Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Downloadtrojaner Zonquadttax.exe

Downloadtrojaner Zonquadttax.exe


Plagegeister aller Art und deren Bekämpfung: Downloadtrojaner Zonquadttax.exe

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 25.10.2016, 13:32   #1
martinha
 
Downloadtrojaner Zonquadttax.exe - Ausrufezeichen

Downloadtrojaner Zonquadttax.exe


Bei einem Suchlauf hat Malwarebytes u.a. Downloadtrojaner auf C:\ProgrammData\focel\Zonquadttax.exe gefunden. Daneben habe ich das Problem einer ständigen Veränderung meiner Firefox Startseite. Bitte helft einem 68-jährigen Computer-Halbwissendem. DANKE !!!

Alt 25.10.2016, 14:32   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Downloadtrojaner Zonquadttax.exe - Standard

Downloadtrojaner Zonquadttax.exe


Hi und

Logs bitte nicht anhängen, notfalls splitten und über mehrere Postings verteilt posten

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________
Alt 25.10.2016, 14:49   #3
martinha
 
Downloadtrojaner Zonquadttax.exe - Standard

Downloadtrojaner Zonquadttax.exe


Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 25.10.2016
Suchlaufzeit: 12:48
Protokolldatei: Trojanerboard.txt
Administrator: Ja

Version: 2.2.1.1043
Malware-Datenbank: v2016.10.22.04
Rootkit-Datenbank: v2016.09.26.02
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 10
CPU: x64
Dateisystem: NTFS
Benutzer: martinha

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 624702
Abgelaufene Zeit: 1 Std., 9 Min., 6 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 1
PUP.Optional.Linkury, HKU\S-1-5-21-1278887282-1552680147-1237208637-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{IELNKSRCH}, , [8fad8e0e7228d165b54b658f53b036ca], 

Registrierungswerte: 5
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TybwwkXJufI3P6ZKzWpROPfCFak80-Y8c2FMM732mk628SkHqNJy4Fg008TF7Cd3K_bdxLQbZcb1xXrNmwR61m0WxicPkY,&q={searchTerms}, , [c17b2d6fc8d2da5cc3939e2e03ff9d63]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1278887282-1552680147-1237208637-1224\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TybwwkXJufI3P6ZKzWpROPfCFak80-Y8c2FMM732mk628SkHqNJy4Fg008TF7Cd3K_bdxLQbZcb1xXrNmwR61m0WxicPkY,&q={searchTerms}, , [3efeb7e5306a84b2950e4aac9271f10f]
PUP.Optional.Linkury, HKU\S-1-5-21-1278887282-1552680147-1237208637-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|DisplayName, Search the web, , [8fad8e0e7228d165b54b658f53b036ca]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1278887282-1552680147-1237208637-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|URL, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TybwwkXJufI3P6ZKzWpROPfCFak80-Y8c2FMM732mk628SkHqNJy4Fg008TF7Cd3K_bdxLQbZcb1xXrNmwR61m0WxicPkY,&q={searchTerms}, , [66d6a0fc37632d09346eb046cd368e72]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1278887282-1552680147-1237208637-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TybwwkXJufI3P6ZKzWpROPfCFak80-Y8c2FMM732mk628SkHqNJy4Fg008TF7Cd3K_bdxLQbZcb1xXrNmwR61m0WxicPkY,&q={searchTerms}, , [bd7f3864c4d624121c876a8c6f94f010]

Registrierungsdaten: 14
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\ProgramData\focel\Anfresh.dll, Gut: (), Schlecht: (C:\ProgramData\focel\Anfresh.dll),,[9ba1584491099b9bb7f531a88b79ab55]
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\ProgramData\focel\Plusplus.dll, Gut: (), Schlecht: (C:\ProgramData\focel\Plusplus.dll),,[80bcd0ccaeec54e2a8f1598074904db3]
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {ielnksrch}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({ielnksrch}),,[cb71910ba6f463d367d382f793710cf4]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1278887282-1552680147-1237208637-1224\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TCK9rQZBkEczAjGHiTeW9yJ93B-xO1jhPsXzH0iqkSRKh55STQ5mix3K1yCcrhejRxYUcEhZoVo-fqUm2ktVT70l8nc5ts,, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TCK9rQZBkEczAjGHiTeW9yJ93B-xO1jhPsXzH0iqkSRKh55STQ5mix3K1yCcrhejRxYUcEhZoVo-fqUm2ktVT70l8nc5ts,),,[70ccecb09ffb0f2784be3742da2ae818]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1278887282-1552680147-1237208637-1224\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TybwwkXJufI3P6ZKzWpROPfCFak80-Y8c2FMM732mk628SkHqNJy4Fg008TF7Cd3K_bdxLQbZcb1xXrNmwR61m0WxicPkY,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TybwwkXJufI3P6ZKzWpROPfCFak80-Y8c2FMM732mk628SkHqNJy4Fg008TF7Cd3K_bdxLQbZcb1xXrNmwR61m0WxicPkY,&q={searchTerms}),,[47f58a120793b08648fac0b947bd728e]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1278887282-1552680147-1237208637-1224\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TybwwkXJufI3P6ZKzWpROPfCFak80-Y8c2FMM732mk628SkHqNJy4Fg008TF7Cd3K_bdxLQbZcb1xXrNmwR61m0WxicPkY,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TybwwkXJufI3P6ZKzWpROPfCFak80-Y8c2FMM732mk628SkHqNJy4Fg008TF7Cd3K_bdxLQbZcb1xXrNmwR61m0WxicPkY,&q={searchTerms}),,[a9938e0e5545c472f05292e7cb39d030]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1278887282-1552680147-1237208637-1224\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SearchAssistant, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TybwwkXJufI3P6ZKzWpROPfCFak80-Y8c2FMM732mk628SkHqNJy4Fg008TF7Cd3K_bdxLQbZcb1xXrNmwR61m0WxicPkY,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TybwwkXJufI3P6ZKzWpROPfCFak80-Y8c2FMM732mk628SkHqNJy4Fg008TF7Cd3K_bdxLQbZcb1xXrNmwR61m0WxicPkY,&q={searchTerms}),,[7cc0306c6a30cd690a38ec8dd2322ad6]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1278887282-1552680147-1237208637-1224\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TybwwkXJufI3P6ZKzWpROPfCFak80-Y8c2FMM732mk628SkHqNJy4Fg008TF7Cd3K_bdxLQbZcb1xXrNmwR61m0WxicPkY,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TybwwkXJufI3P6ZKzWpROPfCFak80-Y8c2FMM732mk628SkHqNJy4Fg008TF7Cd3K_bdxLQbZcb1xXrNmwR61m0WxicPkY,&q={searchTerms}),,[70cc504c306a63d362e1aecb34d02ed2]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1278887282-1552680147-1237208637-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TybwwkXJufI3P6ZKzWpROPfCFak80-Y8c2FMM732mk628SkHqNJy4Fg008TF7Cd3K_bdxLQbZcb1xXrNmwR61m0WxicPkY,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TybwwkXJufI3P6ZKzWpROPfCFak80-Y8c2FMM732mk628SkHqNJy4Fg008TF7Cd3K_bdxLQbZcb1xXrNmwR61m0WxicPkY,&q={searchTerms}),,[60dcc8d4306a48eea1a13a3f2cd8a957]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1278887282-1552680147-1237208637-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TCK9rQZBkEczAjGHiTeW9yJ93B-xO1jhPsXzH0iqkSRKh55STQ5mix3K1yCcrhejRxYUcEhZoVo-fqUm2ktVT70l8nc5ts,, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TCK9rQZBkEczAjGHiTeW9yJ93B-xO1jhPsXzH0iqkSRKh55STQ5mix3K1yCcrhejRxYUcEhZoVo-fqUm2ktVT70l8nc5ts,),,[dc608d0fa2f8eb4b98aae594bf454ab6]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1278887282-1552680147-1237208637-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TybwwkXJufI3P6ZKzWpROPfCFak80-Y8c2FMM732mk628SkHqNJy4Fg008TF7Cd3K_bdxLQbZcb1xXrNmwR61m0WxicPkY,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TybwwkXJufI3P6ZKzWpROPfCFak80-Y8c2FMM732mk628SkHqNJy4Fg008TF7Cd3K_bdxLQbZcb1xXrNmwR61m0WxicPkY,&q={searchTerms}),,[7ac275275f3bd561231ff68346be867a]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1278887282-1552680147-1237208637-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SearchAssistant, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TybwwkXJufI3P6ZKzWpROPfCFak80-Y8c2FMM732mk628SkHqNJy4Fg008TF7Cd3K_bdxLQbZcb1xXrNmwR61m0WxicPkY,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TybwwkXJufI3P6ZKzWpROPfCFak80-Y8c2FMM732mk628SkHqNJy4Fg008TF7Cd3K_bdxLQbZcb1xXrNmwR61m0WxicPkY,&q={searchTerms}),,[14283e5e49511f17083a97e2778d9b65]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1278887282-1552680147-1237208637-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TybwwkXJufI3P6ZKzWpROPfCFak80-Y8c2FMM732mk628SkHqNJy4Fg008TF7Cd3K_bdxLQbZcb1xXrNmwR61m0WxicPkY,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6-4gWddfppfI-0WOzfJVzKmwJSe8zlaknVdywWyfrf__DzV9BjX4h14XAudrLVe5TybwwkXJufI3P6ZKzWpROPfCFak80-Y8c2FMM732mk628SkHqNJy4Fg008TF7Cd3K_bdxLQbZcb1xXrNmwR61m0WxicPkY,&q={searchTerms}),,[b38916863d5d5adc6bd896e3e321a15f]
PUP.Optional.Linkury, HKU\S-1-5-21-1278887282-1552680147-1237208637-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {ielnksrch}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({ielnksrch}),,[360637657f1b2e0856e3dd9c63a1e917]

