|
Plagegeister aller Art und deren Bekämpfung: Downloadtrojaner Zonquadttax.exeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
25.10.2016, 13:32 | #1 |
| Downloadtrojaner Zonquadttax.exe Bei einem Suchlauf hat Malwarebytes u.a. Downloadtrojaner auf C:\ProgrammData\focel\Zonquadttax.exe gefunden. Daneben habe ich das Problem einer ständigen Veränderung meiner Firefox Startseite. Bitte helft einem 68-jährigen Computer-Halbwissendem. DANKE !!! |
25.10.2016, 14:32 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Downloadtrojaner Zonquadttax.exe Hi und
__________________Logs bitte nicht anhängen, notfalls splitten und über mehrere Postings verteilt posten Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
25.10.2016, 14:49 | #3 | |
| Downloadtrojaner Zonquadttax.exeCode:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 25.10.2016 Suchlaufzeit: 12:48 Protokolldatei: Trojanerboard.txt Administrator: Ja Version: 2.2.1.1043 Malware-Datenbank: v2016.10.22.04 Rootkit-Datenbank: v2016.09.26.02 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 10 CPU: x64 Dateisystem: NTFS Benutzer: martinha Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 624702 Abgelaufene Zeit: 1 Std., 9 Min., 6 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 1 PUP.Optional.Linkury, HKU\S-1-5-21-1278887282-1552680147-1237208637-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{IELNKSRCH}, , [8fad8e0e7228d165b54b658f53b036ca], Registrierungswerte: 5 PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TybwwkXJufI3P6ZKzWpROPfCFak80-Y8c2FMM732mk628SkHqNJy4Fg008TF7Cd3K_bdxLQbZcb1xXrNmwR61m0WxicPkY,&q={searchTerms}, , [c17b2d6fc8d2da5cc3939e2e03ff9d63] PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1278887282-1552680147-1237208637-1224\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TybwwkXJufI3P6ZKzWpROPfCFak80-Y8c2FMM732mk628SkHqNJy4Fg008TF7Cd3K_bdxLQbZcb1xXrNmwR61m0WxicPkY,&q={searchTerms}, , [3efeb7e5306a84b2950e4aac9271f10f] PUP.Optional.Linkury, HKU\S-1-5-21-1278887282-1552680147-1237208637-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|DisplayName, Search the web, , [8fad8e0e7228d165b54b658f53b036ca] PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1278887282-1552680147-1237208637-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|URL, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TybwwkXJufI3P6ZKzWpROPfCFak80-Y8c2FMM732mk628SkHqNJy4Fg008TF7Cd3K_bdxLQbZcb1xXrNmwR61m0WxicPkY,&q={searchTerms}, , [66d6a0fc37632d09346eb046cd368e72] PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1278887282-1552680147-1237208637-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TybwwkXJufI3P6ZKzWpROPfCFak80-Y8c2FMM732mk628SkHqNJy4Fg008TF7Cd3K_bdxLQbZcb1xXrNmwR61m0WxicPkY,&q={searchTerms}, , [bd7f3864c4d624121c876a8c6f94f010] Registrierungsdaten: 14 PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\ProgramData\focel\Anfresh.dll, Gut: (), Schlecht: (C:\ProgramData\focel\Anfresh.dll),,[9ba1584491099b9bb7f531a88b79ab55] PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\ProgramData\focel\Plusplus.dll, Gut: (), Schlecht: (C:\ProgramData\focel\Plusplus.dll),,[80bcd0ccaeec54e2a8f1598074904db3] PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {ielnksrch}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({ielnksrch}),,[cb71910ba6f463d367d382f793710cf4] PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1278887282-1552680147-1237208637-1224\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TCK9rQZBkEczAjGHiTeW9yJ93B-xO1jhPsXzH0iqkSRKh55STQ5mix3K1yCcrhejRxYUcEhZoVo-fqUm2ktVT70l8nc5ts,, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TCK9rQZBkEczAjGHiTeW9yJ93B-xO1jhPsXzH0iqkSRKh55STQ5mix3K1yCcrhejRxYUcEhZoVo-fqUm2ktVT70l8nc5ts,),,[70ccecb09ffb0f2784be3742da2ae818] PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1278887282-1552680147-1237208637-1224\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TybwwkXJufI3P6ZKzWpROPfCFak80-Y8c2FMM732mk628SkHqNJy4Fg008TF7Cd3K_bdxLQbZcb1xXrNmwR61m0WxicPkY,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TybwwkXJufI3P6ZKzWpROPfCFak80-Y8c2FMM732mk628SkHqNJy4Fg008TF7Cd3K_bdxLQbZcb1xXrNmwR61m0WxicPkY,&q={searchTerms}),,[47f58a120793b08648fac0b947bd728e] PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1278887282-1552680147-1237208637-1224\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TybwwkXJufI3P6ZKzWpROPfCFak80-Y8c2FMM732mk628SkHqNJy4Fg008TF7Cd3K_bdxLQbZcb1xXrNmwR61m0WxicPkY,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TybwwkXJufI3P6ZKzWpROPfCFak80-Y8c2FMM732mk628SkHqNJy4Fg008TF7Cd3K_bdxLQbZcb1xXrNmwR61m0WxicPkY,&q={searchTerms}),,[a9938e0e5545c472f05292e7cb39d030] PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1278887282-1552680147-1237208637-1224\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SearchAssistant, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TybwwkXJufI3P6ZKzWpROPfCFak80-Y8c2FMM732mk628SkHqNJy4Fg008TF7Cd3K_bdxLQbZcb1xXrNmwR61m0WxicPkY,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TybwwkXJufI3P6ZKzWpROPfCFak80-Y8c2FMM732mk628SkHqNJy4Fg008TF7Cd3K_bdxLQbZcb1xXrNmwR61m0WxicPkY,&q={searchTerms}),,[7cc0306c6a30cd690a38ec8dd2322ad6] PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1278887282-1552680147-1237208637-1224\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TybwwkXJufI3P6ZKzWpROPfCFak80-Y8c2FMM732mk628SkHqNJy4Fg008TF7Cd3K_bdxLQbZcb1xXrNmwR61m0WxicPkY,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TybwwkXJufI3P6ZKzWpROPfCFak80-Y8c2FMM732mk628SkHqNJy4Fg008TF7Cd3K_bdxLQbZcb1xXrNmwR61m0WxicPkY,&q={searchTerms}),,[70cc504c306a63d362e1aecb34d02ed2] PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1278887282-1552680147-1237208637-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TybwwkXJufI3P6ZKzWpROPfCFak80-Y8c2FMM732mk628SkHqNJy4Fg008TF7Cd3K_bdxLQbZcb1xXrNmwR61m0WxicPkY,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TybwwkXJufI3P6ZKzWpROPfCFak80-Y8c2FMM732mk628SkHqNJy4Fg008TF7Cd3K_bdxLQbZcb1xXrNmwR61m0WxicPkY,&q={searchTerms}),,[60dcc8d4306a48eea1a13a3f2cd8a957] PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1278887282-1552680147-1237208637-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TCK9rQZBkEczAjGHiTeW9yJ93B-xO1jhPsXzH0iqkSRKh55STQ5mix3K1yCcrhejRxYUcEhZoVo-fqUm2ktVT70l8nc5ts,, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TCK9rQZBkEczAjGHiTeW9yJ93B-xO1jhPsXzH0iqkSRKh55STQ5mix3K1yCcrhejRxYUcEhZoVo-fqUm2ktVT70l8nc5ts,),,[dc608d0fa2f8eb4b98aae594bf454ab6] PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1278887282-1552680147-1237208637-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TybwwkXJufI3P6ZKzWpROPfCFak80-Y8c2FMM732mk628SkHqNJy4Fg008TF7Cd3K_bdxLQbZcb1xXrNmwR61m0WxicPkY,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TybwwkXJufI3P6ZKzWpROPfCFak80-Y8c2FMM732mk628SkHqNJy4Fg008TF7Cd3K_bdxLQbZcb1xXrNmwR61m0WxicPkY,&q={searchTerms}),,[7ac275275f3bd561231ff68346be867a] PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1278887282-1552680147-1237208637-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SearchAssistant, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TybwwkXJufI3P6ZKzWpROPfCFak80-Y8c2FMM732mk628SkHqNJy4Fg008TF7Cd3K_bdxLQbZcb1xXrNmwR61m0WxicPkY,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TybwwkXJufI3P6ZKzWpROPfCFak80-Y8c2FMM732mk628SkHqNJy4Fg008TF7Cd3K_bdxLQbZcb1xXrNmwR61m0WxicPkY,&q={searchTerms}),,[14283e5e49511f17083a97e2778d9b65] PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1278887282-1552680147-1237208637-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TybwwkXJufI3P6ZKzWpROPfCFak80-Y8c2FMM732mk628SkHqNJy4Fg008TF7Cd3K_bdxLQbZcb1xXrNmwR61m0WxicPkY,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TybwwkXJufI3P6ZKzWpROPfCFak80-Y8c2FMM732mk628SkHqNJy4Fg008TF7Cd3K_bdxLQbZcb1xXrNmwR61m0WxicPkY,&q={searchTerms}),,[b38916863d5d5adc6bd896e3e321a15f] PUP.Optional.Linkury, HKU\S-1-5-21-1278887282-1552680147-1237208637-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {ielnksrch}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({ielnksrch}),,[360637657f1b2e0856e3dd9c63a1e917] Ordner: 2 PUP.Optional.Linkury, C:\Windows\Temp\Smartbar, , [28143b618d0d24121de2e40f4fb403fd], PUP.Optional.Linkury.ACMB1, C:\ProgramData\focels, , [a19b0e8e9406ee48aa29227a06fe8080], Dateien: 10 PUP.Optional.Linkury.ACMB1, C:\ProgramData\focel\Anfresh.dll, , [9ba1584491099b9bb7f531a88b79ab55], PUP.Optional.Linkury.ACMB1, C:\ProgramData\focel\Plusplus.dll, , [80bcd0ccaeec54e2a8f1598074904db3], Trojan.Downloader, C:\ProgramData\focel\Zonquadtax.exe, , [a19ba8f4c2d8da5cc0eb5c7d798bb050], PUP.Optional.Linkury, C:\Windows\Temp\Smartbar\Ranlam.ico, , [28143b618d0d24121de2e40f4fb403fd], PUP.Optional.Linkury, C:\Windows\Temp\Smartbar\Saofresh.ico, , [28143b618d0d24121de2e40f4fb403fd], PUP.Optional.Linkury, C:\Windows\Temp\Smartbar\Whitetex.ico, , [28143b618d0d24121de2e40f4fb403fd], PUP.Optional.Linkury.ACMB1, C:\ProgramData\focels\ff.HP, , [a19b0e8e9406ee48aa29227a06fe8080], PUP.Optional.Linkury.ACMB1, C:\ProgramData\focels\ff.NT, , [a19b0e8e9406ee48aa29227a06fe8080], PUP.Optional.Linkury.ACMB1, C:\ProgramData\focels\snp.sc, , [a19b0e8e9406ee48aa29227a06fe8080], PUP.Optional.Linkury.ACMB1, C:\Users\martinha\AppData\Roaming\Mozilla\Firefox\Profiles\afd7ehde.default-1421493400080\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "C:\\ProgramData\\focels\\ff.NT");), ,[a19b44589505ef4763237e1fa65e926e] Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Zitat:
|
25.10.2016, 14:49 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Downloadtrojaner Zonquadttax.exe Scan mit Farbar's Recovery Scan Tool (FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ Logfiles bitte immer in CODE-Tags posten |
25.10.2016, 15:14 | #5 |
| Downloadtrojaner Zonquadttax.exe Zuerst schon mal herzlichen Dank für die Hilfe Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 17-10-2016 durchgeführt von martinha (25-10-2016 16:09:25) Gestartet von C:\Users\martinha\Desktop Windows 10 Enterprise Version 1607 (X64) (2016-10-01 10:28:02) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-3971317600-4276828187-4244599763-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3971317600-4276828187-4244599763-503 - Limited - Disabled) Gast (S-1-5-21-3971317600-4276828187-4244599763-501 - Limited - Disabled) rauter (S-1-5-21-3971317600-4276828187-4244599763-1006 - Administrator - Enabled) => C:\Users\rauter Support (S-1-5-21-3971317600-4276828187-4244599763-1001 - Administrator - Enabled) => C:\Users\Support ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Acronis Backup 11.5 Agent Core (HKLM-x32\...\{CE226895-5910-47CE-8A28-5D7D907A4FFF}) (Version: 11.5.38573 - Acronis) Acronis Backup 11.5 Agent für Windows (HKLM-x32\...\{703EE602-5FB5-4592-9388-FE1D2C20F363}) (Version: 11.5.38573 - Acronis) Acronis Backup 11.5 Bootable Media Builder (HKLM-x32\...\{EE1BE3AE-B8DB-4DBB-AC9F-F9B54AC2C52E}) (Version: 11.5.38573 - Acronis) Acronis Backup 11.5 Command-Line Tool (HKLM-x32\...\{13CAA62E-4226-4B29-BB1A-23DC92CE4B6A}) (Version: 11.5.38573 - Acronis) Acronis Backup 11.5 Management Console (HKLM-x32\...\{90BE6C97-1F7A-4F35-9876-FA62CE20D2C9}) (Version: 11.5.38573 - Acronis) Acronis Backup 11.5 Tray Monitor (HKLM-x32\...\{0402F389-E3BD-47B7-AAAD-D2B4DAA8F90B}) (Version: 11.5.38573 - Acronis) Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.020.20039 - Adobe Systems Incorporated) Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.185 - Adobe Systems Incorporated) ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden Apple Application Support (32-Bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.) Apple Application Support (64-Bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Capella Micro CM3218x SPB Driver (HKLM-x32\...\CM3218x) (Version: 1.1.1.0 - Capella Microsystems, Inc.) Configuration Manager Client (Version: 5.00.8412.1000 - Microsoft Corporation) Hidden Dependency Package Update (x32 Version: 1.6.32.00 - Lenovo Group Limited) Hidden Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7/8 (HKLM\...\DisableAMTPopup) (Version: 1.00 - ) DisplayLink Core Software (HKLM\...\{58F4C39B-D946-4A45-A314-DEFC2AFDF397}) (Version: 7.5.54609.0 - DisplayLink Corp.) Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.5.1.1 - Dolby Laboratories Inc) EasyGPS 5.23.0.0 (HKLM-x32\...\EasyGPS_is1) (Version: 5.23.0.0 - TopoGrafix) Elevated Installer (x32 Version: 4.1.27.0 - Garmin Ltd or its subsidiaries) Hidden Garmin BaseCamp (HKLM-x32\...\{23A4DBD1-D847-4957-995D-8B1CC527E2E2}) (Version: 4.6.2.0 - Garmin Ltd or its subsidiaries) Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries) Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries) Garmin Express (HKLM-x32\...\{5b45c228-dcb1-4a0b-a9de-3b4b683ef15d}) (Version: 4.1.27.0 - Garmin Ltd or its subsidiaries) Garmin Express (x32 Version: 4.1.27.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (x32 Version: 4.1.27.0 - Garmin Ltd or its subsidiaries) Hidden Garmin TOPO Deutschland V7 PRO (HKLM-x32\...\{340A2FCE-F4B5-4F80-8AEE-F72D55711F83}) (Version: 7.0.0 - Garmin Ltd or its subsidiaries) Garmin USB Drivers (HKLM\...\{DC7720F2-98BE-41C1-B0A8-E391362E86B8}) (Version: 2.3.1.1 - Garmin Ltd or its subsidiaries) GDR 6241 für SQL Server 2008 (KB 3045311) (HKLM-x32\...\KB3045311) (Version: 10.4.6241.0 - Microsoft Corporation) Gesture Control (HKLM-x32\...\{7777DD46-E32D-44FE-A08B-AF83CD8FB54C}) (Version: 6.1.163.8 - Lenovo) Gigaset QuickSync (HKLM\...\{192f673d-d310-4488-96da-4a4bfcd6ab2b}) (Version: 8.6.0875.1 - Gigaset Communications GmbH) HP Deskjet 1000 J110 series - Grundlegende Software für das Gerät (HKLM\...\{CED47C99-8892-4956-BCA7-CC3123531371}) (Version: 28.0.1313.0 - Hewlett-Packard Co.) HP Deskjet 1000 J110 series Hilfe (HKLM-x32\...\{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}) (Version: 140.0.65.65 - Hewlett Packard) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP) HP Support Solutions Framework (HKLM-x32\...\{B1AD4FFB-DD17-43EC-8C30-B9E71EAD9132}) (Version: 12.5.32.37 - Hewlett-Packard Company) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPDetect (HKLM-x32\...