016-03-01 14:10 - 2016-03-01 14:10 - 0000000 _____ () C:\ProgramData\rebootpending.txt Dateien, die verschoben oder gelöscht werden sollten: ==================== C:\Users\PinheiroLLB\FSDreamTeam_GSX.reg C:\Users\PinheiroLLB\FSDreamTeam_JFK V2.reg C:\Users\PinheiroLLB\FSDreamTeam_JFK.reg C:\Users\PinheiroLLB\FSDreamTeam_KLAS.reg C:\Users\PinheiroLLB\FSDreamTeam_Los Angeles V2.reg C:\Users\PinheiroLLB\QualityWings_Ultimate 757 Collection.reg Einige Dateien in TEMP: ==================== C:\Users\Annabelle\AppData\Local\Temp\avgnt.exe C:\Users\PinheiroLLB\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2016-02-29 15:31 ==================== Ende von FRST.txt ============================ Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:27-02-2016 durchgeführt von XXXXX(2016-03-01 15:05:22) Gestartet von C:\Users\PinheiroLLB\Desktop Windows 10 Home Version 1511 (X64) (2016-01-16 11:47:43) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-942671010-3624539665-887436449-500 - Administrator - Disabled) Annabelle (S-1-5-21-942671010-3624539665-887436449-1005 - Limited - Enabled) => C:\Users\Annabelle DefaultAccount (S-1-5-21-942671010-3624539665-887436449-503 - Limited - Disabled) Gast (S-1-5-21-942671010-3624539665-887436449-501 - Limited - Disabled) XXXXX (S-1-5-21-942671010-3624539665-887436449-1000 - Administrator - Enabled) => C:\Users\PinheiroLLB UpdatusUser (S-1-5-21-942671010-3624539665-887436449-1002 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) Active Sky Advanced (HKLM-x32\...\{9B091E1C-781A-4769-9A8D-9AFB6A39EBCC}) (Version: 1.00.0316 - HiFi Flightware) Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.14 - Adobe Systems) Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\{BCFB58FF-181E-472F-A9DB-827B75C1EDF7}) (Version: 12.0.4.144 - Adobe Systems, Inc) Aerosoft's - Aerosoft Launcher (HKLM-x32\...\{EE11CFFC-898C-4875-8A63-8B732A9AD43B}) (Version: 1.2.0.3 - Aerosoft) Aerosoft's - Airbus A318-A319 - PREPAR3D V2.x (HKLM-x32\...\Airbus A318-A319 - PREPAR3D V2.x) (Version: 1.00 - Aerosoft) Aerosoft's - Airbus X Extended - FSX (HKLM-x32\...\Airbus X Extended - FSX) (Version: 1.16 - Aerosoft) Aerosoft's - Airbus X Extended - PrePar3D (HKLM-x32\...\Airbus X Extended - PrePar3D) (Version: 1.16 - Aerosoft) Aerosoft's - Anchorage X (HKLM-x32\...\{3D88DF20-8778-422F-933D-4C4D74210045}) (Version: 1.00 - Aerosoft) aerosoft's - FlightSim Commander 9 (HKLM-x32\...\{F941AABE-E868-42D9-9F38-884250F7898A}) (Version: 9.2.2.0 - aerosoft) Aerosoft's - Manhattan X (HKLM-x32\...\{6ED3756D-BA23-4938-94F9-7C2BFC9B86FC}) (Version: 1.20 - Aerosoft) aerosoft's - Mega Airport Frankfurt X (HKLM-x32\...\{BAEE0C24-C8C2-4820-9DF4-887909F1A286}) (Version: 1.04 - aerosoft) aerosoft's - Nice Cote dAzur X (HKLM-x32\...\{90447E05-DE8E-470D-8D3E-C871D2AE74AF}) (Version: 1.10 - aerosoft) aerosoft's - USCitiesX - San Francisco (HKLM-x32\...\{DF91C497-0315-43F9-BB85-24D82FE5B11A}) (Version: 1.01 - aerosoft) Airbus Series 2 - Evolution Upgrade (FSX) (HKLM-x32\...\Airbus Series 2 - Evolution Upgrade (FSX)) (Version: - ) Airbus Series Vol.2 (FS X) (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Airbus Series Vol.2 (FS X)) (Version: - ) Airport Amsterdam (HKLM-x32\...\Airport Amsterdam) (Version: 1.0.0.0 - Aerosoft GmbH) Airport Zurich (HKLM-x32\...\Airport Zurich) (Version: 1.1.0.0 - Aerosoft GmbH) AivlaSoft EFB (HKLM-x32\...\AivlaSoft EFB) (Version: 1.3.7 - AivlaSoft GmbH) AlacrityPC (HKLM-x32\...\{B6D0F294-B844-4FAF-9993-FAC10E9E0F94}) (Version: 1.0.0 - Ken Salter) Amazon Kindle (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Amazon Kindle) (Version: - Amazon) Apple Application Support (32-Bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.) Apple Application Support (64-Bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.) BlackBox Simulation - Airbus Xtreme (Prologue) (HKLM-x32\...\BlackBox Simulation-Airbus Xtreme (Prologue)) (Version: 0.75.0 - BlackBox Simulation) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Brother MFL-Pro Suite MFC-7440N (HKLM-x32\...\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}) (Version: 1.0.1.0 - Brother Industries, Ltd.) calibre (HKLM-x32\...\{1752D07B-9BEB-414F-9B51-AA529101F0E5}) (Version: 0.9.12 - Kovid Goyal) Canon SELPHY CP800 (HKLM\...\Canon SELPHY CP800) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform) Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.06073 - Cisco Systems, Inc.) Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.06073 - Cisco Systems, Inc.) Hidden Cisco Systems VPN Client 5.0.07.0440 (HKLM\...\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}) (Version: 5.0.7 - Cisco Systems, Inc.) Citavi (HKLM-x32\...\{E12C6653-1FF0-4686-ADB8-589C13AE761F}) (Version: 3.4.0.2 - Swiss Academic Software) Citavi 4 (HKLM-x32\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.4.0.28 - Swiss Academic Software) cyberJack Base Components (HKLM-x32\...\{FC338210-F594-11D3-BA24-00001C3AB4DF}) (Version: 6.10.0 - REINER SCT) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dropbox (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Dropbox) (Version: 3.14.7 - Dropbox, Inc.) FileZilla Client 3.9.0.3 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.3 - Tim Kosse) Firefox Browser (remove only) (HKLM-x32\...\Firefox Browser) (Version: - ) FlightParis Bundle (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\FlightParis Bundle) (Version: - ) FormatFactory 3.3.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.5.0 - Format Factory) Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden FS Global 2010 (HKLM-x32\...\FS Global 2010) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.) Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden HORNETDRIVE (HKLM-x32\...\HORNETDRIVE) (Version: 3.3.1.1086 - antispameurope GmbH) iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.) iFly Jets - The 747-400 V2 for FSX - Hotfix 1 (HKLM-x32\...\iFly Jets - The 747-400 V2 for FSX - Hotfix 1) (Version: - ) iFly Jets - The 747-400 V2 for FSX (HKLM-x32\...\iFly Jets - The 747-400 V2 for FSX) (Version: - ) iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.) Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation) Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden KeyTweak - Keyboard Remapper (remove only) (HKLM-x32\...\KeyTweak) (Version: - ) LFPN - Toussus Le Noble FSX (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\LFPN - Toussus Le Noble FSX) (Version: - ) Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM-x32\...\M2698023) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM-x32\...\M2833941) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM-x32\...\M979906) (Version: - ) Microsoft .NET Framework 1.1 SP1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: - ) Microsoft .NET Framework 1.1 SP1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft ESP SimConnect Client v1.0.20.0 (HKLM-x32\...\{C0A9FCC1-9725-4679-8AC2-FE501B139B63}) (Version: 1.0.20.0 - Microsoft Corporation) Microsoft Flight Simulator SimConnect Client v10.0.60905.0 (HKLM-x32\...\{D1AC9B0B-2727-4811-91DC-1FC3C4E47A9B}) (Version: 10.0.60905.0 - Microsoft Corporation) Microsoft Flight Simulator SimConnect Client v10.0.61242.0 (HKLM-x32\...\{85DF6786-66AA-42EE-8616-AE456B07BD99}) (Version: 10.0.61242.0 - Microsoft Corporation) Microsoft Flight Simulator SimConnect Client v10.0.61259.0 (HKLM-x32\...\{D61CA184-3F6D-4A50-B2CC-7A18447D6A8D}) (Version: 10.0.61259.0 - Microsoft Corporation) Microsoft Flight Simulator X Service Pack 2 (HKLM-x32\...\{E7CC4B85-DC2F-463F-8FEB-E7398E25C19A}) (Version: 10.0.61472.0 - Microsoft Game Studios) Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation) Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.4797.1003 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation) Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser und SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) NavDataPro (HKLM-x32\...\NavDataPro) (Version: 1.0.1.6 - Aerosoft GmbH) NVIDIA 3D Vision Controller-Treiber 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.07 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 314.07 - NVIDIA Corporation) NVIDIA Grafiktreiber 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.07 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.23.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.23.1 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation) NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4797.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4797.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4797.1003 - Microsoft Corporation) Hidden Paragon Festplatten Manager 10 - Drive Backup (HKLM-x32\...\{F8013DD1-574B-4921-A473-88A2F7A34D16}) (Version: 90.00.0003 - Paragon Software) Paragon Festplatten Manager 10 - Partition Manager (HKLM\...\{986A654F-F1E4-11DD-9FCA-005056C00008}) (Version: 90.00.0003 - Paragon Software) Parallels runtime modules (x32 Version: 1.00.0000 - Parallels) Hidden Parallels USB Driver (x32 Version: 6.00.23046 - Parallels) Hidden PMDG 737 6700 NGX RTM (HKLM-x32\...\{C7EE862A-D83D-4A9F-B746-CBDE39BD7001}) (Version: 1.00.3219 - PMDG Simulations, LLC.) PMDG 737 8900 NGX (HKLM-x32\...\{20708FD5-E94D-4097-A21E-E28564CDBC06}) (Version: 1.00.3219 - PMDG Simulations, LLC.) PMDG 777-200LR/F Base Package FSX (HKLM-x32\...\{0F16340B-5B5B-4531-8D87-4952E3BCA6E6}) (Version: 1.10.6061 - PMDG Simulations, LLC.) PMDG MD-11 (FSX version of COMBO) (HKLM-x32\...\{CED6EAB9-9FFD-44B2-939A-D77905AD35F3}) (Version: 1.00.0003 - Precision Manuals Development Group) PMDGMD11X_GE_AA (HKLM-x32\...\{ABB4DB59-0284-414D-9346-4992E1856E7F}) (Version: 1.00.0000 - Precision Manuals Development Group) PMDGMD11X_GE_LH (HKLM-x32\...\{3DB1F8B4-96A5-45B8-9C50-CB5828A0B1C6}) (Version: 1.00.0000 - Precision Manuals Development Group) PMDGMD11X_PW_SR1 (HKLM-x32\...\{E5F249B9-4A7F-482E-951D-005F47F06A43}) (Version: 1.00.0000 - Precision Manuals Development Group) PMDGMD11XF_GE_LHF (HKLM-x32\...\{93ACD680-40F5-4D37-BC07-52FD96AFDDCD}) (Version: 1.00.0000 - Precision Manuals Development Group) Prepar3D v2 Academic (HKLM-x32\...\{92B3FF8A-3C33-4EFC-850D-CF29E54292D9}) (Version: 2.4.11570.0 - Lockheed Martin) Prepar3D v2 Academic (x32 Version: 2.0.9448.0 - Lockheed Martin) Hidden Professional Flight Planner X (HKLM-x32\...\{1A5D2729-4A3B-4CD5-85C8-4896FD44B78D}) (Version: 1.19 - aerosoft) RAAS Professional by FS2Crew (LOCKED) (HKLM-x32\...\RAAS Professional by FS2Crew (LOCKED)) (Version: - ) Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version: - ) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6526 - Realtek Semiconductor Corp.) REX Essential Plus Overdrive (HKLM-x32\...\{9F30A684-44DC-4BDF-89ED-70F9021B851F}) (Version: 3.5.2012.1029 - REX Game Studios) SanDiskSecureAccess_Manager.exe (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe) (Version: 1.1.19755 - Gemalto N.V.) Sigel Beschriftungs-Software für Überweisung und Lastschrift (HKLM-x32\...\Sigel Beschriftungs-Software für Überweisung und Lastschrift) (Version: - ) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation) Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.) Smart Technology Programming Software 7.0.19.4 (HKLM\...\{1970C821-567B-415F-982C-134CB8FB8DAA}) (Version: 7.0.19.4 - Mad Catz) SnapAPI (x32 Version: 4.2.709 - Acronis) Hidden SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - ) StarMoney (x32 Version: 3.0.5.8 - StarFinanz) Hidden StarMoney (x32 Version: 5.0.0.226 - StarFinanz) Hidden StarMoney 10 (HKLM-x32\...\{86B730BC-FFDF-4B50-9127-851A6F152A68}) (Version: 10 - Star Finanz GmbH) StarMoney 8.0 (HKLM-x32\...\{EF2BE7ED-FE44-49B4-A6C3-919CE4790FDE}) (Version: 8.0 - Star Finanz GmbH) Streamripper (Remove only) (HKLM-x32\...\Streamripper) (Version: - ) Streamripper Plugin 1.61.27 (Remove only) (HKLM-x32\...\Streamripper.Plugin) (Version: - ) sv.net (HKLM-x32\...\sv.net) (Version: 15.0 - ITSG GmbH) syngo fastView (HKLM-x32\...\{4CF46E90-60EC-4177-9BE7-5F4BE89BC2E7}) (Version: VX57L38 - Siemens MedSW) tiptoi® Manager 3.0.9 (HKLM-x32\...\9978-5763-2995-5228) (Version: 3.0.9 - Ravensburger AG) TOPCAT 2.74 Beta 1 - Take-Off and Landing Performance Calculation Tool (HKLM-x32\...\TOPCAT) (Version: 2.74 Beta 1 - FSS GmbH) UK2000 Heathrow Xtreme FSX (HKLM-x32\...\UK2000 Heathrow Xtreme FSX) (Version: 3.0 - UK2000 Scenery) Ultimate Terrain X - Europe (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Ultimate Terrain X - Europe) (Version: - ) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN) vroute.info premium - 1 (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\b4d9024f4f0aca8c) (Version: 2.1.0.8 - vroute) vroute.info premium (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\e16201be0cba039f) (Version: 2.0.7.6 - vroute) WD Quick View (HKLM-x32\...\{4D0776BB-71B7-49A2-A439-24791A4620E1}) (Version: 2.4.14.13 - Western Digital Technologies, Inc.) WD SmartWare (HKLM\...\{37BF2365-3EC7-45E4-9D88-61489F932A0B}) (Version: 2.4.14.13 - Western Digital Technologies, Inc.) WD SmartWare Installer (HKLM-x32\...\{e72369b3-306a-4d10-a766-3433a65e8dc2}) (Version: 2.4.14.13 - Western Digital Technologies, Inc.) Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc) Winamp Erkennungs-Plug-in (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) WinRAR (HKLM\...\WinRAR archiver) (Version: - ) WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{4C810612-124B-4610-93ED-EF7357EA3EDC}) (Version: 21.00.8480 - Buhl Data Service GmbH) X-FMC (HKLM-x32\...\{D215611B-8A8A-4914-9C23-2EF36D8926CF}) (Version: 2.02 - X-FMC) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\PinheiroLLB\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_10\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.) ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {02D25461-8A94-4339-A4D5-72C73FD06B6C} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe Task: {0F573DF1-69F4-4F53-BFBA-5FC40A9A94B5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd) Task: {1532C4A2-9F69-4730-90F8-87E7A44A77EB} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Keine Datei <==== ACHTUNG Task: {1ED0FEE3-A4D0-4AF9-AAD3-505787FD7706} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe Task: {24C3E746-6452-459A-9E93-1D4A301F67D8} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG Task: {24FE594B-CC16-4D77-9ED0-7C8E004CD7C2} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG Task: {25C56614-3CEB-425E-B763-7EC3A508A8AF} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe Task: {2890FDBB-5547-411D-B472-DDE879ADECF1} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe Task: {33CC8B4F-0F03-4A72-9D9B-A4E7A5401D58} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG Task: {3C8E7229-112A-4E9D-95CD-B4653A68A123} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe Task: {42DFD782-7241-449A-9C16-3000CE033C0A} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {450FDACD-9D90-47E7-BADD-C82B624584E3} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {4B09F0D2-A506-4779-9266-C98EA768DA2C} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe Task: {4E59ED50-C5D8-4246-B1B7-C6ADB65E1BBB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated) Task: {4F953E1E-7E9C-4C24-AF6C-86D67D0CDE06} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {5749FA15-E717-4A30-B3C4-9BACA05290F3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {594C849D-DC95-4323-8508-0708E7A37F53} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe Task: {5BD7EE29-8843-48EB-A95A-6EA3038E324B} - System32\Tasks\{00710EDC-947D-4257-A20C-2F1780679420} => pcalua.exe -a C:\Users\PinheiroLLB\Downloads\HiJackThis204.exe -d C:\Users\PinheiroLLB\Downloads Task: {5F1EEA42-3777-40A9-8848-E702D088879E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG Task: {5F9C8D7F-FFD1-424B-9A3B-28358D50D00A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG Task: {6022AE36-967A-4366-A241-0B17AECD3994} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe Task: {63036FEE-3754-4790-89F4-1ED53D884167} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe Task: {68EE2EE5-CEE9-4781-8896-8CCACB349052} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-942671010-3624539665-887436449-1000Core => C:\Users\PinheiroLLB\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.) Task: {6E49DF11-B1BF-4839-B13B-43D9265A4662} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-01-12] (Microsoft Corporation) Task: {712C6861-2B14-4E72-92BA-22B6921FE2B7} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs Task: {72F91625-792E-40F4-AFDE-2057734E5437} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {772513A8-461E-40B1-87E1-4D62F8FABC73} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-01] (Google Inc.) Task: {7E0C0633-D75D-4E6A-AE88-7D42E6BB5D2C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-01] (Google Inc.) Task: {8632EC4F-0DF6-4982-A891-19549646C625} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Keine Datei <==== ACHTUNG Task: {8C7F210B-7703-4060-A8DC-CBD99340D288} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-942671010-3624539665-887436449-1000UA => C:\Users\PinheiroLLB\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.) Task: {8CFC4F80-28AD-4DCB-9F59-BDB30B2DA204} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe Task: {93738455-319D-416A-B75D-67EA051F549C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG Task: {99D23324-7E7F-440F-84AE-619A09734666} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG Task: {9B3BF89F-8FEB-485D-9B24-A0A9B726B7AA} - System32\Tasks\{F52C3292-A378-48F7-A667-A31DC6B87BB1} => pcalua.exe -a C:\Users\PinheiroLLB\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe -c --uninstall Task: {A798075D-9298-4A5C-8106-5A9354F2C71D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe Task: {B1F34822-C928-4172-BEC2-E216460AD834} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-27] (Microsoft Corporation) Task: {B49948F7-0663-4509-8CA6-74FD32D92D78} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe Task: {B57A3EAC-F055-412B-BC48-A3BCFD9A5CB1} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG Task: {B6493125-CB5A-44E4-8066-2A83AEA5FC4B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.) Task: {B9659609-4FBC-4382-83CF-A12B9611AA77} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG Task: {C1D527F1-8D21-4B03-96A2-9933D46769E2} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {CB89D200-0D95-4C40-A985-BB43DDC565C3} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe Task: {CBCB9AF3-FFCB-4AA5-9056-60961A31B62A} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe Task: {CE93E2C0-739D-4B04-B488-81855FD931D2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-01-12] (Microsoft Corporation) Task: {D2CCA1E3-A332-44F1-9A9A-4A1504CAA72E} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe Task: {D7E167E5-6342-4269-86B4-3A08BD29135A} - System32\Tasks\{955920E4-E7F9-47CF-94C4-F8E6A61CB687} => pcalua.exe -a E:\.\windows\setup.exe -d E:\ -c .\windows Task: {DC69A008-8069-4715-B7E8-FB5259456527} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG Task: {DDCC7B16-F1DF-42C3-A419-6F0CE2D85D11} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-27] (Microsoft Corporation) Task: {E841B6A3-96C0-4E06-8611-A489C577F14A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-10] (Adobe Systems Incorporated) Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs Task: {EAE387B3-2F6F-42BD-8A03-CF8A8B0EA352} - System32\Tasks\Western Digital\SmartWare\____Volume_cdbdcca7_0ca1_11e2_be20_806e6f6e6963__uuid_73656761_7465_7375_636b_0090a93953b9_SmartWare_ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe [2015-10-28] (Western Digital Technologies, Inc.) Task: {F544E0DA-E797-45D4-A13A-609AFD9B3E99} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe Task: {FE2F7AF1-CDDD-4CB5-ACBF-B8D6C2318E16} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-942671010-3624539665-887436449-1000Core.job => C:\Users\PinheiroLLB\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-942671010-3624539665-887436449-1000UA.job => C:\Users\PinheiroLLB\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2015-10-30 08:17 - 2015-10-30 08:17 - 00028672 _____ () C:\WINDOWS\SYSTEM32\efsext.dll 2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2012-10-07 14:55 - 2005-04-22 12:36 - 00143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll 2016-01-16 12:32 - 2016-01-16 12:32 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-01-16 12:32 - 2016-01-16 12:32 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2014-05-01 20:29 - 2014-05-01 20:29 - 00098304 _____ () G:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2012-10-07 19:37 - 2010-03-15 10:28 - 00166400 _____ () G:\Program Files\WinRAR\rarext.dll 2014-08-12 09:11 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2016-01-22 09:43 - 2016-01-22 09:43 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2016-01-16 12:32 - 2016-01-16 12:32 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-01-16 12:32 - 2016-01-16 12:32 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-01-16 12:32 - 2016-01-16 12:32 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2016-01-29 17:25 - 2016-01-16 06:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-01-29 17:25 - 2016-01-16 06:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-01-16 12:32 - 2016-01-16 12:32 - 00529408 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.NodeWinrtWrap.dll 2015-10-30 08:18 - 2015-10-30 19:44 - 00037888 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\winrt-projections\bin\Winrt_Projections.node 2015-10-30 08:18 - 2015-10-30 19:44 - 00796160 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http\bin\NodeRT_Windows_Web_Http.node 2015-10-30 08:18 - 2015-10-30 19:44 - 00961024 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.headers\bin\NodeRT_Windows_Web_Http_Headers.node 2015-10-30 08:18 - 2015-10-30 19:44 - 00206336 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.filters\bin\NodeRT_Windows_Web_Http_Filters.node 2015-10-30 08:18 - 2015-10-30 19:44 - 00558592 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.storage.streams\bin\NodeRT_Windows_Storage_Streams.node 2015-10-30 08:18 - 2015-10-30 19:44 - 00397824 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.foundation\bin\NodeRT_Windows_Foundation.node 2015-10-30 08:18 - 2015-10-30 19:44 - 00181248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\nodert-buffer-utils\bin\NodeRT_Buffer_Utils.node 2015-10-30 08:18 - 2015-10-30 19:44 - 00093696 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.security.cryptography\bin\NodeRT_Windows_Security_Cryptography.node 2015-10-30 08:18 - 2015-10-30 19:43 - 00200192 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.cortana.pal\bin\NodeRT_Windows_Cortana_PAL.node 2016-01-16 12:32 - 2016-01-16 12:32 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-01-16 12:32 - 2016-01-16 12:32 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2015-10-30 08:18 - 2015-10-30 08:18 - 00218456 _____ () c:\windows\system32\WerEtw.dll 2014-11-19 16:36 - 2014-11-19 16:36 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll 2015-10-13 05:46 - 2015-10-13 05:46 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2015-10-13 05:45 - 2015-10-13 05:45 - 00237328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll 2016-01-22 09:43 - 2016-01-22 09:43 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2016-01-22 09:43 - 2016-01-22 09:43 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) AlternateDataStreams: C:\ProgramData\TEMP:74603393 AlternateDataStreams: C:\Users\PinheiroLLB\.DS_Store:AFP_AfpInfo ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) IE trusted site: HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\uni-koeln.de -> hxxps://vpngate.uni-koeln.de ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2006-11-02 13:34 - 2014-11-04 19:19 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-942671010-3624539665-887436449-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\PinheiroLLB\AppData\Local\Microsoft\Windows\Themes\img17.jpg DNS Servers: 192.168.178.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKLM\...\StartupApproved\Run32: => "ControlCenter3" HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\StartupApproved\Run: => "SkyDrive" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808 FirewallRules: [{DABF8B65-4EAD-47C6-A76A-6975F9BF0179}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{9080D6F9-11C2-4943-BD3A-590E7206B865}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{D44E990A-1C0E-471A-ABE4-396F9F7F716C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{63AB1C45-34BD-4D72-AAA9-2579C3E52970}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{1DCDF590-12BC-412B-8E4D-EB237E660A9D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{34A0857F-C12A-4857-BAF3-F3183506780C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{F5F240FD-C28C-475F-8D57-12FE0409FF6E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{3DF0AC30-998F-4392-BDC9-04D11149AF0C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{46DB165E-B162-4947-BAED-DE0F73061D82}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{A06FB2EB-6751-4290-8ADF-808F1F95E459}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlupdater.exe FirewallRules: [{3FBA1DE5-90DB-4E5B-A899-EC39324C8758}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlupdater.exe FirewallRules: [{7D4A5320-14D6-4D2D-AAD6-14C4E76F22EB}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlactivator.exe FirewallRules: [{26ABC75B-081D-4BFA-9E34-D779EC269C7C}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlactivator.exe FirewallRules: [{1517D475-0977-4EB2-A9CC-8BBF78AE57FF}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlhtmlrenderer.exe FirewallRules: [{ABFCAD0D-7E63-4FF4-A893-347D268471B0}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlhtmlrenderer.exe FirewallRules: [{7E4A4DD7-EBE8-48E1-B6FD-8541EE2E117F}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\ActivePresenter.exe FirewallRules: [{E9E752E9-5DEE-472B-A115-6EFF96E20235}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\ActivePresenter.exe FirewallRules: [{B8F9E71D-A404-448E-B998-EB23552B5DE0}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlupdater.exe FirewallRules: [{79D79628-82B0-4F24-BAB8-2CF6172C7C32}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlupdater.exe FirewallRules: [{4D047BB9-FA13-412E-855D-692DBFA3A480}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlactivator.exe FirewallRules: [{BFFDFB52-BD9A-4B44-A540-2D634D7713C1}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlactivator.exe FirewallRules: [{D84594B8-98CF-407E-9821-BED784B894CB}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlhtmlrenderer.exe FirewallRules: [{F3943234-A711-4457-ACA4-5B150D204FA8}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlhtmlrenderer.exe FirewallRules: [{5B9AEDAF-67CD-4C6B-B1A7-3930D43F85DD}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\ActivePresenter.exe FirewallRules: [{D26CE3FE-3718-4490-BDB0-2968380BE985}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\ActivePresenter.exe FirewallRules: [UDP Query User{E0F078E5-80F8-432B-9BE2-6273EB952751}G:\program files (x86)\1password 4\1password.exe] => (Allow) G:\program files (x86)\1password 4\1password.exe FirewallRules: [TCP Query User{3BF9C57B-CEAB-4E39-8FA4-4F3768757B80}G:\program files (x86)\1password 4\1password.exe] => (Allow) G:\program files (x86)\1password 4\1password.exe FirewallRules: [{C1D66DB4-22F1-4051-9C54-F6B3BA25FE43}] => (Allow) C:\Program Files (x86)\StarMoney 10\app\StarMoney.exe FirewallRules: [{0F552548-4FB8-4928-A0C4-91EB93ADF1D4}] => (Allow) C:\Program Files (x86)\StarMoney 10\app\StarMoney.exe FirewallRules: [{BB98C012-9C7F-4C38-8F56-EE99D703B5BE}] => (Allow) C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe FirewallRules: [{8630D67C-7F10-4BB6-8D44-29B9C6950C68}] => (Allow) C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe FirewallRules: [{FE8617D4-1406-44EB-AD00-EC64AEFA4D78}] => (Allow) C:\Users\PinheiroLLB\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{D79C223F-85B8-4E9B-8DAB-E30279A3E188}] => (Allow) C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{507BDD47-791E-4A45-9CA4-875E7A922369}] => (Allow) C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{4C2A0F0D-84BC-46EE-9F39-67AFF1FAE1D2}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{9B4613FA-3B91-4499-AA4F-95F2847B0063}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{FE01352C-66CD-45A2-8539-5E7220DEC187}] => (Allow) LPort=4500 FirewallRules: [{CF7056F1-23C0-4B24-A238-EB0C4ABB181E}] => (Allow) LPort=10000 FirewallRules: [{D85A221E-73D2-47CD-8A86-CA370C816E06}] => (Allow) LPort=500 FirewallRules: [UDP Query User{F8D61252-179D-4599-9382-7B1513B8BE84}F:\microsoft games\microsoft flight simulator x\aerosoft\airbus x extended\airbusxconnectextended_ipad_mod_v1.4.exe] => (Allow) F:\microsoft games\microsoft flight simulator x\aerosoft\airbus x extended\airbusxconnectextended_ipad_mod_v1.4.exe FirewallRules: [TCP Query User{DB04BFEF-4A51-4A8D-95B8-4F99B034EF3C}F:\microsoft games\microsoft flight simulator x\aerosoft\airbus x extended\airbusxconnectextended_ipad_mod_v1.4.exe] => (Allow) F:\microsoft games\microsoft flight simulator x\aerosoft\airbus x extended\airbusxconnectextended_ipad_mod_v1.4.exe FirewallRules: [UDP Query User{A9CBE811-BD24-49BF-8E15-580CF9FC98F1}H:\program files (x86)\lockheed martin\prepar3d v2\aerosoft\airbus x extended\airbusxconnectextended.exe] => (Allow) H:\program files (x86)\lockheed martin\prepar3d v2\aerosoft\airbus x extended\airbusxconnectextended.exe FirewallRules: [TCP Query User{82786FD4-1425-4C05-BE85-B725BCC2C878}H:\program files (x86)\lockheed martin\prepar3d v2\aerosoft\airbus x extended\airbusxconnectextended.exe] => (Allow) H:\program files (x86)\lockheed martin\prepar3d v2\aerosoft\airbus x extended\airbusxconnectextended.exe FirewallRules: [{D093013E-0821-41DA-83D4-6EEEFFD480B9}] => (Allow) H:\Program Files (x86)\Lockheed Martin\Prepar3D v2\Prepar3D.exe FirewallRules: [{3A762963-6493-4B6D-9EB3-B14251B0BC95}] => (Allow) H:\Program Files (x86)\Lockheed Martin\Prepar3D v2\Prepar3D.exe FirewallRules: [UDP Query User{5A31A57E-D4CC-4318-8FD7-A3ABE2BCA9BC}F:\program files\ivao\ivai\ivai.exe] => (Allow) F:\program files\ivao\ivai\ivai.exe FirewallRules: [TCP Query User{DDEC5E28-CC7C-4CB9-A741-3E24FE1AEED1}F:\program files\ivao\ivai\ivai.exe] => (Allow) F:\program files\ivao\ivai\ivai.exe FirewallRules: [{51038772-1D25-49D1-8BE6-3F939F655994}] => (Allow) G:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [{5D30B5BE-E3D4-42F1-80C9-5045A31DE548}] => (Allow) G:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [UDP Query User{67AC74AE-F3E2-4095-9813-744AB8E0C987}F:\program files (x86)\aivlasoft\efb\aivlasoft.efb.displayunit.exe] => (Allow) F:\program files (x86)\aivlasoft\efb\aivlasoft.efb.displayunit.exe FirewallRules: [TCP Query User{4B96B91D-C891-4850-BADD-529CD5EBE506}F:\program files (x86)\aivlasoft\efb\aivlasoft.efb.displayunit.exe] => (Allow) F:\program files (x86)\aivlasoft\efb\aivlasoft.efb.displayunit.exe FirewallRules: [UDP Query User{72B00CC3-A400-41D8-A027-C8482C163A11}C:\users\pinheirollb\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\pinheirollb\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [TCP Query User{3E711164-2730-4735-AE10-8D8E0A393D4B}C:\users\pinheirollb\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\pinheirollb\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{E28D8A5E-6ADD-43CF-8702-E18FAF86D751}F:\program files (x86)\aivlasoft\efb\aivlasoft.efb.dataprovider.exe] => (Allow) F:\program files (x86)\aivlasoft\efb\aivlasoft.efb.dataprovider.exe FirewallRules: [TCP Query User{8D50B573-4756-4BC8-8EA8-8DE1E888C5E1}F:\program files (x86)\aivlasoft\efb\aivlasoft.efb.dataprovider.exe] => (Allow) F:\program files (x86)\aivlasoft\efb\aivlasoft.efb.dataprovider.exe FirewallRules: [{3E31C00A-5DC9-4B81-B4C3-3710D245EF2C}] => (Allow) LPort=1900 FirewallRules: [{7220DCA1-8511-4950-B0AD-E1CCD4AF7B42}] => (Allow) LPort=2869 FirewallRules: [{36FCB705-AC62-43A4-9927-E6682197E73D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{19D68882-2617-4759-B846-B5A344854A41}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{F91326F8-3F6A-458C-AA30-F0E7F8C00319}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [UDP Query User{6B7C2993-BAA9-40BB-88E5-ECF227ACADC0}H:\x-plane 10\x-plane-32bit.exe] => (Allow) H:\x-plane 10\x-plane-32bit.exe FirewallRules: [TCP Query User{3F36C02A-F6EE-4F7D-8CF5-19B1AACBA089}H:\x-plane 10\x-plane-32bit.exe] => (Allow) H:\x-plane 10\x-plane-32bit.exe FirewallRules: [UDP Query User{D02E9227-ECD3-4C95-BCAE-7AEA76AA77BC}F:\microsoft games\microsoft flight simulator x\aerosoft\airbus x extended\airbusxconnectextended.exe] => (Allow) F:\microsoft games\microsoft flight simulator x\aerosoft\airbus x extended\airbusxconnectextended.exe FirewallRules: [TCP Query User{DFF071A9-8E9F-4041-848E-AE65E30CC6FA}F:\microsoft games\microsoft flight simulator x\aerosoft\airbus x extended\airbusxconnectextended.exe] => (Allow) F:\microsoft games\microsoft flight simulator x\aerosoft\airbus x extended\airbusxconnectextended.exe FirewallRules: [UDP Query User{EFAE5E0B-AB66-46BC-B914-8E5E23EAD514}H:\x-plane 10\x-plane.exe] => (Allow) H:\x-plane 10\x-plane.exe FirewallRules: [TCP Query User{3ADA6EFB-0E17-40CE-B989-8515A78E35A7}H:\x-plane 10\x-plane.exe] => (Allow) H:\x-plane 10\x-plane.exe FirewallRules: [{AFFA48EF-62B0-4D5B-A60A-30EEDE5D6A7C}] => (Allow) LPort=54925 FirewallRules: [{1D481604-9168-4D80-8823-E8EB9A391C0F}] => (Allow) C:\Program Files (x86)\Brother\Brmfl07b\FAXRX.exe FirewallRules: [{859F9BF3-5318-4FAD-8E64-B3ECF1BC1F1A}] => (Allow) C:\Program Files (x86)\Brother\Brmfl07b\FAXRX.exe FirewallRules: [{858C7A23-E377-463C-9637-DF2046E41CF8}] => (Allow) G:\Program Files (x86)\StarMoney 8.0\app\StarMoney.exe FirewallRules: [{5D17DB09-8083-4EE6-A9F0-31388644D735}] => (Allow) G:\Program Files (x86)\StarMoney 8.0\app\StarMoney.exe FirewallRules: [{3CF72D51-4E7A-4E4D-9BAC-A9124934E19B}] => (Allow) G:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe FirewallRules: [{1C9BDFCE-7C41-45A9-9784-8669270E2371}] => (Allow) G:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe FirewallRules: [{E9D1C01F-8F2E-45F9-80A7-C5366AF5719E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{EE1E4EFA-EBFF-4241-914D-5F0151A50170}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{40291CBD-534A-4967-815A-104A7910DD39}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{EE9F1749-47FC-4F7D-AEB9-4A1B3E664280}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{83973102-9920-47E8-8CE9-BED29C2CED10}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{445E180C-2AE7-4FEF-A1CC-248CD1C0FBB5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{EB36A764-5C91-4C27-ABFB-557AE031B835}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Wiederherstellungspunkte ========================= ACHTUNG: Systemwiederherstellung ist deaktiviert ==================== Fehlerhafte Geräte im Gerätemanager ============= Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Unbekanntes USB-Gerät (Fehler beim Anfordern einer Gerätebeschreibung.) Description: Unbekanntes USB-Gerät (Fehler beim Anfordern einer Gerätebeschreibung.) Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: (Standard-USB-Hostcontroller) Service: Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (03/01/2016 03:04:50 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: AppleChromeDAV.exe, Version: 1.4.20.0, Zeitstempel: 0x5551e31d Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x003e002f ID des fehlerhaften Prozesses: 0x35c0 Startzeit der fehlerhaften Anwendung: 0xAppleChromeDAV.exe0 Pfad der fehlerhaften Anwendung: AppleChromeDAV.exe1 Pfad des fehlerhaften Moduls: AppleChromeDAV.exe2 Berichtskennung: AppleChromeDAV.exe3 Vollständiger Name des fehlerhaften Pakets: AppleChromeDAV.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AppleChromeDAV.exe5 Error: (03/01/2016 03:01:59 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: AppleChromeDAV.exe, Version: 1.4.20.0, Zeitstempel: 0x5551e31d Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x003e002f ID des fehlerhaften Prozesses: 0x15e0 Startzeit der fehlerhaften Anwendung: 0xAppleChromeDAV.exe0 Pfad der fehlerhaften Anwendung: AppleChromeDAV.exe1 Pfad des fehlerhaften Moduls: AppleChromeDAV.exe2 Berichtskennung: AppleChromeDAV.exe3 Vollständiger Name des fehlerhaften Pakets: AppleChromeDAV.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AppleChromeDAV.exe5 Error: (03/01/2016 03:00:19 PM) (Source: Perflib) (EventID: 1010) (User: ) Description: C:\Windows\System32\winspool.drvSpooler4 Error: (03/01/2016 03:00:19 PM) (Source: Perflib) (EventID: 1023) (User: ) Description: rdyboost4 Error: (03/01/2016 02:05:20 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 15.0.4797.1003, Zeitstempel: 0x56bf0292 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses: 0x2788 Startzeit der fehlerhaften Anwendung: 0xWINWORD.EXE0 Pfad der fehlerhaften Anwendung: WINWORD.EXE1 Pfad des fehlerhaften Moduls: WINWORD.EXE2 Berichtskennung: WINWORD.EXE3 Vollständiger Name des fehlerhaften Pakets: WINWORD.EXE4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: WINWORD.EXE5 Error: (03/01/2016 02:04:45 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: AppleChromeDAV.exe, Version: 1.4.20.0, Zeitstempel: 0x5551e31d Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x003e002f ID des fehlerhaften Prozesses: 0x2fac Startzeit der fehlerhaften Anwendung: 0xAppleChromeDAV.exe0 Pfad der fehlerhaften Anwendung: AppleChromeDAV.exe1 Pfad des fehlerhaften Moduls: AppleChromeDAV.exe2 Berichtskennung: AppleChromeDAV.exe3 Vollständiger Name des fehlerhaften Pakets: AppleChromeDAV.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AppleChromeDAV.exe5 Error: (03/01/2016 01:36:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Earth1) Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (03/01/2016 01:36:07 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4 Error: (03/01/2016 01:36:07 PM) (Source: Perflib) (EventID: 1023) (User: ) Description: rdyboost4 Error: (03/01/2016 01:36:07 PM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Systemfehler: ============= Error: (03/01/2016 03:00:48 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: %%1056 Error: (03/01/2016 03:00:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Volumeschattenkopie" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (03/01/2016 03:00:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (03/01/2016 03:00:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error: (03/01/2016 03:00:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "WD Backup" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts. Error: (03/01/2016 03:00:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "StarMoney 8.0 OnlineUpdate" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (03/01/2016 03:00:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "MBAMScheduler" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (03/01/2016 03:00:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Microsoft Office-Klick-und-Los-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts. Error: (03/01/2016 03:00:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "WD Drive Manager" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (03/01/2016 03:00:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "StarMoney 10 OnlineUpdate" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. CodeIntegrity: =================================== Date: 2016-03-01 14:57:12.784 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-03-01 14:57:12.769 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-03-01 14:53:33.191 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-03-01 14:53:33.023 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-03-01 14:53:32.914 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-03-01 14:53:32.804 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-03-01 14:53:32.705 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-03-01 14:53:32.594 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-03-01 14:53:32.417 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-03-01 14:53:32.347 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz Prozentuale Nutzung des RAM: 32% Installierter physikalischer RAM: 8147 MB Verfügbarer physikalischer RAM: 5495.84 MB Summe virtueller Speicher: 16339 MB Verfügbarer virtueller Speicher: 14205.07 MB ==================== Laufwerke ================================ Drive c: () (Fixed) (Total:118.7 GB) (Free:33.48 GB) NTFS Drive d: () (Fixed) (Total:0.1 GB) (Free:0.05 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)] Drive f: (FSX) (Fixed) (Total:244.14 GB) (Free:164 GB) NTFS Drive g: (Programme) (Fixed) (Total:48.83 GB) (Free:45.78 GB) NTFS Drive h: (XPlane) (Fixed) (Total:292.97 GB) (Free:213.16 GB) NTFS Drive i: (Data) (Fixed) (Total:345.56 GB) (Free:290.3 GB) NTFS Drive j: (Backup HD) (Fixed) (Total:931.51 GB) (Free:654.3 GB) NTFS Drive l: () (Fixed) (Total:14.9 GB) (Free:12.65 GB) FAT32 ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 7DB1A4CF) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=118.7 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=450 MB) - (Type=27) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7F75FE5A) Partition 1: (Not Active) - (Size=48.8 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=244.1 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=293 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=345.6 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (Size: 14.9 GB) (Disk ID: BD941F46) Partition 1: (Not Active) - (Size=14.9 GB) - (Type=0C) ======================================================== Disk: 3 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 28FDA0DC) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== Ende von Addition.txt ============================ Also ADW Code:
ATTFilter # AdwCleaner v5.037 - Bericht erstellt am 01/03/2016 um 15:18:06 # Aktualisiert am 28/02/2016 von Xplode # Datenbank : 2016-02-28.2 [Lokal] # Betriebssystem : Windows 10 Home (x64) # Benutzername : XXXX - EARTH1 # Gestartet von : C:\Users\PinheiroLLB\Desktop\AdwCleaner_5.037 (2).exe # Option : Suchlauf # Unterstützung : hxxp://toolslib.net/forum ***** [ Dienste ] ***** ***** [ Ordner ] ***** ***** [ Dateien ] ***** ***** [ DLL ] ***** ***** [ Verknüpfungen ] ***** ***** [ Aufgabenplanung ] ***** ***** [ Registrierungsdatenbank ] ***** ***** [ Internetbrowser ] ***** [C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Gefunden : avherald.com [C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Gefunden : cloud-search.linkury.com [C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Gefunden : websearch.ask.com [C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Gefunden : juris.de ************************* C:\AdwCleaner\AdwCleaner[C1].txt - [2568 Bytes] - [01/03/2016 15:00:18] C:\AdwCleaner\AdwCleaner[R0].txt - [1085 Bytes] - [05/11/2014 15:27:36] C:\AdwCleaner\AdwCleaner[S0].txt - [1138 Bytes] - [05/11/2014 15:28:32] C:\AdwCleaner\AdwCleaner[S1].txt - [2616 Bytes] - [01/03/2016 14:59:15] C:\AdwCleaner\AdwCleaner[S2].txt - [1105 Bytes] - [01/03/2016 15:01:02] C:\AdwCleaner\AdwCleaner[S3].txt - [1524 Bytes] - [01/03/2016 15:18:06] ########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1597 Bytes] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.3 (02.09.2016) Operating System: Windows 10 Home x64 Ran by XXXX (Administrator) on 01.03.2016 at 15:19:28,31 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 0 Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 01.03.2016 at 15:20:18,38 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