Ordner: 2
PUP.Optional.Linkury, C:\Windows\Temp\Smartbar, , [28143b618d0d24121de2e40f4fb403fd], 
PUP.Optional.Linkury.ACMB1, C:\ProgramData\focels, , [a19b0e8e9406ee48aa29227a06fe8080], 

Dateien: 10
PUP.Optional.Linkury.ACMB1, C:\ProgramData\focel\Anfresh.dll, , [9ba1584491099b9bb7f531a88b79ab55], 
PUP.Optional.Linkury.ACMB1, C:\ProgramData\focel\Plusplus.dll, , [80bcd0ccaeec54e2a8f1598074904db3], 
Trojan.Downloader, C:\ProgramData\focel\Zonquadtax.exe, , [a19ba8f4c2d8da5cc0eb5c7d798bb050], 
PUP.Optional.Linkury, C:\Windows\Temp\Smartbar\Ranlam.ico, , [28143b618d0d24121de2e40f4fb403fd], 
PUP.Optional.Linkury, C:\Windows\Temp\Smartbar\Saofresh.ico, , [28143b618d0d24121de2e40f4fb403fd], 
PUP.Optional.Linkury, C:\Windows\Temp\Smartbar\Whitetex.ico, , [28143b618d0d24121de2e40f4fb403fd], 
PUP.Optional.Linkury.ACMB1, C:\ProgramData\focels\ff.HP, , [a19b0e8e9406ee48aa29227a06fe8080], 
PUP.Optional.Linkury.ACMB1, C:\ProgramData\focels\ff.NT, , [a19b0e8e9406ee48aa29227a06fe8080], 
PUP.Optional.Linkury.ACMB1, C:\ProgramData\focels\snp.sc, , [a19b0e8e9406ee48aa29227a06fe8080], 
PUP.Optional.Linkury.ACMB1, C:\Users\martinha\AppData\Roaming\Mozilla\Firefox\Profiles\afd7ehde.default-1421493400080\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "C:\\ProgramData\\focels\\ff.NT");), ,[a19b44589505ef4763237e1fa65e926e]

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
Zitat:
Zitat von martinha Beitrag anzeigen
Bei einem Suchlauf hat Malwarebytes u.a. Downloadtrojaner auf C:\ProgrammData\focel\Zonquadttax.exe gefunden. Daneben habe ich das Problem einer ständigen Veränderung meiner Firefox Startseite. Bitte helft einem 68-jährigen Computer-Halbwissendem. DANKE !!!
__________________
Alt 25.10.2016, 14:49   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Downloadtrojaner Zonquadttax.exe - Standard

Downloadtrojaner Zonquadttax.exe


Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)




Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 25.10.2016, 15:14   #5
martinha
 
Downloadtrojaner Zonquadttax.exe - Standard

Downloadtrojaner Zonquadttax.exe


Zuerst schon mal herzlichen Dank für die Hilfe
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 17-10-2016
durchgeführt von martinha (25-10-2016 16:09:25)
Gestartet von C:\Users\martinha\Desktop
Windows 10 Enterprise Version 1607 (X64) (2016-10-01 10:28:02)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3971317600-4276828187-4244599763-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3971317600-4276828187-4244599763-503 - Limited - Disabled)
Gast (S-1-5-21-3971317600-4276828187-4244599763-501 - Limited - Disabled)
rauter (S-1-5-21-3971317600-4276828187-4244599763-1006 - Administrator - Enabled) => C:\Users\rauter
Support (S-1-5-21-3971317600-4276828187-4244599763-1001 - Administrator - Enabled) => C:\Users\Support