\{CCCDD476-98F9-4B06-91DB-23F27CEC3BE1}) (Version: 1.0.0.0 - HP) HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden iCloud (HKLM\...\{B33C558F-772F-4308-A059-390FBF9BAAAE}) (Version: 5.0.2.61 - Apple Inc.) Inst5676 (Version: 8.01.42 - Softex Inc.) Hidden Integrated Camera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10252 - Realtek Semiconductor Corp.) Intel Security True Key (HKLM\...\TrueKey) (Version: 4.4.129.1 - Intel Security) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1156 - Intel Corporation) Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 20.2 - Intel) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4206 - Intel Corporation) Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.253.0 - Intel Corporation) Intel(R) Wireless Bluetooth(R)(patch version 17.1.1512.771) (HKLM\...\{302600C1-6BDF-4FD1-1501-148929CC1385}) (Version: 17.1.1501.0514 - Intel Corporation) Intel® Chipsatz-Gerätesoftware (x32 Version: 10.1.1.9 - Intel(R) Corporation) Hidden Intel® PROSet/Wireless Software (HKLM-x32\...\{d5572863-793c-4ec8-872a-43cccc68b948}) (Version: 18.40.0 - Intel Corporation) iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version: 12.5.1.21 - Apple Inc.) Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation) LavasoftTcpService (x32 Version: 2.3.3.0 - Lavasoft) Hidden Lenovo Anzeige am Bildschirm (Version: 8.80.10 - Lenovo) Hidden Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.13 - ) Lenovo Patch Utility (x32 Version: 1.3.2.6 - Lenovo Group Limited) Hidden Lenovo Patch Utility 64 bit (Version: 1.3.2.6 - Lenovo Group Limited) Hidden Lenovo Peer Connect SDK (HKLM\...\{75C87855-9CBB-4892-B1A9-74C73A19CACA}_is1) (Version: 1.0.0.7 - Lenovo) Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.11.06 - Lenovo) Lenovo QuickConnect NFC Utility (HKLM-x32\...\{7C8A2D9F-10CF-4071-BFE4-6B0843A6302E}_is1) (Version: 2.0.0.54 - Lenovo Group Limited) Lenovo QuickControl (HKLM-x32\...\{ABA0A3F7-649E-4338-BDC9-18437D9699D6}) (Version: 2.40 - Lenovo Group Limited) Lenovo Settings - Power (x32 Version: 2.00.000 - Lenovo) Hidden Lenovo Solution Center (HKLM\...\{558E50EE-5E2D-479A-A455-8A826191583B}) (Version: 3.3.004.00 - Lenovo) Lenovo System Interface Foundation (HKLM\...\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.067.00 - Lenovo) Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0022 - Lenovo) Lenovo USB Graphics (HKLM\...\{E6B1FE9A-CB1E-4096-A0AF-163419CB971C}) (Version: 7.5.54614.0 - Lenovo) Lenovo USB3.0 to DVI VGA Monitor Adapter (HKLM-x32\...\{454D32AD-C149-49BE-9F2E-8C089C3D6620}) (Version: 1.07.17 - Lenovo) Lexware Abschreibungsrechner (x32 Version: 15.00.00.0006 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware büro easy 2016 (x32 Version: 29.04.00.0114 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware büro easy plus 2016 (HKLM-x32\...\{17d7e319-ac59-4a31-84cb-3009092079e2}) (Version: 29.4.0.114 - Haufe-Lexware GmbH & Co.KG) Lexware Datenbank plus 2016 (x32 Version: 16.00.00.0097 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware Elster (x32 Version: 16.05.00.0033 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware Elster 2016 (HKLM-x32\...\{c9c745c2-74e4-454e-91e0-ca041e6ed42c}) (Version: 16.5.0.33 - Haufe-Lexware GmbH & Co.KG) Lexware Info Service (x32 Version: 16.00.00.0040 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware Installations Dienst (HKLM-x32\...\{6FF55A3A-4E59-4CF8-9248-2EE747168B3E}) (Version: 5.01.00.0040 - Haufe-Lexware GmbH & Co.KG) Lexware online banking (x32 Version: 22.04.00.0043 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware PDF-Export 5 (x32 Version: 5.00.01.0009 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware reisekosten 2016 (HKLM-x32\...\{8a317b7d-5b5c-49d3-bc29-71a1c3f03f76}) (Version: 16.2.0.161 - Haufe-Lexware GmbH & Co.KG) Lexware reisekosten plus 2016 (x32 Version: 16.02.00.0211 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware Services (x32 Version: 4.00.00.0066 - Haufe-Lexware GmbH & Co.KG) Hidden Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech) Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Managed Windows Defender (Version: 4.7.0214.0 - Microsoft Corporation) Hidden Manager (x32 Version: 4.1.4.27792 - 2015 pdfforge GmbH. All rights reserved) Hidden Metric Collection SDK (x32 Version: 1.1.0008.00 - Lenovo Group Limited) Hidden Metric Collection SDK 35 (x32 Version: 1.2.0011.00 - Lenovo Group Limited) Hidden Microsoft Dynamics CRM 2015 für Microsoft Office Outlook (HKLM\...\Microsoft CRM Client) (Version: 7.1.0001.3113 - Microsoft Corporation) Microsoft Dynamics CRM für Outlook Update 1.0 (KB3056327) (HKLM\...\KB3056327_Client_1031) (Version: 7.1.0000.1074 - Microsoft Corporation) Microsoft Dynamics CRM für Outlook Update 1.1 (KB3072333) (HKLM\...\KB3072333_Client_1031) (Version: 7.1.0001.3113 - Microsoft Corporation) Microsoft Office Professional Plus 2016 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 16.0.7369.2038 - Microsoft Corporation) Microsoft Online Services-Anmeldeassistent (HKLM\...\{46E637E2-AC34-4B45-B5DF-D20903A3DB61}) (Version: 7.250.4303.0 - Microsoft Corporation) Microsoft Report Viewer 2012-Laufzeit (HKLM-x32\...\{65F3578A-F54F-4402-A9B1-E36B06976706}) (Version: 11.1.3366.16 - Microsoft Corporation) Microsoft ReportViewer 2010 Redistributable (HKLM-x32\...\{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation) Microsoft SQL Server 2008 (HKLM-x32\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation) Microsoft SQL Server 2008 Browser (HKLM-x32\...\{4AF2248C-B3DF-46FB-9596-87F5DB193689}) (Version: 10.4.6000.29 - Microsoft Corporation) Microsoft SQL Server 2008 Native Client (HKLM\...\{F5A944B8-426D-4A6A-BE6F-DAAA957CA50D}) (Version: 10.4.6000.29 - Microsoft Corporation) Microsoft SQL Server 2008 Setup Support Files (HKLM-x32\...\{AE70D6C9-AF27-405C-9BF7-7D7AB70AC177}) (Version: 10.4.6241.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{F0DA699A-5279-49F2-AC5C-1BA58B3CC613}) (Version: 3.5.8082.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{419A1C86-B998-4395-A848-AA95E8869E13}) (Version: 3.5.8082.0 - Microsoft Corporation) Microsoft SQL Server Compact 4.0 SP1 x64 DEU (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version: 4.0.8876.1 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{28D06854-572C-4A65-83E5-F8CAF26B9FDC}) (Version: 10.4.6000.29 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) ModemAuthenticator (HKLM-x32\...\{C19BC2FE-B85D-42E3-B7FE-1628B2E22298}) (Version: 1.0.7 - Intel Mobile Communications) Mozilla Firefox 47.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 de)) (Version: 47.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla) Net at Work Mail Gateway Outlook add-in (HKLM-x32\...\{9bb32908-fa74-4345-b108-b7e371dd1e22}) (Version: 8.5.164.0 - Net at Work Netzwerksysteme GmbH) Net at Work Mail Gateway Outlook Add-in (Version: 8.5.164.0 - Net at Work Netzwerksysteme GmbH) Hidden Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7369.2038 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7369.2038 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (Version: 16.0.7369.2038 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7369.2038 - Microsoft Corporation) Hidden OfficeMaster Client G5 (x86) (HKLM-x32\...\{efa9fdfb-f1cc-49fb-81ab-14878b2e8f7a}) (Version: 5.21.29362 - Ferrari electronic AG) OSM generic routable(GRC) (HKLM-x32\...\OSM generic routable(GRC)) (Version: - ) PDF Architect 4 (HKLM-x32\...\PDF Architect 4) (Version: 4.0.34.26215 - pdfforge GmbH) PDF Architect 4 Create Module (Version: 4.1.5.29097 - pdfforge GmbH) Hidden PDF Architect 4 Edit Module (Version: 4.1.5.29097 - pdfforge GmbH) Hidden PDF Architect 4 View Module (Version: 4.1.5.29097 - pdfforge GmbH) Hidden PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.3.2 - pdfforge GmbH) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.) Plantronics CSR Driver (64-bit) (Version: 3.1.51094.21292 - Plantronics, Inc.) Hidden Plantronics CsrDfu Installer (x32 Version: 3.1.51094.21292 - Plantronics, Inc.) Hidden Plantronics HidDfu Installer (x32 Version: 3.1.51094.21292 - Plantronics, Inc.) Hidden Plantronics MyHeadset Updater (HKLM-x32\...\{f3913714-6d44-49ee-9526-a47d548f2334}) (Version: 3.1.51094.21292 - Plantronics, Inc.) Plantronics MyHeadset Updater (x32 Version: 3.1.51094.21292 - Plantronics, Inc.) Hidden Plantronics MyHeadset Updater Device Handlers (32-bit) (x32 Version: 3.1.51094.21292 - Plantronics, Inc.) Hidden Plantronics MyHeadset Updater DFU Handlers (32-bit) (x32 Version: 3.1.51094.21292 - Plantronics, Inc.) Hidden Plantronics MyHeadset Updater Install Check (x32 Version: 3.1.51094.21292 - Plantronics, Inc.) Hidden Plantronics MyHeadset Updater MLS (Version: 3.0.0.0 - Plantronics, Inc.) Hidden Plantronics MyHeadset Updater Runtime (x32 Version: 3.1.51094.21292 - Plantronics, Inc.) Hidden Plantronics MyHeadset Updater Startup (x32 Version: 3.1.51094.21292 - Plantronics, Inc.) Hidden QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7572 - Realtek Semiconductor Corp.) Rossmann Fotowelt Software (HKLM-x32\...\Rossmann Fotowelt Software) (Version: 4.14.5. - ORWO Net) Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.61.0 - Samsung Electronics Co., Ltd.) Service Pack 4 für SQL Server 2008 (KB2979596) (HKLM-x32\...\KB2979596) (Version: 10.4.6000.29 - Microsoft Corporation) SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 3.3.0.658 - Lenovo) Sierra Wireless EM7345 4G LTE Software (HKLM-x32\...\SWIIntelDrvInstaller) (Version: 2.5.10640.4317 - Sierra Wireless, Inc.) Sign Live! CC Sparkassen-Edition 6.3 (HKLM\...\SIGNLIVE_CC_Sparkassen_Edition_6_3_is1) (Version: 6.3 - intarsys consulting GmbH) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Snip (HKU\S-1-5-21-1278887282-1552680147-1237208637-1224\...\{525d439e-e22a-4221-8fd1-25b845fe0038}) (Version: 0.1.5119.0 - Microsoft Corporation) Snip (x32 Version: 0.1.5119.0 - Microsoft) Hidden Sophos SSL VPN Client 2.1 (HKLM-x32\...\Sophos SSL VPN Client) (Version: 2.1 - ) Sql Server Customer Experience Improvement Program (x32 Version: 10.4.6000.29 - Microsoft Corporation) Hidden Start Menu (HKU\S-1-5-21-1278887282-1552680147-1237208637-500\...\Pokki_Start_Menu) (Version: 0.269.4.145 - Pokki) Studie zur Verbesserung von HP Deskjet 1000 J110 series Produkten (HKLM\...\{28F4BC72-75AE-47DD-B5B3-2A027BCA48A7}) (Version: 28.0.1313.0 - Hewlett-Packard Co.) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.85 - Synaptics Incorporated) Synaptics WBF DDK 5011 (Advanced) (HKLM\...\{87E2D28A-EEE2-4C3C-B0C1-CDA986B3C42E}) (Version: 4.5.503.0 - Synaptics) System Center Endpoint Protection (HKLM\...\Microsoft Security Client) (Version: 4.7.214.0 - Microsoft Corporation) tax 2015 Professional (HKLM-x32\...\{4CF96070-DEE5-43B5-B6A7-23AC07BC0C77}) (Version: 22.00.8811 - Buhl Data Service GmbH) tax 2016 Professional (HKLM-x32\...\{30E85B0C-57D8-4ECE-814B-264550A92FAB}) (Version: 23.00.1146 - Buhl Data Service GmbH) TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.63017 - TeamViewer) ThinkPad OneLink Dock (HKLM-x32\...\{8E1CACF5-2493-4950-9AD5-189903FE57E7}) (Version: 1.08.36 - Lenovo) ThinkPad Settings Dependency (Version: 3.0.1.29 - Lenovo) Hidden Thinkpad USB 3.0 Ethernet Adapter Driver (HKLM-x32\...\{D8102684-7BA1-4948-88B9-535F84E6E588}) (Version: 8.8.911.2013 - Lenovo) ThinkVantage Password Manager (HKLM-x32\...\{70EE2BAA-F82A-4B8A-950E-649EFD64D5B9}) (Version: 4.70.2.0 - Lenovo Group Limited) TimeTracking Outlook AddIn (HKLM-x32\...\{092C9DD6-6641-4DEC-B607-E0C5C8901A24}) (Version: 4.2.0 - proMX GmbH) Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH) Windows Firewall Configuration Provider (HKLM\...\{109A5A16-E09E-4B82-A784-D1780F1190D6}) (Version: 1.2.3412.0 - Microsoft Corporation) Windows-Treiberpaket - Cambridge Silicon Radio (CSRBC) USB (10/26/2012 2.4.0.0) (HKLM\...\20C7EDA3129B3FF8F72F9BF59252B718B554FBDC) (Version: 10/26/2012 2.4.0.0 - Cambridge Silicon Radio) Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows-Treiberpaket - Intel (e1dexpress) Net (03/13/2014 12.11.77.1) (HKLM\...\8B9947A3FCC81D9507E333A63C6CC56E091BA6DB) (Version: 03/13/2014 12.11.77.1 - Intel) Windows-Treiberpaket - Intel Corporation (iaStorA) HDC (11/15/2013 12.8.10.1005) (HKLM\...\D25E6F494D3225DFE05884186452E2C79AF2E506) (Version: 11/15/2013 12.8.10.1005 - Intel Corporation) Windows-Treiberpaket - Lenovo 1.67.04.05 (12/17/2013 1.67.04.05) (HKLM\...\68ECF461D6E85BB67AFC110D2FEBF1955C9F26B5) (Version: 12/17/2013 1.67.04.05 - Lenovo) Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) Windows-Treiberpaket - Synaptics (SmbDrv) System (04/07/2014 18.0.7.40) (HKLM\...\FB2627FE59EA6DAD058B4A4C82647DC162F8723D) (Version: 04/07/2014 18.0.7.40 - Synaptics) Windows-Treiberpaket - Synaptics (SynTP) Mouse (04/07/2014 18.0.7.40) (HKLM\...\5879A8A324E612CD4CB110632BF1186381FA46F0) (Version: 04/07/2014 18.0.7.40 - Synaptics) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-1278887282-1552680147-1237208637-1224_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\martinha\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_2\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1278887282-1552680147-1237208637-1224_Classes\CLSID\{9E90BC4A-C30F-4BB1-AE57-757E5089FFE2}\InprocServer32 -> C:\Users\martinha\AppData\Local\TimeTrackingOutlookAddIn20\adxloader64.dll () ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {083BCDAD-F56A-4C27-BE44-774922CCD363} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated) Task: {0BE19FBC-CA7F-4E92-BB05-C5FB6A148AEF} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_TVSUUpdateTask => reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32 Task: {12C523F8-40DC-4032-A176-15EEBCBCB005} - \WPD\SqmUpload_S-1-5-21-1278887282-1552680147-1237208637-1224 -> Keine Datei <==== ACHTUNG Task: {140BC594-94C0-44FF-9361-DD926C3D1663} - \WPD\SqmUpload_S-1-5-21-3971317600-4276828187-4244599763-1001 -> Keine Datei <==== ACHTUNG Task: {15E0C3AA-2D89-42F6-ACD0-437661FA0E3D} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-04-01] (Oracle Corporation) Task: {24E826E0-421F-46F3-9079-3B6AF34B1266} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-08-13] (Realtek Semiconductor) Task: {2A14A12F-2298-4FB4-9578-B1B780364B54} - \Microsoft\Windows\RemoteApp and Desktop Connections Update\martinha@IT-CONSULT.NET\Report update status -> Keine Datei <==== ACHTUNG Task: {2A8541BC-F922-4E2C-B70F-55DED8A51555} - \WPD\SqmUpload_S-1-5-21-1278887282-1552680147-1237208637-1332 -> Keine Datei <==== ACHTUNG Task: {2F6A7B13-A044-42CD-9875-CEECB3D2A2DE} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-08-18] (HP Inc.) Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe Task: {4793A9E9-69AF-454E-83AE-86B63EA9556B} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-12] (Adobe Systems Incorporated) Task: {47C8B51B-7854-42DF-9BAA-E98FFDA1DF5B} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Maintenance Task: {49312AC5-D52B-4B18-8DED-5C3155204076} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-10-12] (Microsoft Corporation) Task: {4A174699-4C93-4E5F-B2C1-865C43C808AE} - System32\Tasks\Lenovo\Lenovo Settings Power => Rundll32.exe "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.dll",PwrMgrBkGndMonitor Task: {4AEAD71D-051E-457E-A6D2-CF61297EB5DF} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe Task: {4CC90EA5-155F-4747-97A0-10D0358DC769} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-08] (Microsoft Corporation) Task: {507F2F84-124F-402E-8AD7-BA299752F2B3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-10-09] (Microsoft Corporation) Task: {5085AB57-C81A-4C1B-ABDD-12717E4A2C0C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation) Task: {5D6C7DFE-6F2A-4CC1-8490-ED9E41186CCC} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Health Evaluation => C:\WINDOWS\CCM\ccmeval.exe [2016-06-20] (Microsoft Corporation) Task: {63E32C29-8092-4EB3-854A-7D9A5C31EA8F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.) Task: {69E8B51E-A33C-4C3E-B581-78F198FD91CB} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Idle Detection Task: {6A9E64BA-B5B6-4A1E-9ACE-003867676ACC} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG Task: {6B215071-BCB2-4440-86B6-E4562B4F8EBF} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.UpdateStatusService.exe [2016-08-24] () Task: {6FD832FD-6202-4B36-8BC3-8A868CA46227} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-08] (Microsoft Corporation) Task: {74ED73D0-505C-45F3-8048-34765681F225} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-08-24] (Lenovo) Task: {7CF2F00F-4AA7-4964-A72E-324597B6C93B} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated) Task: {7DB45B4A-2762-4441-BE74-2374B62F3FE5} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => Sc.exe START ImControllerService Task: {81491D64-24FF-4A4F-B249-9ABD29CF3C50} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-08-13] (Realtek Semiconductor) Task: {87D1761F-53E0-407A-8228-57BE9D17118F} - System32\Tasks\Kopiere Fahrtenbuch => Task: {880A47A6-108D-46A1-9A7E-242A7A11592B} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Passport for Work Certificate Enrollment Task => C:\WINDOWS\System32\Wbem\wmic.exe [2016-07-16] (Microsoft Corporation) <==== ACHTUNG Task: {8D360885-0724-4AF3-9619-66A1B9EDEB6C} - System32\Tasks\LenovoQuickDisplay => C:\Program Files (x86)\Lenovo\QuickConnect NFC Utility\qdtap.exe [2014-03-05] (Lenovo) Task: {8F4592C4-5D3D-4D3D-99E3-B39929FD11EC} - System32\Tasks\HPCustParticipation HP Deskjet 1000 J110 series => C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.) Task: {8FD1E83C-3575-4685-8821-861B6A0C747F} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-08-31] () Task: {91294BE9-6728-4689-9382-A91C623B279C} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2016-01-13] () Task: {948A9ECC-4088-4B37-916F-B87B3EE34036} - \WPD\SqmUpload_S-1-5-21-1278887282-1552680147-1237208637-1125 -> Keine Datei <==== ACHTUNG Task: {979E16DA-189E-480C-979E-B9B0809A6605} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.) Task: {9A1DD3BC-78AF-43E0-A442-F5FC96235BB2} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2016-04-20] (Lenovo) Task: {9F4289BE-5AC6-4042-9535-BF635D635D68} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202} Task: {A046DC57-4CDD-479F-9334-E61CDBEBAA77} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\WINDOWS\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)" Task: {A8CA310C-B9DE-4E33-A8F7-9F16A4BCC859} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG Task: {AAF2731B-22E4-4C00-80F1-A2C6CDA5F5F7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG Task: {AC7B9DFB-1931-468E-B0C9-C66643A99756} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard) Task: {AF59060C-40DF-4877-845D-44058A3B2D05} - \WPD\SqmUpload_S-1-5-21-3971317600-4276828187-4244599763-1006 -> Keine Datei <==== ACHTUNG Task: {B5EEA664-5383-4FE8-BC6E-E85B66D14C1C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-10-09] (Microsoft Corporation) Task: {BF9954B5-6B28-48DD-9E72-2CC684417BD3} - \Microsoft\Windows\Setup\gwx\runappraiser -> Keine Datei <==== ACHTUNG Task: {BFEA1D7E-B9F1-42F0-9F1F-AC0C0621B247} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.) Task: {C4DA72FD-C613-409E-82B3-AD9FD59475FA} - \WPD\SqmUpload_S-1-5-21-1278887282-1552680147-1237208637-18922 -> Keine Datei <==== ACHTUNG Task: {C75162A0-587E-49E2-AF7D-46F441F31D4D} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\martinha\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-28] (Microsoft Corporation) Task: {C795E956-ADB5-4D68-B762-3956C4DB9660} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA} Task: {C843E6DE-61F7-48B7-BCED-263F48D4A1C4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.) Task: {CB32CD67-D8C1-4DED-AE7D-6EC45A4506C7} - System32\Tasks\RtHDVBg_LENOVO_MICPKEY => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-08-13] (Realtek Semiconductor) Task: {D8CEED34-D22B-4D0B-97ED-6D0C384CAE8D} - System32\Tasks\Lenovo\Gesture Control => C:\Program Files (x86)\eyeSight\Gesture Control\GestureControl.exe [2014-07-31] (Lenovo) Task: {DFC6C251-21C1-401B-8E47-83D90F885003} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-08-24] (Lenovo) Task: {DFECBAE1-230A-4128-8E41-56CAA7D4D64C} - \Microsoft\Windows\RemoteApp and Desktop Connections Update\martinha@IT-CONSULT.NET\Update connections -> Keine Datei <==== ACHTUNG Task: {F05788F6-6910-4EA0-91E3-BBD9E4DA6CE5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-10-12] (HP Inc.) Task: {F3BE8384-6CA4-44FE-8317-AD089A72909E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.) Task: {F5CD90D4-9CB1-429A-B76A-9E46515C7462} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe Task: {F72D0D12-F5F5-4261-9535-F5BBD795E302} - System32\Tasks\HPCeeScheduleFormartinha => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard) Task: {F74E8997-9768-42BC-A19B-9013844CFA96} - System32\Tasks\Lexware Info Service Assistent => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [2015-09-29] (Haufe-Lexware GmbH & Co. KG) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\HPCeeScheduleFormartinha.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements (1).job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ShortcutWithArgument: C:\Users\martinha\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP% ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF% ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF% ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2016-07-16 13:42 - 2016-07-16 13:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-10-13 08:05 - 2016-09-15 19:25 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2016-09-01 18:12 - 2016-09-01 18:12 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2015-07-02 22:32 - 2015-07-02 22:32 - 00023040 _____ () C:\Program Files (x86)\Sierra Wireless Inc\LENOVO MBIM Toolkit\firmwareupdaterservice.exe 2016-10-01 12:23 - 2016-10-01 12:05 - 00400896 _____ () C:\ProgramData\focel\focel.exe 2015-07-02 22:32 - 2015-07-02 22:32 - 00564224 _____ () C:\Program Files (x86)\Sierra Wireless Inc\LENOVO MBIM Toolkit\FirmwareApp.exe 2016-09-20 19:26 - 2016-08-23 08:02 - 00213320 _____ () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL 2016-10-13 08:05 - 2016-09-15 19:25 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll 2016-10-01 12:33 - 2016-10-01 12:33 - 01864384 _____ () C:\Users\martinha\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_2\amd64\ClientTelemetry.dll 2016-07-16 13:42 - 2016-07-16 13:42 - 00130048 _____ () C:\WINDOWS\SYSTEM32\CHARTV.dll 2016-10-01 13:20 - 2016-09-07 06:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2016-10-13 08:06 - 2016-10-05 11:35 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2016-10-13 08:06 - 2016-10-05 11:21 - 09760256 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-10-13 08:06 - 2016-10-05 11:13 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-10-13 08:06 - 2016-10-05 11:13 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2016-10-13 08:06 - 2016-10-05 11:13 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2016-10-13 08:06 - 2016-10-05 11:13 - 02424832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-10-13 08:06 - 2016-10-05 11:14 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2014-11-07 15:23 - 2014-07-03 12:04 - 00915968 _____ () C:\Program Files (x86)\Lenovo\OneLink Dock\onelinkpromgn.exe 2015-03-23 13:02 - 2015-03-23 13:02 - 00480992 _____ () C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpn-gui.exe 2016-10-20 07:45 - 2016-10-20 07:46 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.197.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2016-10-20 07:45 - 2016-10-20 07:46 - 00178176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.197.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2016-10-20 07:45 - 2016-10-20 07:46 - 35253760 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.197.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2016-08-28 11:19 - 2016-08-28 11:20 - 00017408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe 2016-08-28 11:19 - 2016-08-28 11:20 - 13475840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll 2016-08-28 11:19 - 2016-08-28 11:20 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll 2016-08-28 11:19 - 2016-08-28 11:20 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll 2014-02-19 05:56 - 2014-02-19 05:56 - 00284552 _____ () C:\Program Files (x86)\Common Files\Acronis\BackupAndRecovery\Common\fnls.dll 2014-02-19 05:56 - 2014-02-19 05:56 - 00327312 _____ () C:\Program Files (x86)\Common Files\Acronis\BackupAndRecovery\Common\events_trace.dll 2014-02-19 05:57 - 2014-02-19 05:57 - 00441760 _____ () C:\Program Files (x86)\Common Files\Acronis\BackupAndRecovery\Common\FileTrace.dll 2016-08-31 10:02 - 2016-08-31 10:02 - 00073216 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\FixBootSector.dll 2014-02-19 06:00 - 2014-02-19 06:00 - 00933568 _____ () C:\Program Files (x86)\Acronis\BackupAndRecovery\human_resolving_mms.dll 2014-02-19 05:58 - 2014-02-19 05:58 - 01931408 _____ () C:\Program Files (x86)\Acronis\BackupAndRecovery\msp_agent.dll 2016-06-18 15:40 - 2016-06-18 15:45 - 01754296 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\tmpod.dll 2016-06-18 15:41 - 2016-10-08 13:05 - 00039616 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\lynchtmlconvpxy.dll 2016-10-01 12:33 - 2016-10-01 12:33 - 01383616 _____ () C:\Users\martinha\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_2\ClientTelemetry.dll 2016-10-01 12:33 - 2016-10-01 12:33 - 00118976 _____ () C:\Users\martinha\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_2\FileSyncViews.dll 2015-07-06 21:36 - 2015-07-06 21:36 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2016-06-19 00:55 - 2016-10-20 08:08 - 03593408 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\gfx.dll 2016-06-18 15:40 - 2016-06-18 15:45 - 01754296 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\tmpod.dll 2016-06-18 15:40 - 2016-10-08 07:45 - 01010376 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\ADDINS\UmOutlookAddin.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) ==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) ==================== Hosts Inhalt: ========================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2013-08-22 15:25 - 2016-02-18 14:01 - 00034972 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost 13.69.186.195 global.bing.com 13.69.186.195 www.bing.com 13.69.186.195 cn.bing.com 13.69.186.195 bing.com 13.69.186.195 0search.internetquickaccess.com 13.69.186.195 1and1.com 13.69.186.195 22find.com 13.69.186.195 24img.com 13.69.186.195 7mcn.tvnewtabsearch.com 13.69.186.195 abcsearch.ru 13.69.186.195 airzip.inspsearch.com 13.69.186.195 alexnova.com 13.69.186.195 alles-im-inter.net 13.69.186.195 allinsearch.com 13.69.186.195 allsearch.ca 13.69.186.195 allsearch.space 13.69.186.195 alternativesearch.ru 13.69.186.195 amaizingsearches.info 13.69.186.195 amazon.smart-search.com 13.69.186.195 appiance.com 13.69.186.195 apps.searchalgo.com 13.69.186.195 asiasearch.co 13.69.186.195 ask.com 13.69.186.195 atajitos.com 13.69.186.195 autosearch.centurylink.com 13.69.186.195 autosearch.zoominternet.net 13.69.186.195 avg.com 13.69.186.195 avg.nation.com 13.69.186.195 awesomehp.com Da befinden sich 836 zusätzliche Einträge. ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-1278887282-1552680147-1237208637-1224\Control Panel\Desktop\\Wallpaper -> C:\Users\martinha\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper HKU\S-1-5-21-1278887282-1552680147-1237208637-500\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Lenovo\RedBurst.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == MSCONFIG\Services: SpyHunter 4 Service => 2 HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run: => "PasswordManager" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "LexwareInfoService" HKLM\...\StartupApproved\Run32: => "HP Software Update" HKLM\...