01.03.2016, 15:28 | #15 |
| Win 10 Rogue.953320 Malware und FRST Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:27-02-2016 durchgeführt von XXXXXX (Administrator) auf EARTH1 (01-03-2016 15:21:18) Gestartet von C:\Users\PinheiroLLB\Desktop Geladene Profile: XXXXXX (Verfügbare Profile: XXXXXX & UpdatusUser & Annabelle) Platform: Windows 10 Home Version 1511 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: Edge) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7560296 2011-12-12] (Realtek Semiconductor) HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2012-09-04] (Saitek) HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2012-09-04] (Saitek) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-12-17] (Apple Inc.) HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.) HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) HKLM-x32\...\Run: [WinampAgent] => G:\Program Files (x86)\Winamp\winampa.exe [85600 2013-11-26] (Nullsoft, Inc.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498720 2015-12-17] (Adobe Systems Inc.) HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2014-11-19] (Cisco Systems, Inc.) HKLM-x32\...\Run: [Agile1pAgent] => G:\Program Files (x86)\1Password 4\Agile1pAgent.exe [4882360 2016-02-23] (AgileBits) HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-07-20] (Western Digital Technologies, Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated) HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.) HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Run: [SanDiskSecureAccess_Manager.exe] => C:\Users\PinheiroLLB\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [30705792 2012-02-14] (Gemalto N.V.) HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.) HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe [761056 2015-12-17] (Adobe Systems Incorporated) HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-10-21] (Apple Inc.) HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1079592 2015-06-26] (Apple Inc.) HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Run: [SkyDrive] => C:\Users\PinheiroLLB\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2015-03-21] (Microsoft Corporation) HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Run: [Dropbox Update] => C:\Users\PinheiroLLB\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.) HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50605696 2016-02-10] (Skype Technologies S.A.) HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd) ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\PinheiroLLB\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918_6\amd64\SkyDriveShell64.dll [2015-03-21] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\PinheiroLLB\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918_6\amd64\SkyDriveShell64.dll [2015-03-21] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\PinheiroLLB\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918_6\amd64\SkyDriveShell64.dll [2015-03-21] (Microsoft Corporation) ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\PinheiroLLB\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_10\FileSyncShell.dll [2016-02-25] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\PinheiroLLB\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_10\FileSyncShell.dll [2016-02-25] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\PinheiroLLB\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_10\FileSyncShell.dll [2016-02-25] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation) Startup: C:\Users\PinheiroLLB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2016-03-01] ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation) Startup: C:\Users\PinheiroLLB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-02-22] ShortcutTarget: Dropbox.lnk -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\PinheiroLLB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HORNETDRIVE starten.lnk [2015-03-27] ShortcutTarget: HORNETDRIVE starten.lnk -> C:\Program Files (x86)\HORNETDRIVE\HORNETDRIVE.exe (antispameurope GmbH) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{e3750fe7-67b0-4170-b8e0-591dd6c63e62}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKU\S-1-5-21-942671010-3624539665-887436449-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-942671010-3624539665-887436449-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-942671010-3624539665-887436449-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: 1Password -> {037C06D5-3893-49E8-9AC0-41F7524AFBF5} -> G:\Program Files (x86)\1Password 4\x64\Agile1pIE4.dll [2016-02-23] (AgileBits) BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-02-23] (Microsoft Corporation) BHO: Kein Name -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> Keine Datei BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-02-23] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated) BHO-x32: 1Password -> {037C06D5-3893-49E8-9AC0-41F7524AFBF5} -> G:\Program Files (x86)\1Password 4\x86\Agile1pIE4.dll [2016-02-23] (AgileBits) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-02-23] (Microsoft Corporation) BHO-x32: Kein Name -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> Keine Datei BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-20] (Oracle Corporation) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-20] (Oracle Corporation) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-942671010-3624539665-887436449-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\PinheiroLLB\AppData\Roaming\Mozilla\Firefox\Profiles\5pzyhjcy.default FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-10] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2013-09-04] (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] () FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-20] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-20] (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-10-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-02-09] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-02-09] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> G:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-09-23] (VideoLAN) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2015-12-17] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems) FF Extension: Avira Browser Safety - C:\Users\PinheiroLLB\AppData\Roaming\Mozilla\Firefox\Profiles\5pzyhjcy.default\Extensions\abs@avira.com.xpi [2016-02-26] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-01-15] StartMenuInternet: FIREFOX.EXE - C:\Users\PinheiroLLB\Documents\Firefox Browser\App\Firefox\firefox.exe Chrome: ======= CHR Profile: C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-01] CHR Extension: (Google Docs) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-01] CHR Extension: (1Password: Password Manager and Secure Wallet) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomjjhallfgjeglblehebfpbcfeobpgk [2016-01-22] CHR Extension: (Google Drive) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-01] CHR Extension: (YouTube) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-01] CHR Extension: (Google Search) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01] CHR Extension: (Adobe Acrobat) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-11-10] CHR Extension: (Google Sheets) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-01] CHR Extension: (iCloud Bookmarks) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2015-11-01] CHR Extension: (Google Analytics Opt-out Add-on (by Google)) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh [2015-11-01] CHR Extension: (Avira Browser Safety) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-02-23] CHR Extension: (Google Docs Offline) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-20] CHR Extension: (Mailvelope) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajibbejlbohfaggdiogboambcijhkke [2016-02-25] CHR Extension: (Chrome Web Store Payments) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-01] CHR Extension: (Gmail) - C:\Users\PinheiroLLB\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-01] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2015-12-17] CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08] CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - hxxps://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.) S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation) S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation) S2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [514128 2012-03-19] (REINER SCT) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2809072 2016-01-20] (Microsoft Corporation) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [Datei ist nicht signiert] S2 MBAMScheduler; G:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) S2 MBAMService; G:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) S2 StarMoney 10 OnlineUpdate; C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe [701760 2016-01-26] (Star Finanz-Software Entwicklung und Vertriebs GmbH) S2 StarMoney 8.0 OnlineUpdate; G:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH) R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-10-28] (Western Digital Technologies, Inc.) R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [307576 2015-10-28] (Western Digital Technologies, Inc.) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R4 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2016-01-16] (Avira Operations GmbH & Co. KG) S3 cjusb; C:\Windows\system32\DRIVERS\cjusb.sys [34672 2011-03-29] (REINER SCT) R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [37392 2009-08-31] (Paragon Software Group) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek ) R3 SaiH0461; C:\Windows\system32\DRIVERS\SaiH0461.sys [171144 2007-05-01] (Saitek) S3 SaiH0763; C:\Windows\system32\DRIVERS\SaiH0763.sys [176640 2007-07-18] (Saitek) R3 SaiMini; C:\Windows\System32\drivers\SaiMini.sys [24680 2012-09-05] (Saitek) R3 SaiNtBus; C:\Windows\system32\drivers\SaiBus.sys [52200 2012-09-05] (Saitek) S3 vpnva; C:\Windows\System32\drivers\vpnva64-6.sys [52592 2014-11-19] (Cisco Systems, Inc.) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) R4 gzflt; \??\C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.99.0\gzflt.sys [X] U3 idsvc; kein ImagePath U3 wpcsvc; kein ImagePath ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-03-01 15:13 - 2016-03-01 15:19 - 01609216 _____ (Malwarebytes) C:\Users\PinheiroLLB\Desktop\JRT (1).exe 2016-03-01 15:13 - 2016-03-01 15:15 - 01518592 _____ C:\Users\PinheiroLLB\Desktop\AdwCleaner_5.037 (2).exe 2016-03-01 15:05 - 2016-03-01 15:05 - 00065678 _____ C:\Users\PinheiroLLB\Desktop\Addition.txt 2016-03-01 15:04 - 2016-03-01 15:21 - 00027259 _____ C:\Users\PinheiroLLB\Desktop\FRST.txt 2016-03-01 15:04 - 2016-03-01 09:33 - 02371072 _____ (Farbar) C:\Users\PinheiroLLB\Desktop\FRST64.exe 2016-03-01 15:03 - 2016-03-01 15:20 - 00000553 _____ C:\Users\PinheiroLLB\Desktop\JRT.txt 2016-03-01 14:21 - 2016-03-01 14:30 - 00000000 ____D C:\Users\PinheiroLLB\Desktop\mbar 2016-03-01 14:21 - 2016-03-01 14:30 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2016-03-01 14:20 - 2016-03-01 14:20 - 16563352 _____ (Malwarebytes Corp.) C:\Users\PinheiroLLB\Desktop\mbar-1.09.3.1001.exe 2016-03-01 14:10 - 2016-03-01 14:10 - 00000000 _____ C:\ProgramData\rebootpending.txt 2016-03-01 13:35 - 2016-03-01 13:35 - 00000017 _____ C:\ProgramData\adaware-installer-reboot-required.tmp 2016-03-01 09:31 - 2016-03-01 15:20 - 00000000 ____D C:\Users\PinheiroLLB\Desktop\Rouge Malware 2016-02-29 21:40 - 2016-02-29 21:40 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2016-02-29 21:39 - 2016-02-29 21:41 - 00198726 _____ C:\WINDOWS\ntbtlog.txt 2016-02-29 21:21 - 2016-02-29 21:21 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Local\Avira-Scout 2016-02-27 14:20 - 2016-02-27 14:20 - 00000000 ____D C:\Users\PinheiroLLB\SkyDrive 2016-02-27 12:01 - 2016-02-27 12:01 - 00000831 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2016-02-27 11:53 - 2016-02-27 11:56 - 00000000 ____D C:\AVZ 2016-02-27 10:46 - 2016-02-27 10:46 - 00000000 _____ C:\Users\PinheiroLLB\Desktop\Neues Textdokument (3).txt 2016-02-22 13:39 - 2016-02-22 18:27 - 00000000 ____D C:\Users\PinheiroLLB\Desktop\Dokumente 2016-02-22 11:48 - 2016-02-22 11:48 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-02-13 16:52 - 2016-02-13 16:52 - 00000000 ____D C:\Users\PinheiroLLB\Desktop\Glasgow UB Box 2016-02-12 09:05 - 2016-02-12 09:05 - 00143554 _____ C:\Users\PinheiroLLB\Desktop\CCR12022016_00000.pdf 2016-02-11 12:34 - 2016-02-11 12:34 - 00000949 _____ C:\Users\Public\Desktop\King's Quest II.lnk 2016-02-11 12:34 - 2016-02-11 12:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AGD Interactive 2016-02-10 12:43 - 2016-01-29 07:57 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2016-02-10 12:43 - 2016-01-29 07:33 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2016-02-10 12:43 - 2016-01-27 07:15 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2016-02-10 12:43 - 2016-01-27 07:15 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2016-02-10 12:43 - 2016-01-27 07:01 - 07476064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-02-10 12:43 - 2016-01-27 07:01 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2016-02-10 12:43 - 2016-01-27 07:01 - 01819720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2016-02-10 12:43 - 