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acronis Backup 11.5 Agent Core (HKLM-x32\...\{CE226895-5910-47CE-8A28-5D7D907A4FFF}) (Version: 11.5.38573 - Acronis)
Acronis Backup 11.5 Agent für Windows (HKLM-x32\...\{703EE602-5FB5-4592-9388-FE1D2C20F363}) (Version: 11.5.38573 - Acronis)
Acronis Backup 11.5 Bootable Media Builder (HKLM-x32\...\{EE1BE3AE-B8DB-4DBB-AC9F-F9B54AC2C52E}) (Version: 11.5.38573 - Acronis)
Acronis Backup 11.5 Command-Line Tool (HKLM-x32\...\{13CAA62E-4226-4B29-BB1A-23DC92CE4B6A}) (Version: 11.5.38573 - Acronis)
Acronis Backup 11.5 Management Console (HKLM-x32\...\{90BE6C97-1F7A-4F35-9876-FA62CE20D2C9}) (Version: 11.5.38573 - Acronis)
Acronis Backup 11.5 Tray Monitor (HKLM-x32\...\{0402F389-E3BD-47B7-AAAD-D2B4DAA8F90B}) (Version: 11.5.38573 - Acronis)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.020.20039 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.185 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-Bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Capella Micro CM3218x SPB Driver (HKLM-x32\...\CM3218x) (Version: 1.1.1.0 - Capella Microsystems, Inc.)
Configuration Manager Client (Version: 5.00.8412.1000 - Microsoft Corporation) Hidden
Dependency Package Update (x32 Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7/8 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
DisplayLink Core Software (HKLM\...\{58F4C39B-D946-4A45-A314-DEFC2AFDF397}) (Version: 7.5.54609.0 - DisplayLink Corp.)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
EasyGPS 5.23.0.0 (HKLM-x32\...\EasyGPS_is1) (Version: 5.23.0.0 - TopoGrafix)
Elevated Installer (x32 Version: 4.1.27.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin BaseCamp (HKLM-x32\...\{23A4DBD1-D847-4957-995D-8B1CC527E2E2}) (Version: 4.6.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{5b45c228-dcb1-4a0b-a9de-3b4b683ef15d}) (Version: 4.1.27.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.27.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.27.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin TOPO Deutschland V7 PRO (HKLM-x32\...\{340A2FCE-F4B5-4F80-8AEE-F72D55711F83}) (Version: 7.0.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{DC7720F2-98BE-41C1-B0A8-E391362E86B8}) (Version: 2.3.1.1 - Garmin Ltd or its subsidiaries)
GDR 6241 für SQL Server 2008 (KB 3045311) (HKLM-x32\...\KB3045311) (Version: 10.4.6241.0 - Microsoft Corporation)
Gesture Control (HKLM-x32\...\{7777DD46-E32D-44FE-A08B-AF83CD8FB54C}) (Version: 6.1.163.8 - Lenovo)
Gigaset QuickSync (HKLM\...\{192f673d-d310-4488-96da-4a4bfcd6ab2b}) (Version: 8.6.0875.1 - Gigaset Communications GmbH)
HP Deskjet 1000 J110 series - Grundlegende Software für das Gerät (HKLM\...\{CED47C99-8892-4956-BCA7-CC3123531371}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 1000 J110 series Hilfe (HKLM-x32\...\{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}) (Version: 140.0.65.65 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Support Solutions Framework (HKLM-x32\...\{B1AD4FFB-DD17-43EC-8C30-B9E71EAD9132}) (Version: 12.5.32.37 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDetect (HKLM-x32\...\{CCCDD476-98F9-4B06-91DB-23F27CEC3BE1}) (Version: 1.0.0.0 - HP)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
iCloud (HKLM\...\{B33C558F-772F-4308-A059-390FBF9BAAAE}) (Version: 5.0.2.61 - Apple Inc.)
Inst5676 (Version: 8.01.42 - Softex Inc.) Hidden
Integrated Camera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10252 - Realtek Semiconductor Corp.)
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.4.129.1 - Intel Security)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1156 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 20.2 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4206 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.253.0 - Intel Corporation)
Intel(R) Wireless Bluetooth(R)(patch version 17.1.1512.771) (HKLM\...\{302600C1-6BDF-4FD1-1501-148929CC1385}) (Version: 17.1.1501.0514 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel® PROSet/Wireless Software (HKLM-x32\...\{d5572863-793c-4ec8-872a-43cccc68b948}) (Version: 18.40.0 - Intel Corporation)
iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version: 12.5.1.21 - Apple Inc.)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
LavasoftTcpService (x32 Version: 2.3.3.0 - Lavasoft) Hidden
Lenovo Anzeige am Bildschirm (Version: 8.80.10 - Lenovo) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.13 - )
Lenovo Patch Utility (x32 Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Peer Connect SDK (HKLM\...\{75C87855-9CBB-4892-B1A9-74C73A19CACA}_is1) (Version: 1.0.0.7 - Lenovo)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.11.06 - Lenovo)
Lenovo QuickConnect NFC Utility (HKLM-x32\...\{7C8A2D9F-10CF-4071-BFE4-6B0843A6302E}_is1) (Version: 2.0.0.54 - Lenovo Group Limited)
Lenovo QuickControl (HKLM-x32\...\{ABA0A3F7-649E-4338-BDC9-18437D9699D6}) (Version: 2.40 - Lenovo Group Limited)
Lenovo Settings - Power (x32 Version: 2.00.000 - Lenovo) Hidden
Lenovo Solution Center (HKLM\...\{558E50EE-5E2D-479A-A455-8A826191583B}) (Version: 3.3.004.00 - Lenovo)
Lenovo System Interface Foundation (HKLM\...\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.067.00 - Lenovo)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0022 - Lenovo)
Lenovo USB Graphics (HKLM\...\{E6B1FE9A-CB1E-4096-A0AF-163419CB971C}) (Version: 7.5.54614.0 - Lenovo)
Lenovo USB3.0 to DVI VGA Monitor Adapter (HKLM-x32\...\{454D32AD-C149-49BE-9F2E-8C089C3D6620}) (Version: 1.07.17 - Lenovo)
Lexware Abschreibungsrechner (x32 Version: 15.00.00.0006 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware büro easy 2016 (x32 Version: 29.04.00.0114 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware büro easy plus 2016 (HKLM-x32\...\{17d7e319-ac59-4a31-84cb-3009092079e2}) (Version: 29.4.0.114 - Haufe-Lexware GmbH & Co.KG)
Lexware Datenbank plus 2016 (x32 Version: 16.00.00.0097 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Elster (x32 Version: 16.05.00.0033 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Elster 2016 (HKLM-x32\...\{c9c745c2-74e4-454e-91e0-ca041e6ed42c}) (Version: 16.5.0.33 - Haufe-Lexware GmbH & Co.KG)
Lexware Info Service (x32 Version: 16.00.00.0040 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Installations Dienst (HKLM-x32\...\{6FF55A3A-4E59-4CF8-9248-2EE747168B3E}) (Version: 5.01.00.0040 - Haufe-Lexware GmbH & Co.KG)
Lexware online banking (x32 Version: 22.04.00.0043 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware PDF-Export 5 (x32 Version: 5.00.01.0009 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware reisekosten 2016 (HKLM-x32\...\{8a317b7d-5b5c-49d3-bc29-71a1c3f03f76}) (Version: 16.2.0.161 - Haufe-Lexware GmbH & Co.KG)
Lexware reisekosten plus 2016 (x32 Version: 16.02.00.0211 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Services (x32 Version: 4.00.00.0066 - Haufe-Lexware GmbH & Co.KG) Hidden
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Managed Windows Defender (Version: 4.7.0214.0 - Microsoft Corporation) Hidden
Manager (x32 Version: 4.1.4.27792 - 2015 pdfforge GmbH. All rights reserved) Hidden
Metric Collection SDK (x32 Version: 1.1.0008.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0011.00 - Lenovo Group Limited) Hidden
Microsoft Dynamics CRM 2015 für Microsoft Office Outlook (HKLM\...\Microsoft CRM Client) (Version: 7.1.0001.3113 - Microsoft Corporation)
Microsoft Dynamics CRM für Outlook Update 1.0 (KB3056327) (HKLM\...\KB3056327_Client_1031) (Version: 7.1.0000.1074 - Microsoft Corporation)
Microsoft Dynamics CRM für Outlook Update 1.1 (KB3072333) (HKLM\...\KB3072333_Client_1031) (Version: 7.1.0001.3113 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 16.0.7369.2038 - Microsoft Corporation)