\StartupApproved\Run32: => "Adobe ARM" HKLM\...\StartupApproved\Run32: => "Fitbit Connect" HKLM\...\StartupApproved\Run32: => "QuickTime Task" HKLM\...\StartupApproved\Run32: => "PLTUpdater.exe" HKLM\...\StartupApproved\Run32: => "Dropbox" HKU\S-1-5-21-1278887282-1552680147-1237208637-1224\...\StartupApproved\StartupFolder: => "Dropbox.lnk" HKU\S-1-5-21-1278887282-1552680147-1237208637-1224\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-1278887282-1552680147-1237208637-1224\...\StartupApproved\Run: => "Dropbox Update" HKU\S-1-5-21-1278887282-1552680147-1237208637-1224\...\StartupApproved\Run: => "Fitbit Connect" HKU\S-1-5-21-1278887282-1552680147-1237208637-1224\...\StartupApproved\Run: => "iCloudServices" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [UDP Query User{63D811CC-0593-4CBF-89D1-5FEA021016F1}C:\program files (x86)\microsoft office\root\office16\lync.exe] => (Allow) C:\program files (x86)\microsoft office\root\office16\lync.exe FirewallRules: [TCP Query User{13D127D9-DE3D-4FFC-B03A-C79C92F44061}C:\program files (x86)\microsoft office\root\office16\lync.exe] => (Allow) C:\program files (x86)\microsoft office\root\office16\lync.exe FirewallRules: [{069F42CC-6F6A-4D5C-80DE-6A44C6890967}] => (Allow) C:\Program Files (x86)\SQL Anywhere 16\Bin32\dbsrv16.exe FirewallRules: [{89CCE8F7-9A4D-45A2-8E92-673E947B96A8}] => (Allow) C:\Program Files (x86)\SQL Anywhere 16\Bin32\dbsrv16.exe FirewallRules: [{383F4C8B-A214-4794-8E03-4F402C83ABD3}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe FirewallRules: [{E64CFCDC-82F8-4E86-B76E-7682120BF6F0}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe FirewallRules: [{B52B744A-A7F9-4584-887D-D80154673931}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe FirewallRules: [{C85478E4-DB5E-433F-B3BF-A640C49CAE4E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe FirewallRules: [{44743B7F-B6F3-4DBF-912D-099029708B2E}] => (Allow) C:\Users\martinha\AppData\Local\Temp\7zS41F3\HPDiagnosticCoreUI.exe FirewallRules: [{0EF2C4D0-0B07-4A0F-A843-990D1EDBA334}] => (Allow) C:\Users\martinha\AppData\Local\Temp\7zS41F3\HPDiagnosticCoreUI.exe FirewallRules: [{3BCC16BE-A280-4734-8C7E-151C801C5498}] => (Allow) C:\Users\martinha\AppData\Local\Temp\7zS2E31\HPDiagnosticCoreUI.exe FirewallRules: [{95C7F43C-A6C0-4E59-B1D7-AD3B7A900486}] => (Allow) C:\Users\martinha\AppData\Local\Temp\7zS2E31\HPDiagnosticCoreUI.exe FirewallRules: [{68D89644-8CE7-4A66-BFB6-1A5630050DCD}] => (Allow) C:\Users\martinha\AppData\Local\Temp\7zS1CB2\HPDiagnosticCoreUI.exe FirewallRules: [{8EB3B9CF-8884-4114-8317-AA6785354AAC}] => (Allow) C:\Users\martinha\AppData\Local\Temp\7zS1CB2\HPDiagnosticCoreUI.exe FirewallRules: [{EE807A6E-7F12-46C2-8A53-0CCE2BE169CC}] => (Allow) C:\Program Files (x86)\Lexware\services\Haufe.FabricHostService.exe FirewallRules: [{5D66E0F6-95D0-4576-9DA0-F1E7E66D417C}] => (Allow) C:\Program Files (x86)\Lexware\services\Haufe.FabricHostService.exe FirewallRules: [{B7023848-71CE-4F9C-B5FB-C7134D5D72D4}] => (Allow) C:\Program Files (x86)\SQL Anywhere 12\Bin32\dbsrv12.exe FirewallRules: [{9D37163E-B31D-4720-B2AA-636A3C253E47}] => (Allow) C:\Program Files (x86)\SQL Anywhere 12\Bin32\dbsrv12.exe FirewallRules: [{C74E0952-59C8-4FE2-B01E-536FEE5C6D91}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{CC074C17-6376-4518-ACCB-1147F94AA1B5}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{8FF4582A-66B5-4FC6-BCE2-D45DC950286E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{B21127DD-90B9-4BAF-B8FB-C1B5847D50E6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{03A3FF36-2D7E-486D-B043-0D433F0F971B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{2F971BFF-9A17-4FB4-9DCA-75C415DFA3BA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{D9EE5824-8AF9-4510-BFAC-423F7E431C77}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{E4F95422-6789-4244-9212-1591906F9832}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{C104E45D-5715-4787-874D-6BA2E1D90235}] => (Allow) C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\USBSetup.exe FirewallRules: [UDP Query User{1A6BFFC7-9D09-469C-963C-40F17EA815EF}C:\users\martinha\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\martinha\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [TCP Query User{2055DDB2-7E76-446E-9AC5-AE0082833902}C:\users\martinha\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\martinha\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{9197BA06-4DD0-472F-B495-0CB81058E4B0}C:\program files\microsoft office\office15\lync.exe] => (Allow) C:\program files\microsoft office\office15\lync.exe FirewallRules: [TCP Query User{297F51E6-A343-4C1B-B55B-93A7AA444460}C:\program files\microsoft office\office15\lync.exe] => (Allow) C:\program files\microsoft office\office15\lync.exe FirewallRules: [{0274A9C0-94FF-4533-9040-83B3A5BFE5E2}] => (Allow) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe FirewallRules: [{BBF56B60-8922-4DE1-BCE1-AC1310C43454}] => (Allow) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe FirewallRules: [{5AF66E65-A16D-41DE-8227-9CAAE2E85A57}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{E971ADB0-484F-4B6F-9D93-1AA21F21204C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{27208934-0015-4403-8AF3-C1DC3E4F1D3C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{1E1D42AE-23EC-44AD-B983-5D80C0398F45}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{C209A5F7-CF49-4842-A679-4F04E956B719}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{AEF56502-915F-40D8-8C06-8F1E7B742929}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{E3780AE3-CD78-41EE-A7F9-97F47DEB08C1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{2F1B4DF4-922F-48F8-A78C-AE06F22CEA79}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{6A1C1605-5278-402F-916F-6F9BD7A57E0A}] => (Allow) C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe FirewallRules: [{7B130657-70AC-435C-B898-9C246086C901}] => (Allow) C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe FirewallRules: [{A3CAF720-D9BD-4BF7-AAF6-C075F072126E}] => (Allow) C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe FirewallRules: [{1FD41DE8-3A9A-4E1B-B6F6-D3AFB4DC376F}] => (Allow) C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe FirewallRules: [{2E91EC70-1915-422F-BE79-FF1EE7858605}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe FirewallRules: [{BA2850C7-0F4F-4E1D-9F9D-ED45054766FB}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe FirewallRules: [{75EF22F2-5904-4BDE-88F0-9C3F1E52BA90}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe FirewallRules: [{5ECCF999-7175-48D9-A642-058C342547F2}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe FirewallRules: [{56D59956-ED0E-4AA3-B9D4-D398A152FDD9}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{F4CE020A-4C80-4267-9D20-59F1D8FA21E8}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{12FA5668-6F5F-4280-928C-AF3BEEC13C14}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{A119A95C-0A6B-4997-8CFC-B7262C731E08}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{A2341B34-E953-4251-970E-4A27AEA04975}] => (Allow) C:\WINDOWS\CCM\RemCtrl\CmRcService.exe FirewallRules: [{55082E6C-6DB3-41D5-B25A-2F834781F6C5}] => (Allow) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe FirewallRules: [{48675F8F-7B7C-46CB-AB14-F55A5A7507E3}] => (Allow) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe FirewallRules: [{7927BF85-C501-4A2C-BBF9-B3A15BF89963}] => (Allow) C:\Users\martinha\AppData\Local\Temp\7zS6690\HPDiagnosticCoreUI.exe FirewallRules: [{9702A9ED-1D10-4968-B01D-783F8D0E1401}] => (Allow) C:\Users\martinha\AppData\Local\Temp\7zS6690\HPDiagnosticCoreUI.exe FirewallRules: [{1645A085-FA44-420A-A4D9-660EC9D985F7}] => (Allow) C:\Users\martinha\AppData\Local\Temp\7zS66D4\HPDiagnosticCoreUI.exe FirewallRules: [{69D5DCE6-FE06-422B-A262-A7BCE13D2A7D}] => (Allow) C:\Users\martinha\AppData\Local\Temp\7zS66D4\HPDiagnosticCoreUI.exe FirewallRules: [{AFC4BFB6-1312-4714-9607-6A53D3869F84}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe FirewallRules: [{85D062F0-8AA8-43AC-B9DC-F4968133064E}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe FirewallRules: [{55C3F113-9419-4BB8-8AE9-B0258BE47BF5}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe FirewallRules: [{7A447C3C-D155-42A8-BB86-F7556065496E}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe FirewallRules: [{90252D5F-5F98-4DB5-8C13-860FD906108A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{BCDB17DF-9D6A-4C45-9E42-2062A58A7DA2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{066735DA-2110-4D25-9F97-784AF1ECBA4D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{7DB6FFAE-0564-4493-A346-D8134EE3D2FF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [TCP Query User{78124E29-0D0C-4A4E-99CA-734C1CD3F304}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{FF25888E-7318-43BD-8500-E32E4A62A575}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{034A56CD-AEAE-40DD-A252-C379CD467B30}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{0BE02A14-3F9F-4A95-8CEA-40422C20FBF2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{338FAA0A-518B-49AD-B6C4-9B2A257D6B73}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [TCP Query User{21AC9A90-10B4-400E-9EFF-29DE7E3A859D}C:\program files (x86)\microsoft office\root\office16\lync.exe] => (Allow) C:\program files (x86)\microsoft office\root\office16\lync.exe FirewallRules: [UDP Query User{779F8FBD-A572-4C19-AFC1-D927FA51E341}C:\program files (x86)\microsoft office\root\office16\lync.exe] => (Allow) C:\program files (x86)\microsoft office\root\office16\lync.exe FirewallRules: [{93604640-FA6E-4D1B-B2BE-C9E2B05B5D06}] => (Allow) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe FirewallRules: [{49B6C320-E182-46AA-8E53-4B16B73ACD93}] => (Allow) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe FirewallRules: [{444FFE63-99F4-4C72-90E4-130C0B8BB2F4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{CB62E4FF-3905-4B5A-B1C5-F4B97B0AC04C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{9444189D-3B14-40FE-BFB5-729E063D828A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{070439DA-7497-43FB-8B0B-00379EADD4BB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{28890C94-FDED-4582-A086-F21ED9A4838E}] => (Allow) C:\WINDOWS\CCM\RemCtrl\CmRcService.exe FirewallRules: [{9C122C60-6068-4E32-BB11-754182095B11}] => (Allow) C:\Program Files\iTunes\iTunes.exe ==================== Wiederherstellungspunkte ========================= 12-10-2016 00:12:47 Windows Update 13-10-2016 14:54:15 Installed iTunes 19-10-2016 12:03:37 Windows Update 21-10-2016 21:16:12 Installed Gigaset QuickSync. 22-10-2016 22:02:31 Removed Gigaset QuickSync. ==================== Fehlerhafte Geräte im Gerätemanager ============= ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (10/25/2016 03:54:48 PM) (Source: Windows Search Service) (EventID: 3083) (User: ) Description: Fehler beim Laden des Protokollhandlers Mapi16. Fehlerbeschreibung: (HRESULT : 0x80004005). Error: (10/25/2016 03:50:21 PM) (Source: Windows Search Service) (EventID: 3083) (User: ) Description: Fehler beim Laden des Protokollhandlers Mapi16. Fehlerbeschreibung: (HRESULT : 0x80004005). Error: (10/25/2016 03:27:39 PM) (Source: Windows Search Service) (EventID: 3083) (User: ) Description: Fehler beim Laden des Protokollhandlers Mapi16. Fehlerbeschreibung: (HRESULT : 0x80004005). Error: (10/25/2016 03:22:45 PM) (Source: Windows Search Service) (EventID: 3083) (User: ) Description: Fehler beim Laden des Protokollhandlers Mapi16. Fehlerbeschreibung: (HRESULT : 0x80004005). Error: (10/25/2016 02:44:27 PM) (Source: Windows Search Service) (EventID: 3083) (User: ) Description: Fehler beim Laden des Protokollhandlers Mapi16. Fehlerbeschreibung: (HRESULT : 0x80004005). Error: (10/25/2016 02:39:16 PM) (Source: Windows Search Service) (EventID: 3083) (User: ) Description: Fehler beim Laden des Protokollhandlers Mapi16. Fehlerbeschreibung: (HRESULT : 0x80004005). Error: (10/25/2016 02:35:16 PM) (Source: Windows Search Service) (EventID: 3083) (User: ) Description: Fehler beim Laden des Protokollhandlers Mapi16. Fehlerbeschreibung: (HRESULT : 0x80004005). Error: (10/25/2016 02:21:41 PM) (Source: Windows Search Service) (EventID: 3083) (User: ) Description: Fehler beim Laden des Protokollhandlers Mapi16. Fehlerbeschreibung: (HRESULT : 0x80004005). Error: (10/25/2016 02:19:16 PM) (Source: Windows Search Service) (EventID: 3083) (User: ) Description: Fehler beim Laden des Protokollhandlers Mapi16. Fehlerbeschreibung: (HRESULT : 0x80004005). Error: (10/25/2016 02:06:22 PM) (Source: Windows Search Service) (EventID: 3083) (User: ) Description: Fehler beim Laden des Protokollhandlers Mapi16. Fehlerbeschreibung: (HRESULT : 0x80004005). Systemfehler: ============= Error: (10/25/2016 01:39:13 PM) (Source: DCOM) (EventID: 10010) (User: IT-CONSULT) Description: Der Server "{889821A7-F3E9-4CB7-B2A0-08979395125B}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (10/25/2016 01:37:43 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1096) (User: NT-AUTORITÄT) Description: Fehler bei der Verarbeitung der Gruppenrichtlinie. Es wurde versucht, registrierungsbasierte Richtlinieneinstellungen für das Gruppenrichtlinienobjekt "LDAP://CN=Machine,cn={96303C8C-9F18-408F-A372-710471F7C067},cn=policies,cn=system,DC=IT-CONSULT,DC=NET" zu lesen. Die Gruppenrichtlinieneinstellungen dürfen nicht erzwungen werden, bis dieses Ereignis behoben ist. Weitere Informationen über den Dateinamen und -pfad, der den Fehler verursacht hat, können den Ereignisdetails entnommen werden. Error: (10/25/2016 01:35:22 PM) (Source: DCOM) (EventID: 10010) (User: IT-CONSULT) Description: Der Server "{889821A7-F3E9-4CB7-B2A0-08979395125B}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (10/25/2016 01:22:46 PM) (Source: DCOM) (EventID: 10010) (User: IT-CONSULT) Description: Der Server "{889821A7-F3E9-4CB7-B2A0-08979395125B}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (10/25/2016 12:47:09 PM) (Source: DCOM) (EventID: 10016) (User: IT-CONSULT) Description: Durch die Berechtigungseinstellungen für "Computerstandard" wird dem Benutzer "IT-CONSULT\martinha" (SID: S-1-5-21-1278887282-1552680147-1237208637-1224) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} und der APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} im Anwendungscontainer "Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. Error: (10/25/2016 12:47:08 PM) (Source: DCOM) (EventID: 10016) (User: IT-CONSULT) Description: Durch die Berechtigungseinstellungen für "Computerstandard" wird dem Benutzer "IT-CONSULT\martinha" (SID: S-1-5-21-1278887282-1552680147-1237208637-1224) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} und der APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} im Anwendungscontainer "Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. Error: (10/25/2016 12:47:08 PM) (Source: DCOM) (EventID: 10016) (User: IT-CONSULT) Description: Durch die Berechtigungseinstellungen für "Computerstandard" wird dem Benutzer "IT-CONSULT\martinha" (SID: S-1-5-21-1278887282-1552680147-1237208637-1224) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} und der APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} im Anwendungscontainer "Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. Error: (10/25/2016 12:47:08 PM) (Source: DCOM) (EventID: 10016) (User: IT-CONSULT) Description: Durch die Berechtigungseinstellungen für "Computerstandard" wird dem Benutzer "IT-CONSULT\martinha" (SID: S-1-5-21-1278887282-1552680147-1237208637-1224) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} und der APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} im Anwendungscontainer "Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. Error: (10/25/2016 12:47:07 PM) (Source: DCOM) (EventID: 10016) (User: IT-CONSULT) Description: Durch die Berechtigungseinstellungen für "Computerstandard" wird dem Benutzer "IT-CONSULT\martinha" (SID: S-1-5-21-1278887282-1552680147-1237208637-1224) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} und der APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} im Anwendungscontainer "Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. Error: (10/25/2016 12:47:07 PM) (Source: DCOM) (EventID: 10016) (User: IT-CONSULT) Description: Durch die Berechtigungseinstellungen für "Computerstandard" wird dem Benutzer "IT-CONSULT\martinha" (SID: S-1-5-21-1278887282-1552680147-1237208637-1224) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} und der APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} im Anwendungscontainer "Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. CodeIntegrity: =================================== Date: 2016-10-25 12:59:57.820 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-10-25 12:59:57.804 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-10-25 12:59:57.767 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-10-25 12:57:54.967 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-10-25 12:57:54.943 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-10-25 12:41:33.164 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-10-25 12:41:33.159 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-10-25 12:41:33.153 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-10-25 12:41:31.072 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-10-25 12:41:31.047 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM) i7-4550U CPU @ 1.50GHz Prozentuale Nutzung des RAM: 44% Installierter physikalischer RAM: 8092.86 MB Verfügbarer physikalischer RAM: 4501.34 MB Summe virtueller Speicher: 9372.86 MB Verfügbarer virtueller Speicher: 5066.29 MB ==================== Laufwerke ================================ Drive c: (Windows8_OS) (Fixed) (Total:454.23 GB) (Free:288.78 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)] Drive z: (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.2 GB) FAT32 ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (Size: 476.9 GB) (Disk ID: 91ACF725) Partition: GPT. ==================== Ende von Addition.txt ============================ |
25.10.2016, 15:19 | #6 |
| Downloadtrojaner Zonquadttax.exe Zuerst schon mal herzlichen Dank für die Hilfe Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 17-10-2016 durchgeführt von martinha (25-10-2016 16:09:25) Gestartet von C:\Users\martinha\Desktop Windows 10 Enterprise Version 1607 (X64) (2016-10-01 10:28:02) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-3971317600-4276828187-4244599763-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3971317600-4276828187-4244599763-503 - Limited - Disabled) Gast (S-1-5-21-3971317600-4276828187-4244599763-501 - Limited - Disabled) rauter (S-1-5-21-3971317600-4276828187-4244599763-1006 - Administrator - Enabled) => C:\Users\rauter Support (S-1-5-21-3971317600-4276828187-4244599763-1001 - Administrator - Enabled) => C:\Users\Support ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Acronis Backup 11.5 Agent Core (HKLM-x32\...\{CE226895-5910-47CE-8A28-5D7D907A4FFF}) (Version: 11.5.38573 - Acronis) Acronis Backup 11.5 Agent für Windows (HKLM-x32\...\{703EE602-5FB5-4592-9388-FE1D2C20F363}) (Version: 11.5.38573 - Acronis) Acronis Backup 11.5 Bootable Media Builder (HKLM-x32\...\{EE1BE3AE-B8DB-4DBB-AC9F-F9B54AC2C52E}) (Version: 11.5.38573 - Acronis) Acronis Backup 11.5 Command-Line Tool (HKLM-x32\...\{13CAA62E-4226-4B29-BB1A-23DC92CE4B6A}) (Version: 11.5.38573 - Acronis) Acronis Backup 11.5 Management Console (HKLM-x32\...\{90BE6C97-1F7A-4F35-9876-FA62CE20D2C9}) (Version: 11.5.38573 - Acronis) Acronis Backup 11.5 Tray Monitor (HKLM-x32\...\{0402F389-E3BD-47B7-AAAD-D2B4DAA8F90B}) (Version: 11.5.38573 - Acronis) Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.020.20039 - Adobe Systems Incorporated) Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.185 - Adobe Systems Incorporated) ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden Apple Application Support (32-Bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.) Apple Application Support (64-Bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Capella Micro CM3218x SPB Driver (HKLM-x32\...\CM3218x) (Version: 1.1.1.0 - Capella Microsystems, Inc.) Configuration Manager Client (Version: 5.00.8412.1000 - Microsoft Corporation) Hidden Dependency Package Update (x32 Version: 1.6.32.00 - Lenovo Group Limited) Hidden Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7/8 (HKLM\...\DisableAMTPopup) (Version: 1.00 - ) DisplayLink Core Software (HKLM\...\{58F4C39B-D946-4A45-A314-DEFC2AFDF397}) (Version: 7.5.54609.0 - DisplayLink Corp.) Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.5.1.1 - Dolby Laboratories Inc) EasyGPS 5.23.0.0 (HKLM-x32\...\EasyGPS_is1) (Version: 5.23.0.0 - TopoGrafix) Elevated Installer (x32 Version: 4.1.27.0 - Garmin Ltd or its subsidiaries) Hidden Garmin BaseCamp (HKLM-x32\...\{23A4DBD1-D847-4957-995D-8B1CC527E2E2}) (Version: 4.6.2.0 - Garmin Ltd or its subsidiaries) Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries) Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries) Garmin Express (HKLM-x32\...\{5b45c228-dcb1-4a0b-a9de-3b4b683ef15d}) (Version: 4.1.27.0 - Garmin Ltd or its subsidiaries) Garmin Express (x32 Version: 4.1.27.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (x32 Version: 4.1.27.0 - Garmin Ltd or its subsidiaries) Hidden Garmin TOPO Deutschland V7 PRO (HKLM-x32\...\{340A2FCE-F4B5-4F80-8AEE-F72D55711F83}) (Version: 7.0.0 - Garmin Ltd or its subsidiaries) Garmin USB Drivers (HKLM\...\{DC7720F2-98BE-41C1-B0A8-E391362E86B8}) (Version: 2.3.1.1 - Garmin Ltd or its subsidiaries) GDR 6241 für SQL Server 2008 (KB 3045311) (HKLM-x32\...\KB3045311) (Version: 10.4.6241.0 - Microsoft Corporation) Gesture Control (HKLM-x32\...\{7777DD46-E32D-44FE-A08B-AF83CD8FB54C}) (Version: 6.1.163.8 - Lenovo) Gigaset QuickSync (HKLM\...\{192f673d-d310-4488-96da-4a4bfcd6ab2b}) (Version: 8.6.0875.1 - Gigaset Communications GmbH) HP Deskjet 1000 J110 series - Grundlegende Software für das Gerät (HKLM\...\{CED47C99-8892-4956-BCA7-CC3123531371}) (Version: 28.0.1313.0 - Hewlett-Packard Co.) HP Deskjet 1000 J110 series Hilfe (HKLM-x32\...\{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}) (Version: 140.0.65.65 - Hewlett Packard) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP) HP Support Solutions Framework (HKLM-x32\...\{B1AD4FFB-DD17-43EC-8C30-B9E71EAD9132}) (Version: 12.5.32.37 - Hewlett-Packard Company) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPDetect (HKLM-x32\...\{CCCDD476-98F9-4B06-91DB-23F27CEC3BE1}) (Version: 1.0.0.0 - HP) HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden iCloud (HKLM\...\{B33C558F-772F-4308-A059-390FBF9BAAAE}) (Version: 5.0.2.61 - Apple Inc.) Inst5676 (Version: 8.01.42 - Softex Inc.) Hidden Integrated Camera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10252 - Realtek Semiconductor Corp.) Intel Security True Key (HKLM\...\TrueKey) (Version: 4.4.129.1 - Intel Security) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1156 - Intel Corporation) Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 20.2 - Intel) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4206 - Intel Corporation) Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.253.0 - Intel Corporation) Intel(R) Wireless Bluetooth(R)(patch version 17.1.1512.771) (HKLM\...\{302600C1-6BDF-4FD1-1501-148929CC1385}) (Version: 17.1.1501.0514 - Intel Corporation) Intel® Chipsatz-Gerätesoftware (x32 Version: 10.1.1.9 - Intel(R) Corporation) Hidden Intel® PROSet/Wireless Software (HKLM-x32\...\{d5572863-793c-4ec8-872a-43cccc68b948}) (Version: 18.40.0 - Intel Corporation) iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version: 12.5.1.21 - Apple Inc.) Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation) LavasoftTcpService (x32 Version: 2.3.3.0 - Lavasoft) Hidden Lenovo Anzeige am Bildschirm (Version: 8.80.10 - Lenovo) Hidden Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.13 - ) Lenovo Patch Utility (x32 Version: 1.3.2.6 - Lenovo Group Limited) Hidden Lenovo Patch Utility 64 bit (Version: 1.3.2.6 - Lenovo Group Limited) Hidden Lenovo Peer Connect SDK (HKLM\...\{75C87855-9CBB-4892-B1A9-74C73A19CACA}_is1) (Version: 1.0.0.7 - Lenovo) Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.11.06 - Lenovo) Lenovo QuickConnect NFC Utility (HKLM-x32\...\{7C8A2D9F-10CF-4071-BFE4-6B0843A6302E}_is1) (Version: 2.0.0.54 - Lenovo Group Limited) Lenovo QuickControl (HKLM-x32\...\{ABA0A3F7-649E-4338-BDC9-18437D9699D6}) (Version: 2.40 - Lenovo Group Limited) Lenovo Settings - Power (x32 Version: 2.00.000 - Lenovo) Hidden Lenovo Solution Center (HKLM\...\{558E50EE-5E2D-479A-A455-8A826191583B}) (Version: 3.3.004.00 - Lenovo) Lenovo System Interface Foundation (HKLM\...\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.067.00 - Lenovo) Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0022 - Lenovo) Lenovo USB Graphics (HKLM\...\{E6B1FE9A-CB1E-4096-A0AF-163419CB971C}) (Version: 7.5.54614.0 - Lenovo) Lenovo USB3.0 to DVI VGA Monitor Adapter (HKLM-x32\...\{454D32AD-C149-49BE-9F2E-8C089C3D6620}) (Version: 1.07.17 - Lenovo) Lexware Abschreibungsrechner (x32 Version: 15.00.00.0006 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware büro easy 2016 (x32 Version: 29.04.00.0114 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware büro easy plus 2016 (HKLM-x32\...\{17d7e319-ac59-4a31-84cb-3009092079e2}) (Version: 29.4.0.114 - Haufe-Lexware GmbH & Co.KG) Lexware Datenbank plus 2016 (x32 Version: 16.00.00.0097 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware Elster (x32 Version: 16.05.00.0033 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware Elster 2016 (HKLM-x32\...\{c9c745c2-74e4-454e-91e0-ca041e6ed42c}) (Version: 16.5.0.33 - Haufe-Lexware GmbH & Co.KG) Lexware Info Service (x32 Version: 16.00.00.0040 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware Installations Dienst (HKLM-x32\...\{6FF55A3A-4E59-4CF8-9248-2EE747168B3E}) (Version: 5.01.00.0040 - Haufe-Lexware GmbH & Co.KG) Lexware online banking (x32 Version: 22.04.00.0043 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware PDF-Export 5 (x32 Version: 5.00.01.0009 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware reisekosten 2016 (HKLM-x32\...\{8a317b7d-5b5c-49d3-bc29-71a1c3f03f76}) (Version: 16.2.0.161 - Haufe-Lexware GmbH & Co.KG) Lexware reisekosten plus 2016 (x32 Version: 16.02.00.0211 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware Services (x32 Version: 4.00.00.0066 - Haufe-Lexware GmbH & Co.KG) Hidden Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech) Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Managed Windows Defender (Version: 4.7.0214.0 - Microsoft Corporation) Hidden Manager (x32 Version: 4.1.4.27792 - 2015 pdfforge GmbH. All rights reserved) Hidden Metric Collection SDK (x32 Version: 1.1.0008.00 - Lenovo Group Limited) Hidden Metric Collection SDK 35 (x32 Version: 1.2.0011.00 - Lenovo Group Limited) Hidden Microsoft Dynamics CRM 2015 für Microsoft Office Outlook (HKLM\...\Microsoft CRM Client) (Version: 7.1.0001.3113 - Microsoft Corporation) Microsoft Dynamics CRM für Outlook Update 1.0 (KB3056327) (HKLM\...\KB3056327_Client_1031) (Version: 7.1.0000.1074 - Microsoft Corporation) Microsoft Dynamics CRM für Outlook Update 1.1 (KB3072333) (HKLM\...\KB3072333_Client_1031) (Version: 7.1.0001.3113 - Microsoft Corporation) Microsoft Office Professional Plus 2016 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 16.0.7369.2038 - Microsoft Corporation) Microsoft Online Services-Anmeldeassistent (HKLM\...\{46E637E2-AC34-4B45-B5DF-D20903A3DB61}) (Version: 7.250.4303.0 - Microsoft Corporation) Microsoft Report Viewer 2012-Laufzeit (HKLM-x32\...\{65F3578A-F54F-4402-A9B1-E36B06976706}) (Version: 11.1.3366.16 - Microsoft Corporation) Microsoft ReportViewer 2010 Redistributable (HKLM-x32\...\{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation) Microsoft SQL Server 2008 (HKLM-x32\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation) Microsoft SQL Server 2008 Browser (HKLM-x32\...