2016-01-27 06:59 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe 2016-02-10 12:43 - 2016-01-27 06:57 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2016-02-10 12:43 - 2016-01-27 06:57 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll 2016-02-10 12:43 - 2016-01-27 06:57 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll 2016-02-10 12:43 - 2016-01-27 06:56 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2016-02-10 12:43 - 2016-01-27 06:55 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2016-02-10 12:43 - 2016-01-27 06:55 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe 2016-02-10 12:43 - 2016-01-27 06:54 - 00295264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2016-02-10 12:43 - 2016-01-27 06:46 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll 2016-02-10 12:43 - 2016-01-27 06:46 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll 2016-02-10 12:43 - 2016-01-27 06:45 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2016-02-10 12:43 - 2016-01-27 06:45 - 06605544 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2016-02-10 12:43 - 2016-01-27 06:44 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2016-02-10 12:43 - 2016-01-27 06:44 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe 2016-02-10 12:43 - 2016-01-27 06:43 - 00359776 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2016-02-10 12:43 - 2016-01-27 06:37 - 01998176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2016-02-10 12:43 - 2016-01-27 06:37 - 00576352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2016-02-10 12:43 - 2016-01-27 06:21 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll 2016-02-10 12:43 - 2016-01-27 06:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll 2016-02-10 12:43 - 2016-01-27 06:13 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll 2016-02-10 12:43 - 2016-01-27 06:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2016-02-10 12:43 - 2016-01-27 06:11 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll 2016-02-10 12:43 - 2016-01-27 06:10 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2016-02-10 12:43 - 2016-01-27 06:10 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll 2016-02-10 12:43 - 2016-01-27 06:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll 2016-02-10 12:43 - 2016-01-27 06:08 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll 2016-02-10 12:43 - 2016-01-27 06:07 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll 2016-02-10 12:43 - 2016-01-27 06:05 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-02-10 12:43 - 2016-01-27 06:05 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2016-02-10 12:43 - 2016-01-27 06:05 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll 2016-02-10 12:43 - 2016-01-27 06:05 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2016-02-10 12:43 - 2016-01-27 06:04 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2016-02-10 12:43 - 2016-01-27 06:04 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll 2016-02-10 12:43 - 2016-01-27 06:03 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll 2016-02-10 12:43 - 2016-01-27 06:02 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll 2016-02-10 12:43 - 2016-01-27 06:01 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2016-02-10 12:43 - 2016-01-27 05:59 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll 2016-02-10 12:43 - 2016-01-27 05:58 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2016-02-10 12:43 - 2016-01-27 05:57 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2016-02-10 12:43 - 2016-01-27 05:55 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2016-02-10 12:43 - 2016-01-27 05:55 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2016-02-10 12:43 - 2016-01-27 05:54 - 24603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-02-10 12:43 - 2016-01-27 05:52 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2016-02-10 12:43 - 2016-01-27 05:50 - 02230784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2016-02-10 12:43 - 2016-01-27 05:50 - 01504768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2016-02-10 12:43 - 2016-01-27 05:50 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys 2016-02-10 12:43 - 2016-01-27 05:49 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2016-02-10 12:43 - 2016-01-27 05:48 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-02-10 12:43 - 2016-01-27 05:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll 2016-02-10 12:43 - 2016-01-27 05:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2016-02-10 12:43 - 2016-01-27 05:41 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2016-02-10 12:43 - 2016-01-27 05:39 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2016-02-10 12:43 - 2016-01-27 05:38 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2016-02-10 12:43 - 2016-01-27 05:38 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-02-10 12:43 - 2016-01-27 05:37 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2016-02-10 12:43 - 2016-01-27 05:36 - 02757120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2016-02-10 12:43 - 2016-01-27 05:32 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll 2016-02-10 12:43 - 2016-01-27 05:31 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll 2016-02-10 10:29 - 2016-02-10 10:29 - 00002402 _____ C:\Users\Annabelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-02-10 10:29 - 2016-02-10 10:29 - 00000000 ___RD C:\Users\Annabelle\OneDrive 2016-02-10 10:28 - 2016-02-10 10:29 - 00000000 ____D C:\Users\Annabelle\AppData\Local\Packages 2016-02-10 10:28 - 2016-02-10 10:28 - 00000020 ___SH C:\Users\Annabelle\ntuser.ini 2016-02-10 10:28 - 2016-02-10 10:28 - 00000000 ____D C:\Users\Annabelle\AppData\Local\TileDataLayer 2016-02-10 10:28 - 2016-02-10 10:28 - 00000000 ____D C:\Users\Annabelle\AppData\Local\Publishers 2016-02-01 09:39 - 2016-02-01 09:39 - 00000762 _____ C:\Users\PinheiroLLB\Desktop\SpeedFan.lnk 2016-02-01 09:03 - 2016-02-01 09:03 - 00000000 ____D C:\Program Files\Western Digital ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-03-01 15:21 - 2014-10-30 14:00 - 00000000 ____D C:\FRST 2016-03-01 15:18 - 2014-11-05 15:27 - 00000000 ____D C:\AdwCleaner 2016-03-01 15:01 - 2012-12-09 15:26 - 00001132 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-03-01 15:00 - 2015-09-20 18:27 - 00008192 _____ C:\WINDOWS\SysWOW64\WDPABKP.dat 2016-03-01 14:49 - 2015-06-16 08:53 - 00001248 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-942671010-3624539665-887436449-1000UA.job 2016-03-01 14:36 - 2012-10-03 14:32 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Local\3687D008-A3F4-44C5-9AB9-7FFCC06ABFD1.aplzod 2016-03-01 14:24 - 2012-10-13 17:15 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-03-01 14:21 - 2014-11-05 15:11 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2016-03-01 14:11 - 2013-12-15 18:30 - 00000000 ____D C:\ProgramData\Package Cache 2016-03-01 14:11 - 2012-10-02 19:02 - 00000000 ____D C:\ProgramData\Avira 2016-03-01 14:11 - 2012-10-02 19:02 - 00000000 ____D C:\Program Files (x86)\Avira 2016-03-01 14:06 - 2014-11-05 15:12 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-03-01 14:01 - 2012-12-09 15:26 - 00001128 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-03-01 13:49 - 2015-06-16 08:53 - 00001196 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-942671010-3624539665-887436449-1000Core.job 2016-03-01 12:21 - 2014-12-03 14:18 - 00004162 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{261599DF-B78D-4986-93D8-1E134244C5C4} 2016-03-01 08:56 - 2016-01-16 12:35 - 02113870 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-03-01 08:56 - 2015-10-30 19:35 - 00898280 _____ C:\WINDOWS\system32\perfh007.dat 2016-03-01 08:56 - 2015-10-30 19:35 - 00201766 _____ C:\WINDOWS\system32\perfc007.dat 2016-03-01 08:56 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF 2016-03-01 08:53 - 2015-03-27 15:43 - 00000000 ___RD C:\Users\PinheiroLLB\Documents\Drives 2016-03-01 08:53 - 2015-03-27 15:42 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Roaming\HORNETDRIVE 2016-03-01 08:53 - 2014-11-05 15:21 - 00000000 ___RD C:\Users\PinheiroLLB\iCloudDrive 2016-03-01 08:53 - 2013-07-25 09:15 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Roaming\Dropbox 2016-03-01 08:51 - 2016-01-16 12:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-03-01 08:51 - 2016-01-16 12:35 - 00000000 ____D C:\ProgramData\NVIDIA 2016-02-29 22:09 - 2015-10-30 07:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2016-02-29 22:00 - 2014-06-03 17:32 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Roaming\Skype 2016-02-29 20:42 - 2015-06-17 13:57 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Roaming\AgileBits 2016-02-27 14:20 - 2016-01-16 12:36 - 00000000 ____D C:\Users\PinheiroLLB 2016-02-27 12:31 - 2015-07-03 09:51 - 00000000 ____D C:\Users\PinheiroLLB\Desktop\Dirk Projekte 2016-02-27 12:11 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-02-27 12:01 - 2014-11-05 15:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2016-02-27 11:50 - 2016-01-16 12:47 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Local\Packages 2016-02-27 10:38 - 2015-05-23 13:15 - 00000000 ____D C:\Program Files (x86)\StarMoney 10 2016-02-26 13:54 - 2012-10-07 14:55 - 00000974 _____ C:\WINDOWS\Brpfx04a.ini 2016-02-26 12:08 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps 2016-02-26 12:07 - 2015-03-21 20:46 - 00000000 ___RD C:\Users\PinheiroLLB\OneDrive 2016-02-26 11:15 - 2012-10-23 14:02 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Roaming\PC-FAX TX 2016-02-25 22:48 - 2016-01-17 16:30 - 00002437 _____ C:\Users\PinheiroLLB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-02-24 09:20 - 2015-10-30 08:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-02-24 09:19 - 2013-10-09 12:24 - 00000000 ____D C:\Program Files\Microsoft Office 15 2016-02-22 12:03 - 2015-11-01 12:39 - 00002264 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-02-17 13:58 - 2016-01-16 12:32 - 00000000 ____D C:\Windows.old 2016-02-16 10:27 - 2014-06-03 17:32 - 00000000 ____D C:\ProgramData\Skype 2016-02-13 12:07 - 2014-11-05 15:21 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Local\Apple Inc 2016-02-12 09:29 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\rescache 2016-02-10 20:43 - 2016-01-16 12:47 - 00000000 __RHD C:\Users\Public\AccountPictures 2016-02-10 17:12 - 2015-10-30 19:44 - 00000000 ____D C:\Program Files\Windows Journal 2016-02-10 12:47 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-02-10 12:47 - 2014-08-23 13:21 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-02-10 12:43 - 2014-08-23 13:21 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-02-10 10:29 - 2016-01-16 12:36 - 00000000 ____D C:\Users\Annabelle 2016-02-10 10:29 - 2015-08-27 16:44 - 00000000 ___RD C:\Users\Annabelle\iCloudDrive 2016-02-10 10:28 - 2015-08-27 16:36 - 00002354 _____ C:\Users\Annabelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-02-10 10:28 - 2015-08-27 16:36 - 00002324 _____ C:\Users\Annabelle\Desktop\Google Chrome.lnk 2016-02-05 16:35 - 2015-11-26 17:38 - 00000000 ____D C:\ProgramData\RavensburgerTipToi3 2016-02-05 16:35 - 2015-11-26 17:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\tiptoi® Manager 2016-02-05 16:34 - 2015-11-26 17:30 - 00000000 ____D C:\Users\PinheiroLLB\.oracle_jre_usage 2016-02-05 16:34 - 2014-10-09 15:32 - 00000000 ____D C:\ProgramData\RavensburgerTipToi 2016-02-03 20:01 - 2015-10-30 08:26 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2016-02-03 20:01 - 2015-10-30 08:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2016-02-03 17:41 - 2016-01-16 12:58 - 00000000 ____D C:\Users\PinheiroLLB\AppData\Local\MicrosoftEdge 2016-02-02 13:56 - 2012-12-09 15:26 - 00004190 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2016-02-02 13:56 - 2012-12-09 15:26 - 00003958 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2016-02-01 09:39 - 2015-04-30 09:34 - 00000045 _____ C:\WINDOWS\SysWOW64\initdebug.nfo 2016-02-01 09:03 - 2015-09-20 10:18 - 00000000 ____D C:\ProgramData\Western Digital 2016-02-01 09:03 - 2015-09-20 10:18 - 00000000 ____D C:\Program Files\Common Files\Western Digital 2016-02-01 09:03 - 2015-09-20 10:18 - 00000000 ____D C:\Program Files (x86)\Western Digital 2016-02-01 01:06 - 2015-10-30 08:24 - 00000000 ___SD C:\WINDOWS\system32\F12 2016-02-01 01:06 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog 2016-02-01 01:06 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2016-02-01 01:06 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2016-02-01 01:06 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\oobe 2016-02-01 01:06 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\appraiser 2016-02-01 01:06 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\bcastdvr ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2014-06-12 14:45 - 2014-06-12 14:45 - 0038515 _____ () C:\Users\PinheiroLLB\AppData\Roaming\Durch Trennzeichen getrennte Werte.ADR 2015-02-03 09:30 - 2015-02-03 09:41 - 0000600 _____ () C:\Users\PinheiroLLB\AppData\Local\PUTTY.RND 2013-03-31 21:56 - 2015-04-19 15:52 - 0007636 _____ () C:\Users\PinheiroLLB\AppData\Local\resmon.resmoncfg 2012-12-12 15:36 - 2013-12-11 21:20 - 0000080 _____ () C:\Users\PinheiroLLB\AppData\Local\X-Plane Installer.prf 2012-12-12 10:59 - 2014-03-15 18:34 - 0000073 _____ () C:\Users\PinheiroLLB\AppData\Local\X-Plane_drm.prf 2012-12-12 11:03 - 2012-12-26 20:13 - 0000047 _____ () C:\Users\PinheiroLLB\AppData\Local\x-plane_install_10.txt 2016-03-01 13:35 - 2016-03-01 13:35 - 0000017 _____ () C:\ProgramData\adaware-installer-reboot-required.tmp 2016-03-01 14:10 - 2016-03-01 14:10 - 0000000 _____ () C:\ProgramData\rebootpending.txt Dateien, die verschoben oder gelöscht werden sollten: ==================== C:\Users\PinheiroLLB\FSDreamTeam_GSX.reg C:\Users\PinheiroLLB\FSDreamTeam_JFK V2.reg C:\Users\PinheiroLLB\FSDreamTeam_JFK.reg C:\Users\PinheiroLLB\FSDreamTeam_KLAS.reg C:\Users\PinheiroLLB\FSDreamTeam_Los Angeles V2.reg C:\Users\PinheiroLLB\QualityWings_Ultimate 757 Collection.reg Einige Dateien in TEMP: ==================== C:\Users\Annabelle\AppData\Local\Temp\avgnt.exe C:\Users\PinheiroLLB\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2016-02-29 15:31 ==================== Ende von FRST.txt ============================ Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:27-02-2016 durchgeführt von XXX(2016-03-01 15:25:27) Gestartet von C:\Users\PinheiroLLB\Desktop Windows 10 Home Version 1511 (X64) (2016-01-16 11:47:43) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-942671010-3624539665-887436449-500 - Administrator - Disabled) Annabelle (S-1-5-21-942671010-3624539665-887436449-1005 - Limited - Enabled) => C:\Users\Annabelle DefaultAccount (S-1-5-21-942671010-3624539665-887436449-503 - Limited - Disabled) Gast (S-1-5-21-942671010-3624539665-887436449-501 - Limited - Disabled) YYYY (S-1-5-21-942671010-3624539665-887436449-1000 - Administrator - Enabled) => C:\Users\PinheiroLLB UpdatusUser (S-1-5-21-942671010-3624539665-887436449-1002 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) Active Sky Advanced (HKLM-x32\...