Microsoft Online Services-Anmeldeassistent (HKLM\...\{46E637E2-AC34-4B45-B5DF-D20903A3DB61}) (Version: 7.250.4303.0 - Microsoft Corporation)
Microsoft Report Viewer 2012-Laufzeit (HKLM-x32\...\{65F3578A-F54F-4402-A9B1-E36B06976706}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft ReportViewer 2010 Redistributable (HKLM-x32\...\{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM-x32\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{4AF2248C-B3DF-46FB-9596-87F5DB193689}) (Version: 10.4.6000.29 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{F5A944B8-426D-4A6A-BE6F-DAAA957CA50D}) (Version: 10.4.6000.29 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM-x32\...\{AE70D6C9-AF27-405C-9BF7-7D7AB70AC177}) (Version: 10.4.6241.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{F0DA699A-5279-49F2-AC5C-1BA58B3CC613}) (Version: 3.5.8082.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{419A1C86-B998-4395-A848-AA95E8869E13}) (Version: 3.5.8082.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 DEU  (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{28D06854-572C-4A65-83E5-F8CAF26B9FDC}) (Version: 10.4.6000.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
ModemAuthenticator (HKLM-x32\...\{C19BC2FE-B85D-42E3-B7FE-1628B2E22298}) (Version: 1.0.7 - Intel Mobile Communications)
Mozilla Firefox 47.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 de)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla)
Net at Work Mail Gateway Outlook add-in (HKLM-x32\...\{9bb32908-fa74-4345-b108-b7e371dd1e22}) (Version: 8.5.164.0 - Net at Work Netzwerksysteme GmbH)
Net at Work Mail Gateway Outlook Add-in (Version: 8.5.164.0 - Net at Work Netzwerksysteme GmbH) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
OfficeMaster Client G5 (x86) (HKLM-x32\...\{efa9fdfb-f1cc-49fb-81ab-14878b2e8f7a}) (Version: 5.21.29362 - Ferrari electronic AG)
OSM generic routable(GRC) (HKLM-x32\...\OSM generic routable(GRC)) (Version:  - )
PDF Architect 4 (HKLM-x32\...\PDF Architect 4) (Version: 4.0.34.26215 - pdfforge GmbH)
PDF Architect 4 Create Module (Version: 4.1.5.29097 - pdfforge GmbH) Hidden
PDF Architect 4 Edit Module (Version: 4.1.5.29097 - pdfforge GmbH) Hidden
PDF Architect 4 View Module (Version: 4.1.5.29097 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.3.2 - pdfforge GmbH)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Plantronics CSR Driver (64-bit) (Version: 3.1.51094.21292 - Plantronics, Inc.) Hidden
Plantronics CsrDfu Installer (x32 Version: 3.1.51094.21292 - Plantronics, Inc.) Hidden
Plantronics HidDfu Installer (x32 Version: 3.1.51094.21292 - Plantronics, Inc.) Hidden
Plantronics MyHeadset Updater (HKLM-x32\...\{f3913714-6d44-49ee-9526-a47d548f2334}) (Version: 3.1.51094.21292 - Plantronics, Inc.)
Plantronics MyHeadset Updater (x32 Version: 3.1.51094.21292 - Plantronics, Inc.) Hidden
Plantronics MyHeadset Updater Device Handlers (32-bit) (x32 Version: 3.1.51094.21292 - Plantronics, Inc.) Hidden
Plantronics MyHeadset Updater DFU Handlers (32-bit) (x32 Version: 3.1.51094.21292 - Plantronics, Inc.) Hidden
Plantronics MyHeadset Updater Install Check (x32 Version: 3.1.51094.21292 - Plantronics, Inc.) Hidden
Plantronics MyHeadset Updater MLS (Version: 3.0.0.0 - Plantronics, Inc.) Hidden
Plantronics MyHeadset Updater Runtime (x32 Version: 3.1.51094.21292 - Plantronics, Inc.) Hidden
Plantronics MyHeadset Updater Startup (x32 Version: 3.1.51094.21292 - Plantronics, Inc.) Hidden
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7572 - Realtek Semiconductor Corp.)
Rossmann Fotowelt Software (HKLM-x32\...\Rossmann Fotowelt Software) (Version: 4.14.5. - ORWO Net)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.61.0 - Samsung Electronics Co., Ltd.)
Service Pack 4 für SQL Server 2008 (KB2979596) (HKLM-x32\...\KB2979596) (Version: 10.4.6000.29 - Microsoft Corporation)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 3.3.0.658 - Lenovo)
Sierra Wireless EM7345 4G LTE Software (HKLM-x32\...\SWIIntelDrvInstaller) (Version: 2.5.10640.4317 - Sierra Wireless, Inc.)
Sign Live! CC Sparkassen-Edition 6.3 (HKLM\...\SIGNLIVE_CC_Sparkassen_Edition_6_3_is1) (Version: 6.3 - intarsys consulting GmbH)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Snip (HKU\S-1-5-21-1278887282-1552680147-1237208637-1224\...\{525d439e-e22a-4221-8fd1-25b845fe0038}) (Version: 0.1.5119.0 - Microsoft Corporation)
Snip (x32 Version: 0.1.5119.0 - Microsoft) Hidden
Sophos SSL VPN Client 2.1 (HKLM-x32\...\Sophos SSL VPN Client) (Version: 2.1 - )
Sql Server Customer Experience Improvement Program (x32 Version: 10.4.6000.29 - Microsoft Corporation) Hidden
Start Menu (HKU\S-1-5-21-1278887282-1552680147-1237208637-500\...\Pokki_Start_Menu) (Version: 0.269.4.145 - Pokki)
Studie zur Verbesserung von HP Deskjet 1000 J110 series Produkten (HKLM\...\{28F4BC72-75AE-47DD-B5B3-2A027BCA48A7}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.85 - Synaptics Incorporated)
Synaptics WBF DDK 5011 (Advanced) (HKLM\...\{87E2D28A-EEE2-4C3C-B0C1-CDA986B3C42E}) (Version: 4.5.503.0 - Synaptics)
System Center Endpoint Protection (HKLM\...\Microsoft Security Client) (Version: 4.7.214.0 - Microsoft Corporation)
tax 2015 Professional (HKLM-x32\...\{4CF96070-DEE5-43B5-B6A7-23AC07BC0C77}) (Version: 22.00.8811 - Buhl Data Service GmbH)
tax 2016 Professional (HKLM-x32\...\{30E85B0C-57D8-4ECE-814B-264550A92FAB}) (Version: 23.00.1146 - Buhl Data Service GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.63017 - TeamViewer)
ThinkPad OneLink Dock (HKLM-x32\...\{8E1CACF5-2493-4950-9AD5-189903FE57E7}) (Version: 1.08.36 - Lenovo)
ThinkPad Settings Dependency (Version: 3.0.1.29 - Lenovo) Hidden
Thinkpad USB 3.0 Ethernet Adapter Driver (HKLM-x32\...\{D8102684-7BA1-4948-88B9-535F84E6E588}) (Version: 8.8.911.2013 - Lenovo)
ThinkVantage Password Manager (HKLM-x32\...\{70EE2BAA-F82A-4B8A-950E-649EFD64D5B9}) (Version: 4.70.2.0 - Lenovo Group Limited)
TimeTracking Outlook AddIn (HKLM-x32\...\{092C9DD6-6641-4DEC-B607-E0C5C8901A24}) (Version: 4.2.0 - proMX GmbH)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
Windows Firewall Configuration Provider (HKLM\...\{109A5A16-E09E-4B82-A784-D1780F1190D6}) (Version: 1.2.3412.0 - Microsoft Corporation)
Windows-Treiberpaket - Cambridge Silicon Radio (CSRBC) USB  (10/26/2012 2.4.0.0) (HKLM\...\20C7EDA3129B3FF8F72F9BF59252B718B554FBDC) (Version: 10/26/2012 2.4.0.0 - Cambridge Silicon Radio)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Intel (e1dexpress) Net  (03/13/2014 12.11.77.1) (HKLM\...\8B9947A3FCC81D9507E333A63C6CC56E091BA6DB) (Version: 03/13/2014 12.11.77.1 - Intel)
Windows-Treiberpaket - Intel Corporation (iaStorA) HDC  (11/15/2013 12.8.10.1005) (HKLM\...\D25E6F494D3225DFE05884186452E2C79AF2E506) (Version: 11/15/2013 12.8.10.1005 - Intel Corporation)
Windows-Treiberpaket - Lenovo 1.67.04.05 (12/17/2013 1.67.04.05) (HKLM\...\68ECF461D6E85BB67AFC110D2FEBF1955C9F26B5) (Version: 12/17/2013 1.67.04.05 - Lenovo)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows-Treiberpaket - Synaptics (SmbDrv) System  (04/07/2014 18.0.7.40) (HKLM\...\FB2627FE59EA6DAD058B4A4C82647DC162F8723D) (Version: 04/07/2014 18.0.7.40 - Synaptics)
Windows-Treiberpaket - Synaptics (SynTP) Mouse  (04/07/2014 18.0.7.40) (HKLM\...\5879A8A324E612CD4CB110632BF1186381FA46F0) (Version: 04/07/2014 18.0.7.40 - Synaptics)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-1278887282-1552680147-1237208637-1224_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\martinha\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_2\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1278887282-1552680147-1237208637-1224_Classes\CLSID\{9E90BC4A-C30F-4BB1-AE57-757E5089FFE2}\InprocServer32 -> C:\Users\martinha\AppData\Local\TimeTrackingOutlookAddIn20\adxloader64.dll ()