\{4AF2248C-B3DF-46FB-9596-87F5DB193689}) (Version: 10.4.6000.29 - Microsoft Corporation) Microsoft SQL Server 2008 Native Client (HKLM\...\{F5A944B8-426D-4A6A-BE6F-DAAA957CA50D}) (Version: 10.4.6000.29 - Microsoft Corporation) Microsoft SQL Server 2008 Setup Support Files (HKLM-x32\...\{AE70D6C9-AF27-405C-9BF7-7D7AB70AC177}) (Version: 10.4.6241.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{F0DA699A-5279-49F2-AC5C-1BA58B3CC613}) (Version: 3.5.8082.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{419A1C86-B998-4395-A848-AA95E8869E13}) (Version: 3.5.8082.0 - Microsoft Corporation) Microsoft SQL Server Compact 4.0 SP1 x64 DEU (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version: 4.0.8876.1 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{28D06854-572C-4A65-83E5-F8CAF26B9FDC}) (Version: 10.4.6000.29 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) ModemAuthenticator (HKLM-x32\...\{C19BC2FE-B85D-42E3-B7FE-1628B2E22298}) (Version: 1.0.7 - Intel Mobile Communications) Mozilla Firefox 47.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 de)) (Version: 47.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla) Net at Work Mail Gateway Outlook add-in (HKLM-x32\...\{9bb32908-fa74-4345-b108-b7e371dd1e22}) (Version: 8.5.164.0 - Net at Work Netzwerksysteme GmbH) Net at Work Mail Gateway Outlook Add-in (Version: 8.5.164.0 - Net at Work Netzwerksysteme GmbH) Hidden Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7369.2038 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7369.2038 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (Version: 16.0.7369.2038 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7369.2038 - Microsoft Corporation) Hidden OfficeMaster Client G5 (x86) (HKLM-x32\...\{efa9fdfb-f1cc-49fb-81ab-14878b2e8f7a}) (Version: 5.21.29362 - Ferrari electronic AG) OSM generic routable(GRC) (HKLM-x32\...\OSM generic routable(GRC)) (Version: - ) PDF Architect 4 (HKLM-x32\...\PDF Architect 4) (Version: 4.0.34.26215 - pdfforge GmbH) PDF Architect 4 Create Module (Version: 4.1.5.29097 - pdfforge GmbH) Hidden PDF Architect 4 Edit Module (Version: 4.1.5.29097 - pdfforge GmbH) Hidden PDF Architect 4 View Module (Version: 4.1.5.29097 - pdfforge GmbH) Hidden PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.3.2 - pdfforge GmbH) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.) Plantronics CSR Driver (64-bit) (Version: 3.1.51094.21292 - Plantronics, Inc.) Hidden Plantronics CsrDfu Installer (x32 Version: 3.1.51094.21292 - Plantronics, Inc.) Hidden Plantronics HidDfu Installer (x32 Version: 3.1.51094.21292 - Plantronics, Inc.) Hidden Plantronics MyHeadset Updater (HKLM-x32\...\{f3913714-6d44-49ee-9526-a47d548f2334}) (Version: 3.1.51094.21292 - Plantronics, Inc.) Plantronics MyHeadset Updater (x32 Version: 3.1.51094.21292 - Plantronics, Inc.) Hidden Plantronics MyHeadset Updater Device Handlers (32-bit) (x32 Version: 3.1.51094.21292 - Plantronics, Inc.) Hidden Plantronics MyHeadset Updater DFU Handlers (32-bit) (x32 Version: 3.1.51094.21292 - Plantronics, Inc.) Hidden Plantronics MyHeadset Updater Install Check (x32 Version: 3.1.51094.21292 - Plantronics, Inc.) Hidden Plantronics MyHeadset Updater MLS (Version: 3.0.0.0 - Plantronics, Inc.) Hidden Plantronics MyHeadset Updater Runtime (x32 Version: 3.1.51094.21292 - Plantronics, Inc.) Hidden Plantronics MyHeadset Updater Startup (x32 Version: 3.1.51094.21292 - Plantronics, Inc.) Hidden QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7572 - Realtek Semiconductor Corp.) Rossmann Fotowelt Software (HKLM-x32\...\Rossmann Fotowelt Software) (Version: 4.14.5. - ORWO Net) Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.61.0 - Samsung Electronics Co., Ltd.) Service Pack 4 für SQL Server 2008 (KB2979596) (HKLM-x32\...\KB2979596) (Version: 10.4.6000.29 - Microsoft Corporation) SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 3.3.0.658 - Lenovo) Sierra Wireless EM7345 4G LTE Software (HKLM-x32\...\SWIIntelDrvInstaller) (Version: 2.5.10640.4317 - Sierra Wireless, Inc.) Sign Live! CC Sparkassen-Edition 6.3 (HKLM\...\SIGNLIVE_CC_Sparkassen_Edition_6_3_is1) (Version: 6.3 - intarsys consulting GmbH) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Snip (HKU\S-1-5-21-1278887282-1552680147-1237208637-1224\...\{525d439e-e22a-4221-8fd1-25b845fe0038}) (Version: 0.1.5119.0 - Microsoft Corporation) Snip (x32 Version: 0.1.5119.0 - Microsoft) Hidden Sophos SSL VPN Client 2.1 (HKLM-x32\...\Sophos SSL VPN Client) (Version: 2.1 - ) Sql Server Customer Experience Improvement Program (x32 Version: 10.4.6000.29 - Microsoft Corporation) Hidden Start Menu (HKU\S-1-5-21-1278887282-1552680147-1237208637-500\...\Pokki_Start_Menu) (Version: 0.269.4.145 - Pokki) Studie zur Verbesserung von HP Deskjet 1000 J110 series Produkten (HKLM\...\{28F4BC72-75AE-47DD-B5B3-2A027BCA48A7}) (Version: 28.0.1313.0 - Hewlett-Packard Co.) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.85 - Synaptics Incorporated) Synaptics WBF DDK 5011 (Advanced) (HKLM\...\{87E2D28A-EEE2-4C3C-B0C1-CDA986B3C42E}) (Version: 4.5.503.0 - Synaptics) System Center Endpoint Protection (HKLM\...\Microsoft Security Client) (Version: 4.7.214.0 - Microsoft Corporation) tax 2015 Professional (HKLM-x32\...\{4CF96070-DEE5-43B5-B6A7-23AC07BC0C77}) (Version: 22.00.8811 - Buhl Data Service GmbH) tax 2016 Professional (HKLM-x32\...\{30E85B0C-57D8-4ECE-814B-264550A92FAB}) (Version: 23.00.1146 - Buhl Data Service GmbH) TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.63017 - TeamViewer) ThinkPad OneLink Dock (HKLM-x32\...\{8E1CACF5-2493-4950-9AD5-189903FE57E7}) (Version: 1.08.36 - Lenovo) ThinkPad Settings Dependency (Version: 3.0.1.29 - Lenovo) Hidden Thinkpad USB 3.0 Ethernet Adapter Driver (HKLM-x32\...\{D8102684-7BA1-4948-88B9-535F84E6E588}) (Version: 8.8.911.2013 - Lenovo) ThinkVantage Password Manager (HKLM-x32\...\{70EE2BAA-F82A-4B8A-950E-649EFD64D5B9}) (Version: 4.70.2.0 - Lenovo Group Limited) TimeTracking Outlook AddIn (HKLM-x32\...\{092C9DD6-6641-4DEC-B607-E0C5C8901A24}) (Version: 4.2.0 - proMX GmbH) Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH) Windows Firewall Configuration Provider (HKLM\...\{109A5A16-E09E-4B82-A784-D1780F1190D6}) (Version: 1.2.3412.0 - Microsoft Corporation) Windows-Treiberpaket - Cambridge Silicon Radio (CSRBC) USB (10/26/2012 2.4.0.0) (HKLM\...\20C7EDA3129B3FF8F72F9BF59252B718B554FBDC) (Version: 10/26/2012 2.4.0.0 - Cambridge Silicon Radio) Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows-Treiberpaket - Intel (e1dexpress) Net (03/13/2014 12.11.77.1) (HKLM\...\8B9947A3FCC81D9507E333A63C6CC56E091BA6DB) (Version: 03/13/2014 12.11.77.1 - Intel) Windows-Treiberpaket - Intel Corporation (iaStorA) HDC (11/15/2013 12.8.10.1005) (HKLM\...\D25E6F494D3225DFE05884186452E2C79AF2E506) (Version: 11/15/2013 12.8.10.1005 - Intel Corporation) Windows-Treiberpaket - Lenovo 1.67.04.05 (12/17/2013 1.67.04.05) (HKLM\...\68ECF461D6E85BB67AFC110D2FEBF1955C9F26B5) (Version: 12/17/2013 1.67.04.05 - Lenovo) Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) Windows-Treiberpaket - Synaptics (SmbDrv) System (04/07/2014 18.0.7.40) (HKLM\...\FB2627FE59EA6DAD058B4A4C82647DC162F8723D) (Version: 04/07/2014 18.0.7.40 - Synaptics) Windows-Treiberpaket - Synaptics (SynTP) Mouse (04/07/2014 18.0.7.40) (HKLM\...\5879A8A324E612CD4CB110632BF1186381FA46F0) (Version: 04/07/2014 18.0.7.40 - Synaptics) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-1278887282-1552680147-1237208637-1224_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\martinha\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_2\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1278887282-1552680147-1237208637-1224_Classes\CLSID\{9E90BC4A-C30F-4BB1-AE57-757E5089FFE2}\InprocServer32 -> C:\Users\martinha\AppData\Local\TimeTrackingOutlookAddIn20\adxloader64.dll () ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {083BCDAD-F56A-4C27-BE44-774922CCD363} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated) Task: {0BE19FBC-CA7F-4E92-BB05-C5FB6A148AEF} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_TVSUUpdateTask => reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32 Task: {12C523F8-40DC-4032-A176-15EEBCBCB005} - \WPD\SqmUpload_S-1-5-21-1278887282-1552680147-1237208637-1224 -> Keine Datei <==== ACHTUNG Task: {140BC594-94C0-44FF-9361-DD926C3D1663} - \WPD\SqmUpload_S-1-5-21-3971317600-4276828187-4244599763-1001 -> Keine Datei <==== ACHTUNG Task: {15E0C3AA-2D89-42F6-ACD0-437661FA0E3D} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-04-01] (Oracle Corporation) Task: {24E826E0-421F-46F3-9079-3B6AF34B1266} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-08-13] (Realtek Semiconductor) Task: {2A14A12F-2298-4FB4-9578-B1B780364B54} - \Microsoft\Windows\RemoteApp and Desktop Connections Update\martinha@IT-CONSULT.NET\Report update status -> Keine Datei <==== ACHTUNG Task: {2A8541BC-F922-4E2C-B70F-55DED8A51555} - \WPD\SqmUpload_S-1-5-21-1278887282-1552680147-1237208637-1332 -> Keine Datei <==== ACHTUNG Task: {2F6A7B13-A044-42CD-9875-CEECB3D2A2DE} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-08-18] (HP Inc.) Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe Task: {4793A9E9-69AF-454E-83AE-86B63EA9556B} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-12] (Adobe Systems Incorporated) Task: {47C8B51B-7854-42DF-9BAA-E98FFDA1DF5B} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Maintenance Task: {49312AC5-D52B-4B18-8DED-5C3155204076} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-10-12] (Microsoft Corporation) Task: {4A174699-4C93-4E5F-B2C1-865C43C808AE} - System32\Tasks\Lenovo\Lenovo Settings Power => Rundll32.exe "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.dll",PwrMgrBkGndMonitor Task: {4AEAD71D-051E-457E-A6D2-CF61297EB5DF} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe Task: {4CC90EA5-155F-4747-97A0-10D0358DC769} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-08] (Microsoft Corporation) Task: {507F2F84-124F-402E-8AD7-BA299752F2B3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-10-09] (Microsoft Corporation) Task: {5085AB57-C81A-4C1B-ABDD-12717E4A2C0C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation) Task: {5D6C7DFE-6F2A-4CC1-8490-ED9E41186CCC} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Health Evaluation => C:\WINDOWS\CCM\ccmeval.exe [2016-06-20] (Microsoft Corporation) Task: {63E32C29-8092-4EB3-854A-7D9A5C31EA8F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.) Task: {69E8B51E-A33C-4C3E-B581-78F198FD91CB} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Idle Detection Task: {6A9E64BA-B5B6-4A1E-9ACE-003867676ACC} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG Task: {6B215071-BCB2-4440-86B6-E4562B4F8EBF} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.UpdateStatusService.exe [2016-08-24] () Task: {6FD832FD-6202-4B36-8BC3-8A868CA46227} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-08] (Microsoft Corporation) Task: {74ED73D0-505C-45F3-8048-34765681F225} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-08-24] (Lenovo) Task: {7CF2F00F-4AA7-4964-A72E-324597B6C93B} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated) Task: {7DB45B4A-2762-4441-BE74-2374B62F3FE5} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => Sc.exe START ImControllerService Task: {81491D64-24FF-4A4F-B249-9ABD29CF3C50} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-08-13] (Realtek Semiconductor) Task: {87D1761F-53E0-407A-8228-57BE9D17118F} - System32\Tasks\Kopiere Fahrtenbuch => Task: {880A47A6-108D-46A1-9A7E-242A7A11592B} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Passport for Work Certificate Enrollment Task => C:\WINDOWS\System32\Wbem\wmic.exe [2016-07-16] (Microsoft Corporation) <==== ACHTUNG Task: {8D360885-0724-4AF3-9619-66A1B9EDEB6C} - System32\Tasks\LenovoQuickDisplay => C:\Program Files (x86)\Lenovo\QuickConnect NFC Utility\qdtap.exe [2014-03-05] (Lenovo) Task: {8F4592C4-5D3D-4D3D-99E3-B39929FD11EC} - System32\Tasks\HPCustParticipation HP Deskjet 1000 J110 series => C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.) Task: {8FD1E83C-3575-4685-8821-861B6A0C747F} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-08-31] () Task: {91294BE9-6728-4689-9382-A91C623B279C} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2016-01-13] () Task: {948A9ECC-4088-4B37-916F-B87B3EE34036} - \WPD\SqmUpload_S-1-5-21-1278887282-1552680147-1237208637-1125 -> Keine Datei <==== ACHTUNG Task: {979E16DA-189E-480C-979E-B9B0809A6605} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.) Task: {9A1DD3BC-78AF-43E0-A442-F5FC96235BB2} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2016-04-20] (Lenovo) Task: {9F4289BE-5AC6-4042-9535-BF635D635D68} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202} Task: {A046DC57-4CDD-479F-9334-E61CDBEBAA77} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\WINDOWS\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)" Task: {A8CA310C-B9DE-4E33-A8F7-9F16A4BCC859} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG Task: {AAF2731B-22E4-4C00-80F1-A2C6CDA5F5F7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG Task: {AC7B9DFB-1931-468E-B0C9-C66643A99756} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard) Task: {AF59060C-40DF-4877-845D-44058A3B2D05} - \WPD\SqmUpload_S-1-5-21-3971317600-4276828187-4244599763-1006 -> Keine Datei <==== ACHTUNG Task: {B5EEA664-5383-4FE8-BC6E-E85B66D14C1C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-10-09] (Microsoft Corporation) Task: {BF9954B5-6B28-48DD-9E72-2CC684417BD3} - \Microsoft\Windows\Setup\gwx\runappraiser -> Keine Datei <==== ACHTUNG Task: {BFEA1D7E-B9F1-42F0-9F1F-AC0C0621B247} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.) Task: {C4DA72FD-C613-409E-82B3-AD9FD59475FA} - \WPD\SqmUpload_S-1-5-21-1278887282-1552680147-1237208637-18922 -> Keine Datei <==== ACHTUNG Task: {C75162A0-587E-49E2-AF7D-46F441F31D4D} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\martinha\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-28] (Microsoft Corporation) Task: {C795E956-ADB5-4D68-B762-3956C4DB9660} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA} Task: {C843E6DE-61F7-48B7-BCED-263F48D4A1C4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.) Task: {CB32CD67-D8C1-4DED-AE7D-6EC45A4506C7} - System32\Tasks\RtHDVBg_LENOVO_MICPKEY => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-08-13] (Realtek Semiconductor) Task: {D8CEED34-D22B-4D0B-97ED-6D0C384CAE8D} - System32\Tasks\Lenovo\Gesture Control => C:\Program Files (x86)\eyeSight\Gesture Control\GestureControl.exe [2014-07-31] (Lenovo) Task: {DFC6C251-21C1-401B-8E47-83D90F885003} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-08-24] (Lenovo) Task: {DFECBAE1-230A-4128-8E41-56CAA7D4D64C} - \Microsoft\Windows\RemoteApp and Desktop Connections Update\martinha@IT-CONSULT.NET\Update connections -> Keine Datei <==== ACHTUNG Task: {F05788F6-6910-4EA0-91E3-BBD9E4DA6CE5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-10-12] (HP Inc.) Task: {F3BE8384-6CA4-44FE-8317-AD089A72909E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.) Task: {F5CD90D4-9CB1-429A-B76A-9E46515C7462} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe Task: {F72D0D12-F5F5-4261-9535-F5BBD795E302} - System32\Tasks\HPCeeScheduleFormartinha => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard) Task: {F74E8997-9768-42BC-A19B-9013844CFA96} - System32\Tasks\Lexware Info Service Assistent => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [2015-09-29] (Haufe-Lexware GmbH & Co. KG) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\HPCeeScheduleFormartinha.