\{9B091E1C-781A-4769-9A8D-9AFB6A39EBCC}) (Version: 1.00.0316 - HiFi Flightware) Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.14 - Adobe Systems) Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\{BCFB58FF-181E-472F-A9DB-827B75C1EDF7}) (Version: 12.0.4.144 - Adobe Systems, Inc) Aerosoft's - Aerosoft Launcher (HKLM-x32\...\{EE11CFFC-898C-4875-8A63-8B732A9AD43B}) (Version: 1.2.0.3 - Aerosoft) Aerosoft's - Airbus A318-A319 - PREPAR3D V2.x (HKLM-x32\...\Airbus A318-A319 - PREPAR3D V2.x) (Version: 1.00 - Aerosoft) Aerosoft's - Airbus X Extended - FSX (HKLM-x32\...\Airbus X Extended - FSX) (Version: 1.16 - Aerosoft) Aerosoft's - Airbus X Extended - PrePar3D (HKLM-x32\...\Airbus X Extended - PrePar3D) (Version: 1.16 - Aerosoft) Aerosoft's - Anchorage X (HKLM-x32\...\{3D88DF20-8778-422F-933D-4C4D74210045}) (Version: 1.00 - Aerosoft) aerosoft's - FlightSim Commander 9 (HKLM-x32\...\{F941AABE-E868-42D9-9F38-884250F7898A}) (Version: 9.2.2.0 - aerosoft) Aerosoft's - Manhattan X (HKLM-x32\...\{6ED3756D-BA23-4938-94F9-7C2BFC9B86FC}) (Version: 1.20 - Aerosoft) aerosoft's - Mega Airport Frankfurt X (HKLM-x32\...\{BAEE0C24-C8C2-4820-9DF4-887909F1A286}) (Version: 1.04 - aerosoft) aerosoft's - Nice Cote dAzur X (HKLM-x32\...\{90447E05-DE8E-470D-8D3E-C871D2AE74AF}) (Version: 1.10 - aerosoft) aerosoft's - USCitiesX - San Francisco (HKLM-x32\...\{DF91C497-0315-43F9-BB85-24D82FE5B11A}) (Version: 1.01 - aerosoft) Airbus Series 2 - Evolution Upgrade (FSX) (HKLM-x32\...\Airbus Series 2 - Evolution Upgrade (FSX)) (Version: - ) Airbus Series Vol.2 (FS X) (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Airbus Series Vol.2 (FS X)) (Version: - ) Airport Amsterdam (HKLM-x32\...\Airport Amsterdam) (Version: 1.0.0.0 - Aerosoft GmbH) Airport Zurich (HKLM-x32\...\Airport Zurich) (Version: 1.1.0.0 - Aerosoft GmbH) AivlaSoft EFB (HKLM-x32\...\AivlaSoft EFB) (Version: 1.3.7 - AivlaSoft GmbH) AlacrityPC (HKLM-x32\...\{B6D0F294-B844-4FAF-9993-FAC10E9E0F94}) (Version: 1.0.0 - Ken Salter) Amazon Kindle (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Amazon Kindle) (Version: - Amazon) Apple Application Support (32-Bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.) Apple Application Support (64-Bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.) BlackBox Simulation - Airbus Xtreme (Prologue) (HKLM-x32\...\BlackBox Simulation-Airbus Xtreme (Prologue)) (Version: 0.75.0 - BlackBox Simulation) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Brother MFL-Pro Suite MFC-7440N (HKLM-x32\...\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}) (Version: 1.0.1.0 - Brother Industries, Ltd.) calibre (HKLM-x32\...\{1752D07B-9BEB-414F-9B51-AA529101F0E5}) (Version: 0.9.12 - Kovid Goyal) Canon SELPHY CP800 (HKLM\...\Canon SELPHY CP800) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform) Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.06073 - Cisco Systems, Inc.) Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.06073 - Cisco Systems, Inc.) Hidden Cisco Systems VPN Client 5.0.07.0440 (HKLM\...\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}) (Version: 5.0.7 - Cisco Systems, Inc.) Citavi (HKLM-x32\...\{E12C6653-1FF0-4686-ADB8-589C13AE761F}) (Version: 3.4.0.2 - Swiss Academic Software) Citavi 4 (HKLM-x32\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.4.0.28 - Swiss Academic Software) cyberJack Base Components (HKLM-x32\...\{FC338210-F594-11D3-BA24-00001C3AB4DF}) (Version: 6.10.0 - REINER SCT) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dropbox (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Dropbox) (Version: 3.14.7 - Dropbox, Inc.) FileZilla Client 3.9.0.3 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.3 - Tim Kosse) Firefox Browser (remove only) (HKLM-x32\...\Firefox Browser) (Version: - ) FlightParis Bundle (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\FlightParis Bundle) (Version: - ) FormatFactory 3.3.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.5.0 - Format Factory) Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden FS Global 2010 (HKLM-x32\...\FS Global 2010) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.) Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden HORNETDRIVE (HKLM-x32\...\HORNETDRIVE) (Version: 3.3.1.1086 - antispameurope GmbH) iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.) iFly Jets - The 747-400 V2 for FSX - Hotfix 1 (HKLM-x32\...\iFly Jets - The 747-400 V2 for FSX - Hotfix 1) (Version: - ) iFly Jets - The 747-400 V2 for FSX (HKLM-x32\...\iFly Jets - The 747-400 V2 for FSX) (Version: - ) iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.) Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation) Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden KeyTweak - Keyboard Remapper (remove only) (HKLM-x32\...\KeyTweak) (Version: - ) LFPN - Toussus Le Noble FSX (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\LFPN - Toussus Le Noble FSX) (Version: - ) Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM-x32\...\M2698023) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM-x32\...\M2833941) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM-x32\...\M979906) (Version: - ) Microsoft .NET Framework 1.1 SP1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: - ) Microsoft .NET Framework 1.1 SP1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft ESP SimConnect Client v1.0.20.0 (HKLM-x32\...\{C0A9FCC1-9725-4679-8AC2-FE501B139B63}) (Version: 1.0.20.0 - Microsoft Corporation) Microsoft Flight Simulator SimConnect Client v10.0.60905.0 (HKLM-x32\...\{D1AC9B0B-2727-4811-91DC-1FC3C4E47A9B}) (Version: 10.0.60905.0 - Microsoft Corporation) Microsoft Flight Simulator SimConnect Client v10.0.61242.0 (HKLM-x32\...\{85DF6786-66AA-42EE-8616-AE456B07BD99}) (Version: 10.0.61242.0 - Microsoft Corporation) Microsoft Flight Simulator SimConnect Client v10.0.61259.0 (HKLM-x32\...\{D61CA184-3F6D-4A50-B2CC-7A18447D6A8D}) (Version: 10.0.61259.0 - Microsoft Corporation) Microsoft Flight Simulator X Service Pack 2 (HKLM-x32\...\{E7CC4B85-DC2F-463F-8FEB-E7398E25C19A}) (Version: 10.0.61472.0 - Microsoft Game Studios) Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation) Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.4797.1003 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation) Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser und SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) NavDataPro (HKLM-x32\...\NavDataPro) (Version: 1.0.1.6 - Aerosoft GmbH) NVIDIA 3D Vision Controller-Treiber 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.07 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 314.07 - NVIDIA Corporation) NVIDIA Grafiktreiber 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.07 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.23.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.23.1 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation) NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4797.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4797.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4797.1003 - Microsoft Corporation) Hidden Paragon Festplatten Manager 10 - Drive Backup (HKLM-x32\...\{F8013DD1-574B-4921-A473-88A2F7A34D16}) (Version: 90.00.0003 - Paragon Software) Paragon Festplatten Manager 10 - Partition Manager (HKLM\...\{986A654F-F1E4-11DD-9FCA-005056C00008}) (Version: 90.00.0003 - Paragon Software) Parallels runtime modules (x32 Version: 1.00.0000 - Parallels) Hidden Parallels USB Driver (x32 Version: 6.00.23046 - Parallels) Hidden PMDG 737 6700 NGX RTM (HKLM-x32\...\{C7EE862A-D83D-4A9F-B746-CBDE39BD7001}) (Version: 1.00.3219 - PMDG Simulations, LLC.) PMDG 737 8900 NGX (HKLM-x32\...\{20708FD5-E94D-4097-A21E-E28564CDBC06}) (Version: 1.00.3219 - PMDG Simulations, LLC.) PMDG 777-200LR/F Base Package FSX (HKLM-x32\...\{0F16340B-5B5B-4531-8D87-4952E3BCA6E6}) (Version: 1.10.6061 - PMDG Simulations, LLC.) PMDG MD-11 (FSX version of COMBO) (HKLM-x32\...\{CED6EAB9-9FFD-44B2-939A-D77905AD35F3}) (Version: 1.00.0003 - Precision Manuals Development Group) PMDGMD11X_GE_AA (HKLM-x32\...\{ABB4DB59-0284-414D-9346-4992E1856E7F}) (Version: 1.00.0000 - Precision Manuals Development Group) PMDGMD11X_GE_LH (HKLM-x32\...\{3DB1F8B4-96A5-45B8-9C50-CB5828A0B1C6}) (Version: 1.00.0000 - Precision Manuals Development Group) PMDGMD11X_PW_SR1 (HKLM-x32\...\{E5F249B9-4A7F-482E-951D-005F47F06A43}) (Version: 1.00.0000 - Precision Manuals Development Group) PMDGMD11XF_GE_LHF (HKLM-x32\...\{93ACD680-40F5-4D37-BC07-52FD96AFDDCD}) (Version: 1.00.0000 - Precision Manuals Development Group) Prepar3D v2 Academic (HKLM-x32\...\{92B3FF8A-3C33-4EFC-850D-CF29E54292D9}) (Version: 2.4.11570.0 - Lockheed Martin) Prepar3D v2 Academic (x32 Version: 2.0.9448.0 - Lockheed Martin) Hidden Professional Flight Planner X (HKLM-x32\...\{1A5D2729-4A3B-4CD5-85C8-4896FD44B78D}) (Version: 1.19 - aerosoft) RAAS Professional by FS2Crew (LOCKED) (HKLM-x32\...\RAAS Professional by FS2Crew (LOCKED)) (Version: - ) Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version: - ) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6526 - Realtek Semiconductor Corp.) REX Essential Plus Overdrive (HKLM-x32\...\{9F30A684-44DC-4BDF-89ED-70F9021B851F}) (Version: 3.5.2012.1029 - REX Game Studios) SanDiskSecureAccess_Manager.exe (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe) (Version: 1.1.19755 - Gemalto N.V.) Sigel Beschriftungs-Software für Überweisung und Lastschrift (HKLM-x32\...\Sigel Beschriftungs-Software für Überweisung und Lastschrift) (Version: - ) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation) Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.) Smart Technology Programming Software 7.0.19.4 (HKLM\...\{1970C821-567B-415F-982C-134CB8FB8DAA}) (Version: 7.0.19.4 - Mad Catz) SnapAPI (x32 Version: 4.2.709 - Acronis) Hidden SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - ) StarMoney (x32 Version: 3.0.5.8 - StarFinanz) Hidden StarMoney (x32 Version: 5.0.0.226 - StarFinanz) Hidden StarMoney 10 (HKLM-x32\...\{86B730BC-FFDF-4B50-9127-851A6F152A68}) (Version: 10 - Star Finanz GmbH) StarMoney 8.0 (HKLM-x32\...\{EF2BE7ED-FE44-49B4-A6C3-919CE4790FDE}) (Version: 8.0 - Star Finanz GmbH) Streamripper (Remove only) (HKLM-x32\...\Streamripper) (Version: - ) Streamripper Plugin 1.61.27 (Remove only) (HKLM-x32\...\Streamripper.Plugin) (Version: - ) sv.net (HKLM-x32\...\sv.net) (Version: 15.0 - ITSG GmbH) syngo fastView (HKLM-x32\...\{4CF46E90-60EC-4177-9BE7-5F4BE89BC2E7}) (Version: VX57L38 - Siemens MedSW) tiptoi® Manager 3.0.9 (HKLM-x32\...\9978-5763-2995-5228) (Version: 3.0.9 - Ravensburger AG) TOPCAT 2.74 Beta 1 - Take-Off and Landing Performance Calculation Tool (HKLM-x32\...\TOPCAT) (Version: 2.74 Beta 1 - FSS GmbH) UK2000 Heathrow Xtreme FSX (HKLM-x32\...\UK2000 Heathrow Xtreme FSX) (Version: 3.0 - UK2000 Scenery) Ultimate Terrain X - Europe (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Ultimate Terrain X - Europe) (Version: - ) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN) vroute.info premium - 1 (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\b4d9024f4f0aca8c) (Version: 2.1.0.8 - vroute) vroute.info premium (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\e16201be0cba039f) (Version: 2.0.7.6 - vroute) WD Quick View (HKLM-x32\...\{4D0776BB-71B7-49A2-A439-24791A4620E1}) (Version: 2.4.14.13 - Western Digital Technologies, Inc.) WD SmartWare (HKLM\...\{37BF2365-3EC7-45E4-9D88-61489F932A0B}) (Version: 2.4.14.13 - Western Digital Technologies, Inc.) WD SmartWare Installer (HKLM-x32\...\{e72369b3-306a-4d10-a766-3433a65e8dc2}) (Version: 2.4.14.13 - Western Digital Technologies, Inc.) Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc) Winamp Erkennungs-Plug-in (HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) WinRAR (HKLM\...\WinRAR archiver) (Version: - ) WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{4C810612-124B-4610-93ED-EF7357EA3EDC}) (Version: 21.00.8480 - Buhl Data Service GmbH) X-FMC (HKLM-x32\...\{D215611B-8A8A-4914-9C23-2EF36D8926CF}) (Version: 2.02 - X-FMC) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\PinheiroLLB\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_10\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-942671010-3624539665-887436449-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.) ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {02D25461-8A94-4339-A4D5-72C73FD06B6C} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe Task: {0F573DF1-69F4-4F53-BFBA-5FC40A9A94B5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd) Task: {1532C4A2-9F69-4730-90F8-87E7A44A77EB} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Keine Datei <==== ACHTUNG Task: {1ED0FEE3-A4D0-4AF9-AAD3-505787FD7706} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe Task: {24C3E746-6452-459A-9E93-1D4A301F67D8} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG Task: {24FE594B-CC16-4D77-9ED0-7C8E004CD7C2} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG Task: {25C56614-3CEB-425E-B763-7EC3A508A8AF} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe Task: {2890FDBB-5547-411D-B472-DDE879ADECF1} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe Task: {33CC8B4F-0F03-4A72-9D9B-A4E7A5401D58} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG Task: {3C8E7229-112A-4E9D-95CD-B4653A68A123} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe Task: {42DFD782-7241-449A-9C16-3000CE033C0A} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {450FDACD-9D90-47E7-BADD-C82B624584E3} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {4B09F0D2-A506-4779-9266-C98EA768DA2C} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe Task: {4E59ED50-C5D8-4246-B1B7-C6ADB65E1BBB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated) Task: {4F953E1E-7E9C-4C24-AF6C-86D67D0CDE06} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {5749FA15-E717-4A30-B3C4-9BACA05290F3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {594C849D-DC95-4323-8508-0708E7A37F53} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe Task: {5BD7EE29-8843-48EB-A95A-6EA3038E324B} - System32\Tasks\{00710EDC-947D-4257-A20C-2F1780679420} => pcalua.exe -a C:\Users\PinheiroLLB\Downloads\HiJackThis204.exe -d C:\Users\PinheiroLLB\Downloads Task: {5F1EEA42-3777-40A9-8848-E702D088879E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG Task: {5F9C8D7F-FFD1-424B-9A3B-28358D50D00A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG Task: {6022AE36-967A-4366-A241-0B17AECD3994} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe Task: {63036FEE-3754-4790-89F4-1ED53D884167} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe Task: {68EE2EE5-CEE9-4781-8896-8CCACB349052} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-942671010-3624539665-887436449-1000Core => C:\Users\PinheiroLLB\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.) Task: {6E49DF11-B1BF-4839-B13B-43D9265A4662} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-01-12] (Microsoft Corporation) Task: {712C6861-2B14-4E72-92BA-22B6921FE2B7} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs Task: {72F91625-792E-40F4-AFDE-2057734E5437} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {772513A8-461E-40B1-87E1-4D62F8FABC73} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-01] (Google Inc.) Task: {7E0C0633-D75D-4E6A-AE88-7D42E6BB5D2C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-01] (Google Inc.) Task: {8632EC4F-0DF6-4982-A891-19549646C625} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Keine Datei <==== ACHTUNG Task: {8C7F210B-7703-4060-A8DC-CBD99340D288} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-942671010-3624539665-887436449-1000UA => C:\Users\PinheiroLLB\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.) Task: {8CFC4F80-28AD-4DCB-9F59-BDB30B2DA204} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe Task: {93738455-319D-416A-B75D-67EA051F549C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG Task: {99D23324-7E7F-440F-84AE-619A09734666} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG Task: {9B3BF89F-8FEB-485D-9B24-A0A9B726B7AA} - System32\Tasks\{F52C3292-A378-48F7-A667-A31DC6B87BB1} => pcalua.exe -a C:\Users\PinheiroLLB\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe -c --uninstall Task: {A798075D-9298-4A5C-8106-5A9354F2C71D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe Task: {B1F34822-C928-4172-BEC2-E216460AD834} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-27] (Microsoft Corporation) Task: {B49948F7-0663-4509-8CA6-74FD32D92D78} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe Task: {B57A3EAC-F055-412B-BC48-A3BCFD9A5CB1} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG Task: {B6493125-CB5A-44E4-8066-2A83AEA5FC4B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.) Task: {B9659609-4FBC-4382-83CF-A12B9611AA77} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG Task: {C1D527F1-8D21-4B03-96A2-9933D46769E2} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {CB89D200-0D95-4C40-A985-BB43DDC565C3} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe Task: {CBCB9AF3-FFCB-4AA5-9056-60961A31B62A} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe Task: {CE93E2C0-739D-4B04-B488-81855FD931D2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-01-12] (Microsoft Corporation) Task: {D2CCA1E3-A332-44F1-9A9A-4A1504CAA72E} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe Task: {D7E167E5-6342-4269-86B4-3A08BD29135A} - System32\Tasks\{955920E4-E7F9-47CF-94C4-F8E6A61CB687} => pcalua.exe -a E:\.\windows\setup.exe -d E:\ -c .\windows Task: {DC69A008-8069-4715-B7E8-FB5259456527} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG Task: {DDCC7B16-F1DF-42C3-A419-6F0CE2D85D11} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-27] (Microsoft Corporation) Task: {E841B6A3-96C0-4E06-8611-A489C577F14A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-10] (Adobe Systems Incorporated) Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs Task: {EAE387B3-2F6F-42BD-8A03-CF8A8B0EA352} - System32\Tasks\Western Digital\SmartWare\____Volume_cdbdcca7_0ca1_11e2_be20_806e6f6e6963__uuid_73656761_7465_7375_636b_0090a93953b9_SmartWare_ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe [2015-10-28] (Western Digital Technologies, Inc.) Task: {F544E0DA-E797-45D4-A13A-609AFD9B3E99} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe Task: {FE2F7AF1-CDDD-4CB5-ACBF-B8D6C2318E16} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-942671010-3624539665-887436449-1000Core.job => C:\Users\PinheiroLLB\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-942671010-3624539665-887436449-1000UA.job => C:\Users\PinheiroLLB\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2015-10-30 08:17 - 2015-10-30 08:17 - 00028672 _____ () C:\WINDOWS\SYSTEM32\efsext.dll 2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2012-10-07 14:55 - 2005-04-22 12:36 - 00143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll 2016-01-16 12:32 - 2016-01-16 12:32 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-01-16 12:32 - 2016-01-16 12:32 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2014-05-01 20:29 - 2014-05-01 20:29 - 00098304 _____ () G:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2012-10-07 19:37 - 2010-03-15 10:28 - 00166400 _____ () G:\Program Files\WinRAR\rarext.dll 2014-08-12 09:11 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2016-01-22 09:43 - 2016-01-22 09:43 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2016-01-16 12:32 - 2016-01-16 12:32 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-01-16 12:32 - 2016-01-16 12:32 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-01-16 12:32 - 2016-01-16 12:32 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2016-01-29 17:25 - 2016-01-16 06:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-01-29 17:25 - 2016-01-16 06:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-01-16 12:32 - 2016-01-16 12:32 - 00529408 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.NodeWinrtWrap.dll 2015-10-30 08:18 - 2015-10-30 19:44 - 00037888 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\winrt-projections\bin\Winrt_Projections.node 2015-10-30 08:18 - 2015-10-30 19:44 - 00796160 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http\bin\NodeRT_Windows_Web_Http.node 2015-10-30 08:18 - 2015-10-30 19:44 - 00961024 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.headers\bin\NodeRT_Windows_Web_Http_Headers.node 2015-10-30 08:18 - 2015-10-30 19:44 - 00206336 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.filters\bin\NodeRT_Windows_Web_Http_Filters.node 2015-10-30 08:18 - 2015-10-30 19:44 - 00558592 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.storage.streams\bin\NodeRT_Windows_Storage_Streams.node 2015-10-30 08:18 - 2015-10-30 19:44 - 00397824 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.foundation\bin\NodeRT_Windows_Foundation.node 2015-10-30 08:18 - 2015-10-30 19:44 - 00181248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\nodert-buffer-utils\bin\NodeRT_Buffer_Utils.node 2015-10-30 08:18 - 2015-10-30 19:44 - 00093696 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.security.cryptography\bin\NodeRT_Windows_Security_Cryptography.node 2015-10-30 08:18 - 2015-10-30 19:43 - 00200192 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.cortana.pal\bin\NodeRT_Windows_Cortana_PAL.node 2016-01-16 12:32 - 2016-01-16 12:32 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-01-16 12:32 - 2016-01-16 12:32 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2014-11-19 16:36 - 2014-11-19 16:36 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll 2015-10-13 05:46 - 2015-10-13 05:46 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2015-10-13 05:45 - 2015-10-13 05:45 - 00237328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll 2016-01-22 09:43 - 2016-01-22 09:43 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2016-01-22 09:43 - 2016-01-22 09:43 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll 2016-02-22 12:03 - 2016-02-18 05:14 - 01630360 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libglesv2.dll 2016-02-22 12:03 - 2016-02-18 05:14 - 00085656 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libegl.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) AlternateDataStreams: C:\ProgramData\TEMP:74603393 AlternateDataStreams: C:\Users\PinheiroLLB\.DS_Store:AFP_AfpInfo ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) IE trusted site: HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\uni-koeln.de -> hxxps://vpngate.uni-koeln.de ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2006-11-02 13:34 - 2014-11-04 19:19 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-942671010-3624539665-887436449-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\PinheiroLLB\AppData\Local\Microsoft\Windows\Themes\img17.jpg DNS Servers: 192.168.178.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKLM\...\StartupApproved\Run32: => "ControlCenter3" HKU\S-1-5-21-942671010-3624539665-887436449-1000\...\StartupApproved\Run: => "SkyDrive" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808 FirewallRules: [{DABF8B65-4EAD-47C6-A76A-6975F9BF0179}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{9080D6F9-11C2-4943-BD3A-590E7206B865}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{D44E990A-1C0E-471A-ABE4-396F9F7F716C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{63AB1C45-34BD-4D72-AAA9-2579C3E52970}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{1DCDF590-12BC-412B-8E4D-EB237E660A9D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{34A0857F-C12A-4857-BAF3-F3183506780C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{F5F240FD-C28C-475F-8D57-12FE0409FF6E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{3DF0AC30-998F-4392-BDC9-04D11149AF0C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{46DB165E-B162-4947-BAED-DE0F73061D82}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{A06FB2EB-6751-4290-8ADF-808F1F95E459}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlupdater.exe FirewallRules: [{3FBA1DE5-90DB-4E5B-A899-EC39324C8758}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlupdater.exe FirewallRules: [{7D4A5320-14D6-4D2D-AAD6-14C4E76F22EB}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlactivator.exe FirewallRules: [{26ABC75B-081D-4BFA-9E34-D779EC269C7C}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlactivator.exe FirewallRules: [{1517D475-0977-4EB2-A9CC-8BBF78AE57FF}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlhtmlrenderer.exe FirewallRules: [{ABFCAD0D-7E63-4FF4-A893-347D268471B0}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlhtmlrenderer.exe FirewallRules: [{7E4A4DD7-EBE8-48E1-B6FD-8541EE2E117F}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\ActivePresenter.exe FirewallRules: [{E9E752E9-5DEE-472B-A115-6EFF96E20235}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\ActivePresenter.exe FirewallRules: [{B8F9E71D-A404-448E-B998-EB23552B5DE0}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlupdater.exe FirewallRules: [{79D79628-82B0-4F24-BAB8-2CF6172C7C32}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlupdater.exe FirewallRules: [{4D047BB9-FA13-412E-855D-692DBFA3A480}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlactivator.exe FirewallRules: [{BFFDFB52-BD9A-4B44-A540-2D634D7713C1}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlactivator.exe FirewallRules: [{D84594B8-98CF-407E-9821-BED784B894CB}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlhtmlrenderer.exe FirewallRules: [{F3943234-A711-4457-ACA4-5B150D204FA8}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\rlhtmlrenderer.exe FirewallRules: [{5B9AEDAF-67CD-4C6B-B1A7-3930D43F85DD}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\ActivePresenter.exe FirewallRules: [{D26CE3FE-3718-4490-BDB0-2968380BE985}] => (Allow) G:\Program Files (x86)\ATOMI\ActivePresenter\ActivePresenter.exe FirewallRules: [UDP Query User{E0F078E5-80F8-432B-9BE2-6273EB952751}G:\program files (x86)\1password 4\1password.exe] => (Allow) G:\program files (x86)\1password 4\1password.exe FirewallRules: [TCP Query User{3BF9C57B-CEAB-4E39-8FA4-4F3768757B80}G:\program files (x86)\1password 4\1password.exe] => (Allow) G:\program files (x86)\1password 4\1password.exe FirewallRules: [{C1D66DB4-22F1-4051-9C54-F6B3BA25FE43}] => (Allow) C:\Program Files (x86)\StarMoney 10\app\StarMoney.exe FirewallRules: [{0F552548-4FB8-4928-A0C4-91EB93ADF1D4}] => (Allow) C:\Program Files (x86)\StarMoney 10\app\StarMoney.exe FirewallRules: [{BB98C012-9C7F-4C38-8F56-EE99D703B5BE}] => (Allow) C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe FirewallRules: [{8630D67C-7F10-4BB6-8D44-29B9C6950C68}] => (Allow) C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe FirewallRules: [{FE8617D4-1406-44EB-AD00-EC64AEFA4D78}] => (Allow) C:\Users\PinheiroLLB\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{D79C223F-85B8-4E9B-8DAB-E30279A3E188}] => (Allow) C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{507BDD47-791E-4A45-9CA4-875E7A922369}] => (Allow) C:\Users\PinheiroLLB\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{4C2A0F0D-84BC-46EE-9F39-67AFF1FAE1D2}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{9B4613FA-3B91-4499-AA4F-95F2847B0063}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{FE01352C-66CD-45A2-8539-5E7220DEC187}] => (Allow) LPort=4500 FirewallRules: [{CF7056F1-23C0-4B24-A238-EB0C4ABB181E}] => (Allow) LPort=10000 FirewallRules: [{D85A221E-73D2-47CD-8A86-CA370C816E06}] => (Allow) LPort=500 FirewallRules: [UDP Query User{F8D61252-179D-4599-9382-7B1513B8BE84}F:\microsoft games\microsoft flight simulator x\aerosoft\airbus x extended\airbusxconnectextended_ipad_mod_v1.4.exe] => (Allow) F:\microsoft games\microsoft flight simulator x\aerosoft\airbus x extended\airbusxconnectextended_ipad_mod_v1.4.exe FirewallRules: [TCP Query