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {083BCDAD-F56A-4C27-BE44-774922CCD363} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {0BE19FBC-CA7F-4E92-BB05-C5FB6A148AEF} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_TVSUUpdateTask => reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler  /v start /t reg_dword /d 1 /f /reg:32
Task: {12C523F8-40DC-4032-A176-15EEBCBCB005} - \WPD\SqmUpload_S-1-5-21-1278887282-1552680147-1237208637-1224 -> Keine Datei <==== ACHTUNG
Task: {140BC594-94C0-44FF-9361-DD926C3D1663} - \WPD\SqmUpload_S-1-5-21-3971317600-4276828187-4244599763-1001 -> Keine Datei <==== ACHTUNG
Task: {15E0C3AA-2D89-42F6-ACD0-437661FA0E3D} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-04-01] (Oracle Corporation)
Task: {24E826E0-421F-46F3-9079-3B6AF34B1266} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-08-13] (Realtek Semiconductor)
Task: {2A14A12F-2298-4FB4-9578-B1B780364B54} - \Microsoft\Windows\RemoteApp and Desktop Connections Update\martinha@IT-CONSULT.NET\Report update status -> Keine Datei <==== ACHTUNG
Task: {2A8541BC-F922-4E2C-B70F-55DED8A51555} - \WPD\SqmUpload_S-1-5-21-1278887282-1552680147-1237208637-1332 -> Keine Datei <==== ACHTUNG
Task: {2F6A7B13-A044-42CD-9875-CEECB3D2A2DE} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-08-18] (HP Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {4793A9E9-69AF-454E-83AE-86B63EA9556B} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-12] (Adobe Systems Incorporated)
Task: {47C8B51B-7854-42DF-9BAA-E98FFDA1DF5B} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Maintenance
Task: {49312AC5-D52B-4B18-8DED-5C3155204076} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-10-12] (Microsoft Corporation)
Task: {4A174699-4C93-4E5F-B2C1-865C43C808AE} - System32\Tasks\Lenovo\Lenovo Settings Power => Rundll32.exe "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.dll",PwrMgrBkGndMonitor
Task: {4AEAD71D-051E-457E-A6D2-CF61297EB5DF} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {4CC90EA5-155F-4747-97A0-10D0358DC769} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-08] (Microsoft Corporation)
Task: {507F2F84-124F-402E-8AD7-BA299752F2B3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-10-09] (Microsoft Corporation)
Task: {5085AB57-C81A-4C1B-ABDD-12717E4A2C0C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {5D6C7DFE-6F2A-4CC1-8490-ED9E41186CCC} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Health Evaluation => C:\WINDOWS\CCM\ccmeval.exe [2016-06-20] (Microsoft Corporation)
Task: {63E32C29-8092-4EB3-854A-7D9A5C31EA8F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {69E8B51E-A33C-4C3E-B581-78F198FD91CB} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Idle Detection
Task: {6A9E64BA-B5B6-4A1E-9ACE-003867676ACC} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {6B215071-BCB2-4440-86B6-E4562B4F8EBF} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.UpdateStatusService.exe [2016-08-24] ()
Task: {6FD832FD-6202-4B36-8BC3-8A868CA46227} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-08] (Microsoft Corporation)
Task: {74ED73D0-505C-45F3-8048-34765681F225} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-08-24] (Lenovo)
Task: {7CF2F00F-4AA7-4964-A72E-324597B6C93B} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {7DB45B4A-2762-4441-BE74-2374B62F3FE5} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => Sc.exe START ImControllerService
Task: {81491D64-24FF-4A4F-B249-9ABD29CF3C50} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-08-13] (Realtek Semiconductor)
Task: {87D1761F-53E0-407A-8228-57BE9D17118F} - System32\Tasks\Kopiere Fahrtenbuch => 
Task: {880A47A6-108D-46A1-9A7E-242A7A11592B} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Passport for Work Certificate Enrollment Task => C:\WINDOWS\System32\Wbem\wmic.exe [2016-07-16] (Microsoft Corporation) <==== ACHTUNG
Task: {8D360885-0724-4AF3-9619-66A1B9EDEB6C} - System32\Tasks\LenovoQuickDisplay => C:\Program Files (x86)\Lenovo\QuickConnect NFC Utility\qdtap.exe [2014-03-05] (Lenovo)
Task: {8F4592C4-5D3D-4D3D-99E3-B39929FD11EC} - System32\Tasks\HPCustParticipation HP Deskjet 1000 J110 series => C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {8FD1E83C-3575-4685-8821-861B6A0C747F} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-08-31] ()
Task: {91294BE9-6728-4689-9382-A91C623B279C} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2016-01-13] ()
Task: {948A9ECC-4088-4B37-916F-B87B3EE34036} - \WPD\SqmUpload_S-1-5-21-1278887282-1552680147-1237208637-1125 -> Keine Datei <==== ACHTUNG
Task: {979E16DA-189E-480C-979E-B9B0809A6605} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {9A1DD3BC-78AF-43E0-A442-F5FC96235BB2} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2016-04-20] (Lenovo)
Task: {9F4289BE-5AC6-4042-9535-BF635D635D68} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202}
Task: {A046DC57-4CDD-479F-9334-E61CDBEBAA77} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\WINDOWS\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {A8CA310C-B9DE-4E33-A8F7-9F16A4BCC859} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {AAF2731B-22E4-4C00-80F1-A2C6CDA5F5F7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {AC7B9DFB-1931-468E-B0C9-C66643A99756} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {AF59060C-40DF-4877-845D-44058A3B2D05} - \WPD\SqmUpload_S-1-5-21-3971317600-4276828187-4244599763-1006 -> Keine Datei <==== ACHTUNG
Task: {B5EEA664-5383-4FE8-BC6E-E85B66D14C1C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-10-09] (Microsoft Corporation)
Task: {BF9954B5-6B28-48DD-9E72-2CC684417BD3} - \Microsoft\Windows\Setup\gwx\runappraiser -> Keine Datei <==== ACHTUNG
Task: {BFEA1D7E-B9F1-42F0-9F1F-AC0C0621B247} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {C4DA72FD-C613-409E-82B3-AD9FD59475FA} - \WPD\SqmUpload_S-1-5-21-1278887282-1552680147-1237208637-18922 -> Keine Datei <==== ACHTUNG
Task: {C75162A0-587E-49E2-AF7D-46F441F31D4D} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\martinha\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-28] (Microsoft Corporation)
Task: {C795E956-ADB5-4D68-B762-3956C4DB9660} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}
Task: {C843E6DE-61F7-48B7-BCED-263F48D4A1C4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {CB32CD67-D8C1-4DED-AE7D-6EC45A4506C7} - System32\Tasks\RtHDVBg_LENOVO_MICPKEY => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-08-13] (Realtek Semiconductor)
Task: {D8CEED34-D22B-4D0B-97ED-6D0C384CAE8D} - System32\Tasks\Lenovo\Gesture Control => C:\Program Files (x86)\eyeSight\Gesture Control\GestureControl.exe [2014-07-31] (Lenovo)
Task: {DFC6C251-21C1-401B-8E47-83D90F885003} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-08-24] (Lenovo)
Task: {DFECBAE1-230A-4128-8E41-56CAA7D4D64C} - \Microsoft\Windows\RemoteApp and Desktop Connections Update\martinha@IT-CONSULT.NET\Update connections -> Keine Datei <==== ACHTUNG
Task: {F05788F6-6910-4EA0-91E3-BBD9E4DA6CE5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-10-12] (HP Inc.)
Task: {F3BE8384-6CA4-44FE-8317-AD089A72909E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {F5CD90D4-9CB1-429A-B76A-9E46515C7462} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {F72D0D12-F5F5-4261-9535-F5BBD795E302} - System32\Tasks\HPCeeScheduleFormartinha => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {F74E8997-9768-42BC-A19B-9013844CFA96} - System32\Tasks\Lexware Info Service Assistent => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [2015-09-29] (Haufe-Lexware GmbH & Co. KG)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleFormartinha.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements (1).job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