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements (1).job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ShortcutWithArgument: C:\Users\martinha\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP% ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF% ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF% ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2016-07-16 13:42 - 2016-07-16 13:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-10-13 08:05 - 2016-09-15 19:25 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2016-09-01 18:12 - 2016-09-01 18:12 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2015-07-02 22:32 - 2015-07-02 22:32 - 00023040 _____ () C:\Program Files (x86)\Sierra Wireless Inc\LENOVO MBIM Toolkit\firmwareupdaterservice.exe 2016-10-01 12:23 - 2016-10-01 12:05 - 00400896 _____ () C:\ProgramData\focel\focel.exe 2015-07-02 22:32 - 2015-07-02 22:32 - 00564224 _____ () C:\Program Files (x86)\Sierra Wireless Inc\LENOVO MBIM Toolkit\FirmwareApp.exe 2016-09-20 19:26 - 2016-08-23 08:02 - 00213320 _____ () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL 2016-10-13 08:05 - 2016-09-15 19:25 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll 2016-10-01 12:33 - 2016-10-01 12:33 - 01864384 _____ () C:\Users\martinha\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_2\amd64\ClientTelemetry.dll 2016-07-16 13:42 - 2016-07-16 13:42 - 00130048 _____ () C:\WINDOWS\SYSTEM32\CHARTV.dll 2016-10-01 13:20 - 2016-09-07 06:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2016-10-13 08:06 - 2016-10-05 11:35 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2016-10-13 08:06 - 2016-10-05 11:21 - 09760256 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-10-13 08:06 - 2016-10-05 11:13 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-10-13 08:06 - 2016-10-05 11:13 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2016-10-13 08:06 - 2016-10-05 11:13 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2016-10-13 08:06 - 2016-10-05 11:13 - 02424832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-10-13 08:06 - 2016-10-05 11:14 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2014-11-07 15:23 - 2014-07-03 12:04 - 00915968 _____ () C:\Program Files (x86)\Lenovo\OneLink Dock\onelinkpromgn.exe 2015-03-23 13:02 - 2015-03-23 13:02 - 00480992 _____ () C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpn-gui.exe 2016-10-20 07:45 - 2016-10-20 07:46 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.197.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2016-10-20 07:45 - 2016-10-20 07:46 - 00178176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.197.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2016-10-20 07:45 - 2016-10-20 07:46 - 35253760 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.197.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2016-08-28 11:19 - 2016-08-28 11:20 - 00017408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe 2016-08-28 11:19 - 2016-08-28 11:20 - 13475840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll 2016-08-28 11:19 - 2016-08-28 11:20 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll 2016-08-28 11:19 - 2016-08-28 11:20 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll 2014-02-19 05:56 - 2014-02-19 05:56 - 00284552 _____ () C:\Program Files (x86)\Common Files\Acronis\BackupAndRecovery\Common\fnls.dll 2014-02-19 05:56 - 2014-02-19 05:56 - 00327312 _____ () C:\Program Files (x86)\Common Files\Acronis\BackupAndRecovery\Common\events_trace.dll 2014-02-19 05:57 - 2014-02-19 05:57 - 00441760 _____ () C:\Program Files (x86)\Common Files\Acronis\BackupAndRecovery\Common\FileTrace.dll 2016-08-31 10:02 - 2016-08-31 10:02 - 00073216 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\FixBootSector.dll 2014-02-19 06:00 - 2014-02-19 06:00 - 00933568 _____ () C:\Program Files (x86)\Acronis\BackupAndRecovery\human_resolving_mms.dll 2014-02-19 05:58 - 2014-02-19 05:58 - 01931408 _____ () C:\Program Files (x86)\Acronis\BackupAndRecovery\msp_agent.dll 2016-06-18 15:40 - 2016-06-18 15:45 - 01754296 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\tmpod.dll 2016-06-18 15:41 - 2016-10-08 13:05 - 00039616 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\lynchtmlconvpxy.dll 2016-10-01 12:33 - 2016-10-01 12:33 - 01383616 _____ () C:\Users\martinha\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_2\ClientTelemetry.dll 2016-10-01 12:33 - 2016-10-01 12:33 - 00118976 _____ () C:\Users\martinha\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_2\FileSyncViews.dll 2015-07-06 21:36 - 2015-07-06 21:36 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2016-06-19 00:55 - 2016-10-20 08:08 - 03593408 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\gfx.dll 2016-06-18 15:40 - 2016-06-18 15:45 - 01754296 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\tmpod.dll 2016-06-18 15:40 - 2016-10-08 07:45 - 01010376 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\ADDINS\UmOutlookAddin.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) ==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) ==================== Hosts Inhalt: ========================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2013-08-22 15:25 - 2016-02-18 14:01 - 00034972 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost 13.69.186.195 global.bing.com 13.69.186.195 www.bing.com 13.69.186.195 cn.bing.com 13.69.186.195 bing.com 13.69.186.195 0search.internetquickaccess.com 13.69.186.195 1and1.com 13.69.186.195 22find.com 13.69.186.195 24img.com 13.69.186.195 7mcn.tvnewtabsearch.com 13.69.186.195 abcsearch.ru 13.69.186.195 airzip.inspsearch.com 13.69.186.195 alexnova.com 13.69.186.195 alles-im-inter.net 13.69.186.195 allinsearch.com 13.69.186.195 allsearch.ca 13.69.186.195 allsearch.space 13.69.186.195 alternativesearch.ru 13.69.186.195 amaizingsearches.info 13.69.186.195 amazon.smart-search.com 13.69.186.195 appiance.com 13.69.186.195 apps.searchalgo.com 13.69.186.195 asiasearch.co 13.69.186.195 ask.com 13.69.186.195 atajitos.com 13.69.186.195 autosearch.centurylink.com 13.69.186.195 autosearch.zoominternet.net 13.69.186.195 avg.com 13.69.186.195 avg.nation.com 13.69.186.195 awesomehp.com Da befinden sich 836 zusätzliche Einträge. ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-1278887282-1552680147-1237208637-1224\Control Panel\Desktop\\Wallpaper -> C:\Users\martinha\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper HKU\S-1-5-21-1278887282-1552680147-1237208637-500\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Lenovo\RedBurst.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == MSCONFIG\Services: SpyHunter 4 Service => 2 HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run: => "PasswordManager" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "LexwareInfoService" HKLM\...\StartupApproved\Run32: => "HP Software Update" HKLM\...\StartupApproved\Run32: => "Adobe ARM" HKLM\...\StartupApproved\Run32: => "Fitbit Connect" HKLM\...\StartupApproved\Run32: => "QuickTime Task" HKLM\...\StartupApproved\Run32: => "PLTUpdater.exe" HKLM\...\StartupApproved\Run32: => "Dropbox" HKU\S-1-5-21-1278887282-1552680147-1237208637-1224\...\StartupApproved\StartupFolder: => "Dropbox.lnk" HKU\S-1-5-21-1278887282-1552680147-1237208637-1224\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-1278887282-1552680147-1237208637-1224\...\StartupApproved\Run: => "Dropbox Update" HKU\S-1-5-21-1278887282-1552680147-1237208637-1224\...\StartupApproved\Run: => "Fitbit Connect" HKU\S-1-5-21-1278887282-1552680147-1237208637-1224\...\StartupApproved\Run: => "iCloudServices" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [UDP Query User{63D811CC-0593-4CBF-89D1-5FEA021016F1}C:\program files (x86)\microsoft office\root\office16\lync.exe] => (Allow) C:\program files (x86)\microsoft office\root\office16\lync.exe FirewallRules: [TCP Query User{13D127D9-DE3D-4FFC-B03A-C79C92F44061}C:\program files (x86)\microsoft office\root\office16\lync.exe] => (Allow) C:\program files (x86)\microsoft office\root\office16\lync.exe FirewallRules: [{069F42CC-6F6A-4D5C-80DE-6A44C6890967}] => (Allow) C:\Program Files (x86)\SQL Anywhere 16\Bin32\dbsrv16.exe FirewallRules: [{89CCE8F7-9A4D-45A2-8E92-673E947B96A8}] => (Allow) C:\Program Files (x86)\SQL Anywhere 16\Bin32\dbsrv16.exe FirewallRules: [{383F4C8B-A214-4794-8E03-4F402C83ABD3}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe FirewallRules: [{E64CFCDC-82F8-4E86-B76E-7682120BF6F0}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe FirewallRules: [{B52B744A-A7F9-4584-887D-D80154673931}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe FirewallRules: [{C85478E4-DB5E-433F-B3BF-A640C49CAE4E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe FirewallRules: [{44743B7F-B6F3-4DBF-912D-099029708B2E}] => (Allow) C:\Users\martinha\AppData\Local\Temp\7zS41F3\HPDiagnosticCoreUI.exe FirewallRules: [{0EF2C4D0-0B07-4A0F-A843-990D1EDBA334}] => (Allow) C:\Users\martinha\AppData\Local\Temp\7zS41F3\HPDiagnosticCoreUI.exe FirewallRules: [{3BCC16BE-A280-4734-8C7E-151C801C5498}] => (Allow) C:\Users\martinha\AppData\Local\Temp\7zS2E31\HPDiagnosticCoreUI.exe FirewallRules: [{95C7F43C-A6C0-4E59-B1D7-AD3B7A900486}] => (Allow) C:\Users\martinha\AppData\Local\Temp\7zS2E31\HPDiagnosticCoreUI.exe FirewallRules: [{68D89644-8CE7-4A66-BFB6-1A5630050DCD}] => (Allow) C:\Users\martinha\AppData\Local\Temp\7zS1CB2\HPDiagnosticCoreUI.exe FirewallRules: [{8EB3B9CF-8884-4114-8317-AA6785354AAC}] => (Allow) C:\Users\martinha\AppData\Local\Temp\7zS1CB2\HPDiagnosticCoreUI.exe FirewallRules: [{EE807A6E-7F12-46C2-8A53-0CCE2BE169CC}] => (Allow) C:\Program Files (x86)\Lexware\services\Haufe.FabricHostService.exe FirewallRules: [{5D66E0F6-95D0-4576-9DA0-F1E7E66D417C}] => (Allow) C:\Program Files (x86)\Lexware\services\Haufe.FabricHostService.exe FirewallRules: [{B7023848-71CE-4F9C-B5FB-C7134D5D72D4}] => (Allow) C:\Program Files (x86)\SQL Anywhere 12\Bin32\dbsrv12.exe FirewallRules: [{9D37163E-B31D-4720-B2AA-636A3C253E47}] => (Allow) C:\Program Files (x86)\SQL Anywhere 12\Bin32\dbsrv12.exe FirewallRules: [{C74E0952-59C8-4FE2-B01E-536FEE5C6D91}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{CC074C17-6376-4518-ACCB-1147F94AA1B5}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{8FF4582A-66B5-4FC6-BCE2-D45DC950286E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{B21127DD-90B9-4BAF-B8FB-C1B5847D50E6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{03A3FF36-2D7E-486D-B043-0D433F0F971B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{2F971BFF-9A17-4FB4-9DCA-75C415DFA3BA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{D9EE5824-8AF9-4510-BFAC-423F7E431C77}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{E4F95422-6789-4244-9212-1591906F9832}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{C104E45D-5715-4787-874D-6BA2E1D90235}] => (Allow) C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\USBSetup.exe FirewallRules: [UDP Query User{1A6BFFC7-9D09-469C-963C-40F17EA815EF}C:\users\martinha\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\martinha\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [TCP Query User{2055DDB2-7E76-446E-9AC5-AE0082833902}C:\users\martinha\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\martinha\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{9197BA06-4DD0-472F-B495-0CB81058E4B0}C:\program files\microsoft office\office15\lync.exe] => (Allow) C:\program files\microsoft office\office15\lync.exe FirewallRules: [TCP Query User{297F51E6-A343-4C1B-B55B-93A7AA444460}C:\program files\microsoft office\office15\lync.exe] => (Allow) C:\program files\microsoft office\office15\lync.exe FirewallRules: [{0274A9C0-94FF-4533-9040-83B3A5BFE5E2}] => (Allow) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe FirewallRules: [{BBF56B60-8922-4DE1-BCE1-AC1310C43454}] => (Allow) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe FirewallRules: [{5AF66E65-A16D-41DE-8227-9CAAE2E85A57}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{E971ADB0-484F-4B6F-9D93-1AA21F21204C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{27208934-0015-4403-8AF3-C1DC3E4F1D3C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{1E1D42AE-23EC-44AD-B983-5D80C0398F45}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{C209A5F7-CF49-4842-A679-4F04E956B719}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{AEF56502-915F-40D8-8C06-8F1E7B742929}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{E3780AE3-CD78-41EE-A7F9-97F47DEB08C1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{2F1B4DF4-922F-48F8-A78C-AE06F22CEA79}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{6A1C1605-5278-402F-916F-6F9BD7A57E0A}] => (Allow) C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe FirewallRules: [{7B130657-70AC-435C-B898-9C246086C901}] => (Allow) C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe FirewallRules: [{A3CAF720-D9BD-4BF7-AAF6-C075F072126E}] => (Allow) C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe FirewallRules: [{1FD41DE8-3A9A-4E1B-B6F6-D3AFB4DC376F}] => (Allow) C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe FirewallRules: [{2E91EC70-1915-422F-BE79-FF1EE7858605}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe FirewallRules: [{BA2850C7-0F4F-4E1D-9F9D-ED45054766FB}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe FirewallRules: [{75EF22F2-5904-4BDE-88F0-9C3F1E52BA90}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe FirewallRules: [{5ECCF999-7175-48D9-A642-058C342547F2}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe FirewallRules: [{56D59956-ED0E-4AA3-B9D4-D398A152FDD9}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{F4CE020A-4C80-4267-9D20-59F1D8FA21E8}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{12FA5668-6F5F-4280-928C-AF3BEEC13C14}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{A119A95C-0A6B-4997-8CFC-B7262C731E08}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{A2341B34-E953-4251-970E-4A27AEA04975}] => (Allow) C:\WINDOWS\CCM\RemCtrl\CmRcService.exe FirewallRules: [{55082E6C-6DB3-41D5-B25A-2F834781F6C5}] => (Allow) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe FirewallRules: [{48675F8F-7B7C-46CB-AB14-F55A5A7507E3}] => (Allow) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe FirewallRules: [{7927BF85-C501-4A2C-BBF9-B3A15BF89963}] => (Allow) C:\Users\martinha\AppData\Local\Temp\7zS6690\HPDiagnosticCoreUI.exe FirewallRules: [{9702A9ED-1D10-4968-B01D-783F8D0E1401}] => (Allow) C:\Users\martinha\AppData\Local\Temp\7zS6690\HPDiagnosticCoreUI.exe FirewallRules: [{1645A085-FA44-420A-A4D9-660EC9D985F7}] => (Allow) C:\Users\martinha\AppData\Local\Temp\7zS66D4\HPDiagnosticCoreUI.exe FirewallRules: [{69D5DCE6-FE06-422B-A262-A7BCE13D2A7D}] => (Allow) C:\Users\martinha\AppData\Local\Temp\7zS66D4\HPDiagnosticCoreUI.exe FirewallRules: [{AFC4BFB6-1312-4714-9607-6A53D3869F84}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe FirewallRules: [{85D062F0-8AA8-43AC-B9DC-F4968133064E}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe FirewallRules: [{55C3F113-9419-4BB8-8AE9-B0258BE47BF5}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe FirewallRules: [{7A447C3C-D155-42A8-BB86-F7556065496E}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe FirewallRules: [{90252D5F-5F98-4DB5-8C13-860FD906108A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{BCDB17DF-9D6A-4C45-9E42-2062A58A7DA2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{066735DA-2110-4D25-9F97-784AF1ECBA4D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{7DB6FFAE-0564-4493-A346-D8134EE3D2FF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [TCP Query User{78124E29-0D0C-4A4E-99CA-734C1CD3F304}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{FF25888E-7318-43BD-8500-E32E4A62A575}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{034A56CD-AEAE-40DD-A252-C379CD467B30}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{0BE02A14-3F9F-4A95-8CEA-40422C20FBF2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{338FAA0A-518B-49AD-B6C4-9B2A257D6B73}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [TCP Query User{21AC9A90-10B4-400E-9EFF-29DE7E3A859D}C:\program files (x86)\microsoft office\root\office16\lync.exe] => (Allow) C:\program files (x86)\microsoft office\root\office16\lync.exe FirewallRules: [UDP Query User{779F8FBD-A572-4C19-AFC1-D927FA51E341}C:\program files (x86)\microsoft office\root\office16\lync.exe] => (Allow) C:\program files (x86)\microsoft office\root\office16\lync.exe FirewallRules: [{93604640-FA6E-4D1B-B2BE-C9E2B05B5D06}] => (Allow) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe FirewallRules: [{49B6C320-E182-46AA-8E53-4B16B73ACD93}] => (Allow) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe FirewallRules: [{444FFE63-99F4-4C72-90E4-130C0B8BB2F4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{CB62E4FF-3905-4B5A-B1C5-F4B97B0AC04C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{9444189D-3B14-40FE-BFB5-729E063D828A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{070439DA-7497-43FB-8B0B-00379EADD4BB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{28890C94-FDED-4582-A086-F21ED9A4838E}] => (Allow) C:\WINDOWS\CCM\RemCtrl\CmRcService.exe FirewallRules: [{9C122C60-6068-4E32-BB11-754182095B11}] => (Allow) C:\Program Files\iTunes\iTunes.exe ==================== Wiederherstellungspunkte ========================= 12-10-2016 00:12:47 Windows Update 13-10-2016 14:54:15 Installed iTunes 19-10-2016 12:03:37 Windows Update 21-10-2016 21:16:12 Installed Gigaset QuickSync. 22-10-2016 22:02:31 Removed Gigaset QuickSync. ==================== Fehlerhafte Geräte im Gerätemanager ============= ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (10/25/2016 03:54:48 PM) (Source: Windows Search Service) (EventID: 3083) (User: ) Description: Fehler beim Laden des Protokollhandlers Mapi16. Fehlerbeschreibung: (HRESULT : 0x80004005). Error: (10/25/2016 03:50:21 PM) (Source: Windows Search Service) (EventID: 3083) (User: ) Description: Fehler beim Laden des Protokollhandlers Mapi16. Fehlerbeschreibung: (HRESULT : 0x80004005). Error: (10/25/2016 03:27:39 PM) (Source: Windows Search Service) (EventID: 3083) (User: ) Description: Fehler beim Laden des Protokollhandlers Mapi16. Fehlerbeschreibung: (HRESULT : 0x80004005). Error: (10/25/2016 03:22:45 PM) (Source: Windows Search Service) (EventID: 3083) (User: ) Description: Fehler beim Laden des Protokollhandlers Mapi16. Fehlerbeschreibung: (HRESULT : 0x80004005). Error: (10/25/2016 02:44:27 PM) (Source: Windows Search Service) (EventID: 3083) (User: ) Description: Fehler beim Laden des Protokollhandlers Mapi16. Fehlerbeschreibung: (HRESULT : 0x80004005). Error: (10/25/2016 02:39:16 PM) (Source: Windows Search Service) (EventID: 3083) (User: ) Description: Fehler beim Laden des Protokollhandlers Mapi16. Fehlerbeschreibung: (HRESULT : 0x80004005). Error: (10/25/2016 02:35:16 PM) (Source: Windows Search Service) (EventID: 3083) (User: ) Description: Fehler beim Laden des Protokollhandlers Mapi16. Fehlerbeschreibung: (HRESULT : 0x80004005). Error: (10/25/2016 02:21:41 PM) (Source: Windows Search Service) (EventID: 3083) (User: ) Description: Fehler beim Laden des Protokollhandlers Mapi16. Fehlerbeschreibung: (HRESULT : 0x80004005). Error: (10/25/2016 02:19:16 PM) (Source: Windows Search Service) (EventID: 3083) (User: ) Description: Fehler beim Laden des Protokollhandlers Mapi16. Fehlerbeschreibung: (HRESULT : 0x80004005). Error: (10/25/2016 02:06:22 PM) (Source: Windows Search Service) (EventID: 3083) (User: ) Description: Fehler beim Laden des Protokollhandlers Mapi16. Fehlerbeschreibung: (HRESULT : 0x80004005). Systemfehler: ============= Error: (10/25/2016 01:39:13 PM) (Source: DCOM) (EventID: 10010) (User: IT-CONSULT) Description: Der Server "{889821A7-F3E9-4CB7-B2A0-08979395125B}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (10/25/2016 01:37:43 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1096) (User: NT-AUTORITÄT) Description: Fehler bei der Verarbeitung der Gruppenrichtlinie. Es wurde versucht, registrierungsbasierte Richtlinieneinstellungen für das Gruppenrichtlinienobjekt "LDAP://CN=Machine,cn={96303C8C-9F18-408F-A372-710471F7C067},cn=policies,cn=system,DC=IT-CONSULT,DC=NET" zu lesen. Die Gruppenrichtlinieneinstellungen dürfen nicht erzwungen werden, bis dieses Ereignis behoben ist. Weitere Informationen über den Dateinamen und -pfad, der den Fehler verursacht hat, können den Ereignisdetails entnommen werden. Error: (10/25/2016 01:35:22 PM) (Source: DCOM) (EventID: 10010) (User: IT-CONSULT) Description: Der Server "{889821A7-F3E9-4CB7-B2A0-08979395125B}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (10/25/2016 01:22:46 PM) (Source: DCOM) (EventID: 10010) (User: IT-CONSULT) Description: Der Server "{889821A7-F3E9-4CB7-B2A0-08979395125B}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (10/25/2016 12:47:09 PM) (Source: DCOM) (EventID: 10016) (User: IT-CONSULT) Description: Durch die Berechtigungseinstellungen für "Computerstandard" wird dem Benutzer "IT-CONSULT\martinha" (SID: S-1-5-21-1278887282-1552680147-1237208637-1224) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} und der APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} im Anwendungscontainer "Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. Error: (10/25/2016 12:47:08 PM) (Source: DCOM) (EventID: 10016) (User: IT-CONSULT) Description: Durch die Berechtigungseinstellungen für "Computerstandard" wird dem Benutzer "IT-CONSULT\martinha" (SID: S-1-5-21-1278887282-1552680147-1237208637-1224) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} und der APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} im Anwendungscontainer "Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. Error: (10/25/2016 12:47:08 PM) (Source: DCOM) (EventID: 10016) (User: IT-CONSULT) Description: Durch die Berechtigungseinstellungen für "Computerstandard" wird dem Benutzer "IT-CONSULT\martinha" (SID: S-1-5-21-1278887282-1552680147-1237208637-1224) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} und der APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} im Anwendungscontainer "Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. Error: (10/25/2016 12:47:08 PM) (Source: DCOM) (EventID: 10016) (User: IT-CONSULT) Description: Durch die Berechtigungseinstellungen für "Computerstandard" wird dem Benutzer "IT-CONSULT\martinha" (SID: S-1-5-21-1278887282-1552680147-1237208637-1224) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} und der APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} im Anwendungscontainer "Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. Error: (10/25/2016 12:47:07 PM) (Source: DCOM) (EventID: 10016) (User: IT-CONSULT) Description: Durch die Berechtigungseinstellungen für "Computerstandard" wird dem Benutzer "IT-CONSULT\martinha" (SID: S-1-5-21-1278887282-1552680147-1237208637-1224) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} und der APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} im Anwendungscontainer "Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. Error: (10/25/2016 12:47:07 PM) (Source: DCOM) (EventID: 10016) (User: IT-CONSULT) Description: Durch die Berechtigungseinstellungen für "Computerstandard" wird dem Benutzer "IT-CONSULT\martinha" (SID: S-1-5-21-1278887282-1552680147-1237208637-1224) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} und der APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} im Anwendungscontainer "Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. CodeIntegrity: =================================== Date: 2016-10-25 12:59:57.820 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-10-25 12:59:57.804 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-10-25 12:59:57.767 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-10-25 12:57:54.967 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-10-25 12:57:54.943 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-10-25 12:41:33.164 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-10-25 12:41:33.159 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-10-25 12:41:33.153 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-10-25 12:41:31.072 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-10-25 12:41:31.047 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM) i7-4550U CPU @ 1.50GHz Prozentuale Nutzung des RAM: 44% Installierter physikalischer RAM: 8092.86 MB Verfügbarer physikalischer RAM: 4501.34 MB Summe virtueller Speicher: 9372.86 MB Verfügbarer virtueller Speicher: 5066.29 MB ==================== Laufwerke ================================ Drive c: (Windows8_OS) (Fixed) (Total:454.23 GB) (Free:288.78 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)] Drive z: (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.2 GB) FAT32 ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (Size: 476.9 GB) (Disk ID: 91ACF725) Partition: GPT. ==================== Ende von Addition.txt ============================ |
25.10.2016, 15:30 | #7 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Downloadtrojaner Zonquadttax.exeZitat:
So eine Edition haben legal nur Großkunden Außerdem seh ich da einiges anderes an Bürosoftware. Das TB ist für privaten Support da. Nicht dafür, dass Großbuden ihre IT-Abteilung einsparen und sich bei PC-Problemen dann hier melden.
__________________ Logfiles bitte immer in CODE-Tags posten |
25.10.2016, 15:52 | #8 |
| Downloadtrojaner Zonquadttax.exe Warum denn so giftig "...dass Großbuden ihre IT-Abteilung einsparen und sich bei PC-Problemen dann...." Es gibt eine einfache Erklärung: Ich bin seit 5 Jahren Rentner und mache für eine kleine 5 Mann Firma auf Minijob-Basis Buchhaltung mit meinem privaten PC. Von dieser Firma stammt auch die Software, die sind Microsoft Provider... ...aber nichts für ungut, es muß ja niemand helfen der es nicht will... |
26.10.2016, 08:30 | #9 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Downloadtrojaner Zonquadttax.exe Das hat nix mit giftig zu tun, sondern ist ne klare Ansage. Wie gesagt, Enterprise Editionen sind extrem teuer. Ich glaube das so nicht, dass eine kleine 5 Mann Firma solche teuren Editionen kauft. Für so eine kleine Firma lohnt sich ja nichtmal wirklich ein lokales Active Directory. Was bitte soll ein "Microsoft Provider" sein?
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Downloadtrojaner Zonquadttax.exe |
compu, danke, download, downloadtrojaner, firefox, gefunde, helft, malware / adware / spyware etc, malwarebytes, problem, ständige, suchlauf, veränderung |