User{DB04BFEF-4A51-4A8D-95B8-4F99B034EF3C}F:\microsoft games\microsoft flight simulator x\aerosoft\airbus x extended\airbusxconnectextended_ipad_mod_v1.4.exe] => (Allow) F:\microsoft games\microsoft flight simulator x\aerosoft\airbus x extended\airbusxconnectextended_ipad_mod_v1.4.exe FirewallRules: [UDP Query User{A9CBE811-BD24-49BF-8E15-580CF9FC98F1}H:\program files (x86)\lockheed martin\prepar3d v2\aerosoft\airbus x extended\airbusxconnectextended.exe] => (Allow) H:\program files (x86)\lockheed martin\prepar3d v2\aerosoft\airbus x extended\airbusxconnectextended.exe FirewallRules: [TCP Query User{82786FD4-1425-4C05-BE85-B725BCC2C878}H:\program files (x86)\lockheed martin\prepar3d v2\aerosoft\airbus x extended\airbusxconnectextended.exe] => (Allow) H:\program files (x86)\lockheed martin\prepar3d v2\aerosoft\airbus x extended\airbusxconnectextended.exe FirewallRules: [{D093013E-0821-41DA-83D4-6EEEFFD480B9}] => (Allow) H:\Program Files (x86)\Lockheed Martin\Prepar3D v2\Prepar3D.exe FirewallRules: [{3A762963-6493-4B6D-9EB3-B14251B0BC95}] => (Allow) H:\Program Files (x86)\Lockheed Martin\Prepar3D v2\Prepar3D.exe FirewallRules: [UDP Query User{5A31A57E-D4CC-4318-8FD7-A3ABE2BCA9BC}F:\program files\ivao\ivai\ivai.exe] => (Allow) F:\program files\ivao\ivai\ivai.exe FirewallRules: [TCP Query User{DDEC5E28-CC7C-4CB9-A741-3E24FE1AEED1}F:\program files\ivao\ivai\ivai.exe] => (Allow) F:\program files\ivao\ivai\ivai.exe FirewallRules: [{51038772-1D25-49D1-8BE6-3F939F655994}] => (Allow) G:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [{5D30B5BE-E3D4-42F1-80C9-5045A31DE548}] => (Allow) G:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [UDP Query User{67AC74AE-F3E2-4095-9813-744AB8E0C987}F:\program files (x86)\aivlasoft\efb\aivlasoft.efb.displayunit.exe] => (Allow) F:\program files (x86)\aivlasoft\efb\aivlasoft.efb.displayunit.exe FirewallRules: [TCP Query User{4B96B91D-C891-4850-BADD-529CD5EBE506}F:\program files (x86)\aivlasoft\efb\aivlasoft.efb.displayunit.exe] => (Allow) F:\program files (x86)\aivlasoft\efb\aivlasoft.efb.displayunit.exe FirewallRules: [UDP Query User{72B00CC3-A400-41D8-A027-C8482C163A11}C:\users\pinheirollb\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\pinheirollb\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [TCP Query User{3E711164-2730-4735-AE10-8D8E0A393D4B}C:\users\pinheirollb\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\pinheirollb\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{E28D8A5E-6ADD-43CF-8702-E18FAF86D751}F:\program files (x86)\aivlasoft\efb\aivlasoft.efb.dataprovider.exe] => (Allow) F:\program files (x86)\aivlasoft\efb\aivlasoft.efb.dataprovider.exe FirewallRules: [TCP Query User{8D50B573-4756-4BC8-8EA8-8DE1E888C5E1}F:\program files (x86)\aivlasoft\efb\aivlasoft.efb.dataprovider.exe] => (Allow) F:\program files (x86)\aivlasoft\efb\aivlasoft.efb.dataprovider.exe FirewallRules: [{3E31C00A-5DC9-4B81-B4C3-3710D245EF2C}] => (Allow) LPort=1900 FirewallRules: [{7220DCA1-8511-4950-B0AD-E1CCD4AF7B42}] => (Allow) LPort=2869 FirewallRules: [{36FCB705-AC62-43A4-9927-E6682197E73D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{19D68882-2617-4759-B846-B5A344854A41}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{F91326F8-3F6A-458C-AA30-F0E7F8C00319}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [UDP Query User{6B7C2993-BAA9-40BB-88E5-ECF227ACADC0}H:\x-plane 10\x-plane-32bit.exe] => (Allow) H:\x-plane 10\x-plane-32bit.exe FirewallRules: [TCP Query User{3F36C02A-F6EE-4F7D-8CF5-19B1AACBA089}H:\x-plane 10\x-plane-32bit.exe] => (Allow) H:\x-plane 10\x-plane-32bit.exe FirewallRules: [UDP Query User{D02E9227-ECD3-4C95-BCAE-7AEA76AA77BC}F:\microsoft games\microsoft flight simulator x\aerosoft\airbus x extended\airbusxconnectextended.exe] => (Allow) F:\microsoft games\microsoft flight simulator x\aerosoft\airbus x extended\airbusxconnectextended.exe FirewallRules: [TCP Query User{DFF071A9-8E9F-4041-848E-AE65E30CC6FA}F:\microsoft games\microsoft flight simulator x\aerosoft\airbus x extended\airbusxconnectextended.exe] => (Allow) F:\microsoft games\microsoft flight simulator x\aerosoft\airbus x extended\airbusxconnectextended.exe FirewallRules: [UDP Query User{EFAE5E0B-AB66-46BC-B914-8E5E23EAD514}H:\x-plane 10\x-plane.exe] => (Allow) H:\x-plane 10\x-plane.exe FirewallRules: [TCP Query User{3ADA6EFB-0E17-40CE-B989-8515A78E35A7}H:\x-plane 10\x-plane.exe] => (Allow) H:\x-plane 10\x-plane.exe FirewallRules: [{AFFA48EF-62B0-4D5B-A60A-30EEDE5D6A7C}] => (Allow) LPort=54925 FirewallRules: [{1D481604-9168-4D80-8823-E8EB9A391C0F}] => (Allow) C:\Program Files (x86)\Brother\Brmfl07b\FAXRX.exe FirewallRules: [{859F9BF3-5318-4FAD-8E64-B3ECF1BC1F1A}] => (Allow) C:\Program Files (x86)\Brother\Brmfl07b\FAXRX.exe FirewallRules: [{858C7A23-E377-463C-9637-DF2046E41CF8}] => (Allow) G:\Program Files (x86)\StarMoney 8.0\app\StarMoney.exe FirewallRules: [{5D17DB09-8083-4EE6-A9F0-31388644D735}] => (Allow) G:\Program Files (x86)\StarMoney 8.0\app\StarMoney.exe FirewallRules: [{3CF72D51-4E7A-4E4D-9BAC-A9124934E19B}] => (Allow) G:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe FirewallRules: [{1C9BDFCE-7C41-45A9-9784-8669270E2371}] => (Allow) G:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe FirewallRules: [{E9D1C01F-8F2E-45F9-80A7-C5366AF5719E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{EE1E4EFA-EBFF-4241-914D-5F0151A50170}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{40291CBD-534A-4967-815A-104A7910DD39}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{EE9F1749-47FC-4F7D-AEB9-4A1B3E664280}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{83973102-9920-47E8-8CE9-BED29C2CED10}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{445E180C-2AE7-4FEF-A1CC-248CD1C0FBB5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{EB36A764-5C91-4C27-ABFB-557AE031B835}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Wiederherstellungspunkte ========================= ACHTUNG: Systemwiederherstellung ist deaktiviert ==================== Fehlerhafte Geräte im Gerätemanager ============= Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Unbekanntes USB-Gerät (Fehler beim Anfordern einer Gerätebeschreibung.) Description: Unbekanntes USB-Gerät (Fehler beim Anfordern einer Gerätebeschreibung.) Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: (Standard-USB-Hostcontroller) Service: Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (03/01/2016 03:21:45 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: AppleChromeDAV.exe, Version: 1.4.20.0, Zeitstempel: 0x5551e31d Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x003e002f ID des fehlerhaften Prozesses: 0x2dac Startzeit der fehlerhaften Anwendung: 0xAppleChromeDAV.exe0 Pfad der fehlerhaften Anwendung: AppleChromeDAV.exe1 Pfad des fehlerhaften Moduls: AppleChromeDAV.exe2 Berichtskennung: AppleChromeDAV.exe3 Vollständiger Name des fehlerhaften Pakets: AppleChromeDAV.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AppleChromeDAV.exe5 Error: (03/01/2016 03:19:53 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest. Error: (03/01/2016 03:08:03 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: AppleChromeDAV.exe, Version: 1.4.20.0, Zeitstempel: 0x5551e31d Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x003e002f ID des fehlerhaften Prozesses: 0x1fd4 Startzeit der fehlerhaften Anwendung: 0xAppleChromeDAV.exe0 Pfad der fehlerhaften Anwendung: AppleChromeDAV.exe1 Pfad des fehlerhaften Moduls: AppleChromeDAV.exe2 Berichtskennung: AppleChromeDAV.exe3 Vollständiger Name des fehlerhaften Pakets: AppleChromeDAV.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AppleChromeDAV.exe5 Error: (03/01/2016 03:04:50 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: AppleChromeDAV.exe, Version: 1.4.20.0, Zeitstempel: 0x5551e31d Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x003e002f ID des fehlerhaften Prozesses: 0x35c0 Startzeit der fehlerhaften Anwendung: 0xAppleChromeDAV.exe0 Pfad der fehlerhaften Anwendung: AppleChromeDAV.exe1 Pfad des fehlerhaften Moduls: AppleChromeDAV.exe2 Berichtskennung: AppleChromeDAV.exe3 Vollständiger Name des fehlerhaften Pakets: AppleChromeDAV.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AppleChromeDAV.exe5 Error: (03/01/2016 03:01:59 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: AppleChromeDAV.exe, Version: 1.4.20.0, Zeitstempel: 0x5551e31d Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x003e002f ID des fehlerhaften Prozesses: 0x15e0 Startzeit der fehlerhaften Anwendung: 0xAppleChromeDAV.exe0 Pfad der fehlerhaften Anwendung: AppleChromeDAV.exe1 Pfad des fehlerhaften Moduls: AppleChromeDAV.exe2 Berichtskennung: AppleChromeDAV.exe3 Vollständiger Name des fehlerhaften Pakets: AppleChromeDAV.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AppleChromeDAV.exe5 Error: (03/01/2016 03:00:19 PM) (Source: Perflib) (EventID: 1010) (User: ) Description: C:\Windows\System32\winspool.drvSpooler4 Error: (03/01/2016 03:00:19 PM) (Source: Perflib) (EventID: 1023) (User: ) Description: rdyboost4 Error: (03/01/2016 02:05:20 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 15.0.4797.1003, Zeitstempel: 0x56bf0292 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses: 0x2788 Startzeit der fehlerhaften Anwendung: 0xWINWORD.EXE0 Pfad der fehlerhaften Anwendung: WINWORD.EXE1 Pfad des fehlerhaften Moduls: WINWORD.EXE2 Berichtskennung: WINWORD.EXE3 Vollständiger Name des fehlerhaften Pakets: WINWORD.EXE4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: WINWORD.EXE5 Error: (03/01/2016 02:04:45 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: AppleChromeDAV.exe, Version: 1.4.20.0, Zeitstempel: 0x5551e31d Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x003e002f ID des fehlerhaften Prozesses: 0x2fac Startzeit der fehlerhaften Anwendung: 0xAppleChromeDAV.exe0 Pfad der fehlerhaften Anwendung: AppleChromeDAV.exe1 Pfad des fehlerhaften Moduls: AppleChromeDAV.exe2 Berichtskennung: AppleChromeDAV.exe3 Vollständiger Name des fehlerhaften Pakets: AppleChromeDAV.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AppleChromeDAV.exe5 Error: (03/01/2016 01:36:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Earth1) Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Systemfehler: ============= Error: (03/01/2016 03:00:48 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: %%1056 Error: (03/01/2016 03:00:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Volumeschattenkopie" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (03/01/2016 03:00:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (03/01/2016 03:00:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error: (03/01/2016 03:00:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "WD Backup" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts. Error: (03/01/2016 03:00:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "StarMoney 8.0 OnlineUpdate" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (03/01/2016 03:00:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "MBAMScheduler" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (03/01/2016 03:00:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Microsoft Office-Klick-und-Los-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts. Error: (03/01/2016 03:00:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "WD Drive Manager" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (03/01/2016 03:00:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "StarMoney 10 OnlineUpdate" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. CodeIntegrity: =================================== Date: 2016-03-01 14:57:12.784 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-03-01 14:57:12.769 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-03-01 14:53:33.191 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-03-01 14:53:33.023 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-03-01 14:53:32.914 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-03-01 14:53:32.804 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-03-01 14:53:32.705 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-03-01 14:53:32.594 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-03-01 14:53:32.417 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-03-01 14:53:32.347 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz Prozentuale Nutzung des RAM: 35% Installierter physikalischer RAM: 8147 MB Verfügbarer physikalischer RAM: 5268.45 MB Summe virtueller Speicher: 16339 MB Verfügbarer virtueller Speicher: 13833.02 MB ==================== Laufwerke ================================ Drive c: () (Fixed) (Total:118.7 GB) (Free:33.48 GB) NTFS Drive d: () (Fixed) (Total:0.1 GB) (Free:0.05 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)] Drive f: (FSX) (Fixed) (Total:244.14 GB) (Free:164 GB) NTFS Drive g: (Programme) (Fixed) (Total:48.83 GB) (Free:45.78 GB) NTFS Drive h: (XPlane) (Fixed) (Total:292.97 GB) (Free:213.16 GB) NTFS Drive i: (Data) (Fixed) (Total:345.56 GB) (Free:290.3 GB) NTFS Drive j: (Backup HD) (Fixed) (Total:931.51 GB) (Free:654.3 GB) NTFS Drive l: () (Fixed) (Total:14.9 GB) (Free:12.65 GB) FAT32 ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 7DB1A4CF) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=118.7 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=450 MB) - (Type=27) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7F75FE5A) Partition 1: (Not Active) - (Size=48.8 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=244.1 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=293 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=345.6 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (Size: 14.9 GB) (Disk ID: BD941F46) Partition 1: (Not Active) - (Size=14.9 GB) - (Type=0C) ======================================================== Disk: 3 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 28FDA0DC) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== Ende von Addition.txt ============================ |
Themen zu Win 10 Rogue.953320 Malware |
avira, code, datei, dateien, dnsapi.dll, explorer.exe, google analytics, infizierte, log, lsass.exe, malware, malware antivir entfernen, malwarebytes, modul, problem, programm, prozesse, recovery, recovery cd, sihost.exe, spoolsv.exe, svchost.exe, temp, tmp, trojanische pferd, versteckte, websites, windows, windowsapps, winlogon.exe |