ShortcutWithArgument: C:\Users\martinha\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-07-16 13:42 - 2016-07-16 13:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-10-13 08:05 - 2016-09-15 19:25 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-07-02 22:32 - 2015-07-02 22:32 - 00023040 _____ () C:\Program Files (x86)\Sierra Wireless Inc\LENOVO MBIM Toolkit\firmwareupdaterservice.exe
2016-10-01 12:23 - 2016-10-01 12:05 - 00400896 _____ () C:\ProgramData\focel\focel.exe
2015-07-02 22:32 - 2015-07-02 22:32 - 00564224 _____ () C:\Program Files (x86)\Sierra Wireless Inc\LENOVO MBIM Toolkit\FirmwareApp.exe
2016-09-20 19:26 - 2016-08-23 08:02 - 00213320 _____ () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2016-10-13 08:05 - 2016-09-15 19:25 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-10-01 12:33 - 2016-10-01 12:33 - 01864384 _____ () C:\Users\martinha\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_2\amd64\ClientTelemetry.dll
2016-07-16 13:42 - 2016-07-16 13:42 - 00130048 _____ () C:\WINDOWS\SYSTEM32\CHARTV.dll
2016-10-01 13:20 - 2016-09-07 06:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-10-13 08:06 - 2016-10-05 11:35 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-10-13 08:06 - 2016-10-05 11:21 - 09760256 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-10-13 08:06 - 2016-10-05 11:13 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-10-13 08:06 - 2016-10-05 11:13 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-10-13 08:06 - 2016-10-05 11:13 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-10-13 08:06 - 2016-10-05 11:13 - 02424832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-10-13 08:06 - 2016-10-05 11:14 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2014-11-07 15:23 - 2014-07-03 12:04 - 00915968 _____ () C:\Program Files (x86)\Lenovo\OneLink Dock\onelinkpromgn.exe
2015-03-23 13:02 - 2015-03-23 13:02 - 00480992 _____ () C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpn-gui.exe
2016-10-20 07:45 - 2016-10-20 07:46 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.197.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-10-20 07:45 - 2016-10-20 07:46 - 00178176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.197.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-10-20 07:45 - 2016-10-20 07:46 - 35253760 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.197.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-08-28 11:19 - 2016-08-28 11:20 - 00017408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-08-28 11:19 - 2016-08-28 11:20 - 13475840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-08-28 11:19 - 2016-08-28 11:20 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-08-28 11:19 - 2016-08-28 11:20 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2014-02-19 05:56 - 2014-02-19 05:56 - 00284552 _____ () C:\Program Files (x86)\Common Files\Acronis\BackupAndRecovery\Common\fnls.dll
2014-02-19 05:56 - 2014-02-19 05:56 - 00327312 _____ () C:\Program Files (x86)\Common Files\Acronis\BackupAndRecovery\Common\events_trace.dll
2014-02-19 05:57 - 2014-02-19 05:57 - 00441760 _____ () C:\Program Files (x86)\Common Files\Acronis\BackupAndRecovery\Common\FileTrace.dll
2016-08-31 10:02 - 2016-08-31 10:02 - 00073216 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\FixBootSector.dll
2014-02-19 06:00 - 2014-02-19 06:00 - 00933568 _____ () C:\Program Files (x86)\Acronis\BackupAndRecovery\human_resolving_mms.dll
2014-02-19 05:58 - 2014-02-19 05:58 - 01931408 _____ () C:\Program Files (x86)\Acronis\BackupAndRecovery\msp_agent.dll
2016-06-18 15:40 - 2016-06-18 15:45 - 01754296 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\tmpod.dll
2016-06-18 15:41 - 2016-10-08 13:05 - 00039616 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\lynchtmlconvpxy.dll
2016-10-01 12:33 - 2016-10-01 12:33 - 01383616 _____ () C:\Users\martinha\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_2\ClientTelemetry.dll
2016-10-01 12:33 - 2016-10-01 12:33 - 00118976 _____ () C:\Users\martinha\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_2\FileSyncViews.dll
2015-07-06 21:36 - 2015-07-06 21:36 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-06-19 00:55 - 2016-10-20 08:08 - 03593408 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\gfx.dll
2016-06-18 15:40 - 2016-06-18 15:45 - 01754296 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\tmpod.dll
2016-06-18 15:40 - 2016-10-08 07:45 - 01010376 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\ADDINS\UmOutlookAddin.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 15:25 - 2016-02-18 14:01 - 00034972 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost
13.69.186.195       global.bing.com
13.69.186.195       www.bing.com
13.69.186.195       cn.bing.com
13.69.186.195       bing.com
13.69.186.195       0search.internetquickaccess.com
13.69.186.195       1and1.com
13.69.186.195       22find.com
13.69.186.195       24img.com
13.69.186.195       7mcn.tvnewtabsearch.com
13.69.186.195       abcsearch.ru
13.69.186.195       airzip.inspsearch.com
13.69.186.195       alexnova.com
13.69.186.195       alles-im-inter.net
13.69.186.195       allinsearch.com
13.69.186.195       allsearch.ca
13.69.186.195       allsearch.space
13.69.186.195       alternativesearch.ru
13.69.186.195       amaizingsearches.info
13.69.186.195       amazon.smart-search.com
13.69.186.195       appiance.com
13.69.186.195       apps.searchalgo.com
13.69.186.195       asiasearch.co
13.69.186.195       ask.com
13.69.186.195       atajitos.com
13.69.186.195       autosearch.centurylink.com
13.69.186.195       autosearch.zoominternet.net
13.69.186.195       avg.com
13.69.186.195       avg.nation.com
13.69.186.195       awesomehp.com

Da befinden sich 836 zusätzliche Einträge.


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1278887282-1552680147-1237208637-1224\Control Panel\Desktop\\Wallpaper -> C:\Users\martinha\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-1278887282-1552680147-1237208637-500\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Lenovo\RedBurst.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

MSCONFIG\Services: SpyHunter 4 Service => 2
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "PasswordManager"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "LexwareInfoService"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "Fitbit Connect"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "PLTUpdater.exe"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-1278887282-1552680147-1237208637-1224\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-1278887282-1552680147-1237208637-1224\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1278887282-1552680147-1237208637-1224\...\StartupApproved\Run: => "Dropbox Update"
HKU\S-1-5-21-1278887282-1552680147-1237208637-1224\...\StartupApproved\Run: => "Fitbit Connect"
HKU\S-1-5-21-1278887282-1552680147-1237208637-1224\...\StartupApproved\Run: => "iCloudServices"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{63D811CC-0593-4CBF-89D1-5FEA021016F1}C:\program files (x86)\microsoft office\root\office16\lync.exe] => (Allow) C:\program files (x86)\microsoft office\root\office16\lync.exe
FirewallRules: [TCP Query User{13D127D9-DE3D-4FFC-B03A-C79C92F44061}C:\program files (x86)\microsoft office\root\office16\lync.exe] => (Allow) C:\program files (x86)\microsoft office\root\office16\lync.exe
FirewallRules: [{069F42CC-6F6A-4D5C-80DE-6A44C6890967}] => (Allow) C:\Program Files (x86)\SQL Anywhere 16\Bin32\dbsrv16.exe
FirewallRules: [{89CCE8F7-9A4D-45A2-8E92-673E947B96A8}] => (Allow) C:\Program Files (x86)\SQL Anywhere 16\Bin32\dbsrv16.exe
FirewallRules: [{383F4C8B-A214-4794-8E03-4F402C83ABD3}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{E64CFCDC-82F8-4E86-B76E-7682120BF6F0}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{B52B744A-A7F9-4584-887D-D80154673931}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{C85478E4-DB5E-433F-B3BF-A640C49CAE4E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{44743B7F-B6F3-4DBF-912D-099029708B2E}] => (Allow) C:\Users\martinha\AppData\Local\Temp\7zS41F3\HPDiagnosticCoreUI.exe
FirewallRules: [{0EF2C4D0-0B07-4A0F-A843-990D1EDBA334}] => (Allow) C:\Users\martinha\AppData\Local\Temp\7zS41F3\HPDiagnosticCoreUI.exe
FirewallRules: [{3BCC16BE-A280-4734-8C7E-151C801C5498}] => (Allow) C:\Users\martinha\AppData\Local\Temp\7zS2E31\HPDiagnosticCoreUI.exe
FirewallRules: [{95C7F43C-A6C0-4E59-B1D7-AD3B7A900486}] => (Allow) C:\Users\martinha\AppData\Local\Temp\7zS2E31\HPDiagnosticCoreUI.exe
FirewallRules: [{68D89644-8CE7-4A66-BFB6-1A5630050DCD}] => (Allow) C:\Users\martinha\AppData\Local\Temp\7zS1CB2\HPDiagnosticCoreUI.exe
FirewallRules: [{8EB3B9CF-8884-4114-8317-AA6785354AAC}] => (Allow) C:\Users\martinha\AppData\Local\Temp\7zS1CB2\HPDiagnosticCoreUI.exe
FirewallRules: [{EE807A6E-7F12-46C2-8A53-0CCE2BE169CC}] => (Allow) C:\Program Files (x86)\Lexware\services\Haufe.FabricHostService.exe
FirewallRules: [{5D66E0F6-95D0-4576-9DA0-F1E7E66D417C}] => (Allow) C:\Program Files (x86)\Lexware\services\Haufe.FabricHostService.exe
FirewallRules: [{B7023848-71CE-4F9C-B5FB-C7134D5D72D4}] => (Allow) C:\Program Files (x86)\SQL Anywhere 12\Bin32\dbsrv12.exe
FirewallRules: [{9D37163E-B31D-4720-B2AA-636A3C253E47}] => (Allow) C:\Program Files (x86)\SQL Anywhere 12\Bin32\dbsrv12.exe
FirewallRules: [{C74E0952-59C8-4FE2-B01E-536FEE5C6D91}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{CC074C17-6376-4518-ACCB-1147F94AA1B5}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{8FF4582A-66B5-4FC6-BCE2-D45DC950286E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B21127DD-90B9-4BAF-B8FB-C1B5847D50E6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{03A3FF36-2D7E-486D-B043-0D433F0F971B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2F971BFF-9A17-4FB4-9DCA-75C415DFA3BA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D9EE5824-8AF9-4510-BFAC-423F7E431C77}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{E4F95422-6789-4244-9212-1591906F9832}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{C104E45D-5715-4787-874D-6BA2E1D90235}] => (Allow) C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\USBSetup.exe
FirewallRules: [UDP Query User{1A6BFFC7-9D09-469C-963C-40F17EA815EF}C:\users\martinha\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\martinha\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{2055DDB2-7E76-446E-9AC5-AE0082833902}C:\users\martinha\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\martinha\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{9197BA06-4DD0-472F-B495-0CB81058E4B0}C:\program files\microsoft office\office15\lync.exe] => (Allow) C:\program files\microsoft office\office15\lync.exe
FirewallRules: [TCP Query User{297F51E6-A343-4C1B-B55B-93A7AA444460}C:\program files\microsoft office\office15\lync.exe] => (Allow) C:\program files\microsoft office\office15\lync.exe
FirewallRules: [{0274A9C0-94FF-4533-9040-83B3A5BFE5E2}] => (Allow) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
FirewallRules: [{BBF56B60-8922-4DE1-BCE1-AC1310C43454}] => (Allow) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
FirewallRules: [{5AF66E65-A16D-41DE-8227-9CAAE2E85A57}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E971ADB0-484F-4B6F-9D93-1AA21F21204C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{27208934-0015-4403-8AF3-C1DC3E4F1D3C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1E1D42AE-23EC-44AD-B983-5D80C0398F45}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C209A5F7-CF49-4842-A679-4F04E956B719}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{AEF56502-915F-40D8-8C06-8F1E7B742929}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E3780AE3-CD78-41EE-A7F9-97F47DEB08C1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{2F1B4DF4-922F-48F8-A78C-AE06F22CEA79}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{6A1C1605-5278-402F-916F-6F9BD7A57E0A}] => (Allow) C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe
FirewallRules: [{7B130657-70AC-435C-B898-9C246086C901}] => (Allow) C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe
FirewallRules: [{A3CAF720-D9BD-4BF7-AAF6-C075F072126E}] => (Allow) C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe
FirewallRules: [{1FD41DE8-3A9A-4E1B-B6F6-D3AFB4DC376F}] => (Allow) C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe
FirewallRules: [{2E91EC70-1915-422F-BE79-FF1EE7858605}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe
FirewallRules: [{BA2850C7-0F4F-4E1D-9F9D-ED45054766FB}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe
FirewallRules: [{75EF22F2-5904-4BDE-88F0-9C3F1E52BA90}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe
FirewallRules: [{5ECCF999-7175-48D9-A642-058C342547F2}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe
FirewallRules: [{56D59956-ED0E-4AA3-B9D4-D398A152FDD9}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{F4CE020A-4C80-4267-9D20-59F1D8FA21E8}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{12FA5668-6F5F-4280-928C-AF3BEEC13C14}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{A119A95C-0A6B-4997-8CFC-B7262C731E08}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{A2341B34-E953-4251-970E-4A27AEA04975}] => (Allow) C:\WINDOWS\CCM\RemCtrl\CmRcService.exe
FirewallRules: [{55082E6C-6DB3-41D5-B25A-2F834781F6C5}] => (Allow) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
FirewallRules: [{48675F8F-7B7C-46CB-AB14-F55A5A7507E3}] => (Allow) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
FirewallRules: [{7927BF85-C501-4A2C-BBF9-B3A15BF89963}] => (Allow) C:\Users\martinha\AppData\Local\Temp\7zS6690\HPDiagnosticCoreUI.exe
FirewallRules: [{9702A9ED-1D10-4968-B01D-783F8D0E1401}] => (Allow) C:\Users\martinha\AppData\Local\Temp\7zS6690\HPDiagnosticCoreUI.exe
FirewallRules: [{1645A085-FA44-420A-A4D9-660EC9D985F7}] => (Allow) C:\Users\martinha\AppData\Local\Temp\7zS66D4\HPDiagnosticCoreUI.exe
FirewallRules: [{69D5DCE6-FE06-422B-A262-A7BCE13D2A7D}] => (Allow) C:\Users\martinha\AppData\Local\Temp\7zS66D4\HPDiagnosticCoreUI.exe
FirewallRules: [{AFC4BFB6-1312-4714-9607-6A53D3869F84}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{85D062F0-8AA8-43AC-B9DC-F4968133064E}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{55C3F113-9419-4BB8-8AE9-B0258BE47BF5}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{7A447C3C-D155-42A8-BB86-F7556065496E}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{90252D5F-5F98-4DB5-8C13-860FD906108A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BCDB17DF-9D6A-4C45-9E42-2062A58A7DA2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{066735DA-2110-4D25-9F97-784AF1ECBA4D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{7DB6FFAE-0564-4493-A346-D8134EE3D2FF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{78124E29-0D0C-4A4E-99CA-734C1CD3F304}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{FF25888E-7318-43BD-8500-E32E4A62A575}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{034A56CD-AEAE-40DD-A252-C379CD467B30}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{0BE02A14-3F9F-4A95-8CEA-40422C20FBF2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{338FAA0A-518B-49AD-B6C4-9B2A257D6B73}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{21AC9A90-10B4-400E-9EFF-29DE7E3A859D}C:\program files (x86)\microsoft office\root\office16\lync.exe] => (Allow) C:\program files (x86)\microsoft office\root\office16\lync.exe
FirewallRules: [UDP Query User{779F8FBD-A572-4C19-AFC1-D927FA51E341}C:\program files (x86)\microsoft office\root\office16\lync.exe] => (Allow) C:\program files (x86)\microsoft office\root\office16\lync.exe
FirewallRules: [{93604640-FA6E-4D1B-B2BE-C9E2B05B5D06}] => (Allow) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
FirewallRules: [{49B6C320-E182-46AA-8E53-4B16B73ACD93}] => (Allow) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
FirewallRules: [{444FFE63-99F4-4C72-90E4-130C0B8BB2F4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{CB62E4FF-3905-4B5A-B1C5-F4B97B0AC04C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{9444189D-3B14-40FE-BFB5-729E063D828A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{070439DA-7497-43FB-8B0B-00379EADD4BB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{28890C94-FDED-4582-A086-F21ED9A4838E}] => (Allow) C:\WINDOWS\CCM\RemCtrl\CmRcService.exe
FirewallRules: [{9C122C60-6068-4E32-BB11-754182095B11}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Wiederherstellungspunkte =========================

12-10-2016 00:12:47 Windows Update
13-10-2016 14:54:15 Installed iTunes
19-10-2016 12:03:37 Windows Update
21-10-2016 21:16:12 Installed Gigaset QuickSync.
22-10-2016 22:02:31 Removed Gigaset QuickSync.

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (10/25/2016 03:54:48 PM) (Source: Windows Search Service) (EventID: 3083) (User: )
Description: Fehler beim Laden des Protokollhandlers Mapi16. Fehlerbeschreibung: (HRESULT : 0x80004005).

Error: (10/25/2016 03:50:21 PM) (Source: Windows Search Service) (EventID: 3083) (User: )
Description: Fehler beim Laden des Protokollhandlers Mapi16. Fehlerbeschreibung: (HRESULT : 0x80004005).

Error: (10/25/2016 03:27:39 PM) (Source: Windows Search Service) (EventID: 3083) (User: )
Description: Fehler beim Laden des Protokollhandlers Mapi16. Fehlerbeschreibung: (HRESULT : 0x80004005).

Error: (10/25/2016 03:22:45 PM) (Source: Windows Search Service) (EventID: 3083) (User: )
Description: Fehler beim Laden des Protokollhandlers Mapi16. Fehlerbeschreibung: (HRESULT : 0x80004005).

Error: (10/25/2016 02:44:27 PM) (Source: Windows Search Service) (EventID: 3083) (User: )
Description: Fehler beim Laden des Protokollhandlers Mapi16. Fehlerbeschreibung: (HRESULT : 0x80004005).

Error: (10/25/2016 02:39:16 PM) (Source: Windows Search Service) (EventID: 3083) (User: )
Description: Fehler beim Laden des Protokollhandlers Mapi16. Fehlerbeschreibung: (HRESULT : 0x80004005).

Error: (10/25/2016 02:35:16 PM) (Source: Windows Search Service) (EventID: 3083) (User: )
Description: Fehler beim Laden des Protokollhandlers Mapi16. Fehlerbeschreibung: (HRESULT : 0x80004005).

Error: (10/25/2016 02:21:41 PM) (Source: Windows Search Service) (EventID: 3083) (User: )
Description: Fehler beim Laden des Protokollhandlers Mapi16. Fehlerbeschreibung: (HRESULT : 0x80004005).

Error: (10/25/2016 02:19:16 PM) (Source: Windows Search Service) (EventID: 3083) (User: )
Description: Fehler beim Laden des Protokollhandlers Mapi16. Fehlerbeschreibung: (HRESULT : 0x80004005).

Error: (10/25/2016 02:06:22 PM) (Source: Windows Search Service) (EventID: 3083) (User: )
Description: Fehler beim Laden des Protokollhandlers Mapi16. Fehlerbeschreibung: (HRESULT : 0x80004005).


Systemfehler:
=============
Error: (10/25/2016 01:39:13 PM) (Source: DCOM) (EventID: 10010) (User: IT-CONSULT)
Description: Der Server "{889821A7-F3E9-4CB7-B2A0-08979395125B}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (10/25/2016 01:37:43 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1096) (User: NT-AUTORITÄT)
Description: Fehler bei der Verarbeitung der Gruppenrichtlinie. Es wurde versucht, registrierungsbasierte Richtlinieneinstellungen für das Gruppenrichtlinienobjekt "LDAP://CN=Machine,cn={96303C8C-9F18-408F-A372-710471F7C067},cn=policies,cn=system,DC=IT-CONSULT,DC=NET" zu lesen. Die Gruppenrichtlinieneinstellungen dürfen nicht erzwungen werden, bis dieses Ereignis behoben ist. Weitere Informationen über den Dateinamen und -pfad, der den Fehler verursacht hat, können den Ereignisdetails entnommen werden.

Error: (10/25/2016 01:35:22 PM) (Source: DCOM) (EventID: 10010) (User: IT-CONSULT)
Description: Der Server "{889821A7-F3E9-4CB7-B2A0-08979395125B}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (10/25/2016 01:22:46 PM) (Source: DCOM) (EventID: 10010) (User: IT-CONSULT)
Description: Der Server "{889821A7-F3E9-4CB7-B2A0-08979395125B}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (10/25/2016 12:47:09 PM) (Source: DCOM) (EventID: 10016) (User: IT-CONSULT)
Description: Durch die Berechtigungseinstellungen für "Computerstandard" wird dem Benutzer "IT-CONSULT\martinha" (SID: S-1-5-21-1278887282-1552680147-1237208637-1224) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 und der APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 im Anwendungscontainer "Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (10/25/2016 12:47:08 PM) (Source: DCOM) (EventID: 10016) (User: IT-CONSULT)
Description: Durch die Berechtigungseinstellungen für "Computerstandard" wird dem Benutzer "IT-CONSULT\martinha" (SID: S-1-5-21-1278887282-1552680147-1237208637-1224) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 und der APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 im Anwendungscontainer "Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (10/25/2016 12:47:08 PM) (Source: DCOM) (EventID: 10016) (User: IT-CONSULT)
Description: Durch die Berechtigungseinstellungen für "Computerstandard" wird dem Benutzer "IT-CONSULT\martinha" (SID: S-1-5-21-1278887282-1552680147-1237208637-1224) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 und der APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 im Anwendungscontainer "Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (10/25/2016 12:47:08 PM) (Source: DCOM) (EventID: 10016) (User: IT-CONSULT)
Description: Durch die Berechtigungseinstellungen für "Computerstandard" wird dem Benutzer "IT-CONSULT\martinha" (SID: S-1-5-21-1278887282-1552680147-1237208637-1224) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 und der APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 im Anwendungscontainer "Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (10/25/2016 12:47:07 PM) (Source: DCOM) (EventID: 10016) (User: IT-CONSULT)
Description: Durch die Berechtigungseinstellungen für "Computerstandard" wird dem Benutzer "IT-CONSULT\martinha" (SID: S-1-5-21-1278887282-1552680147-1237208637-1224) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 und der APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 im Anwendungscontainer "Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (10/25/2016 12:47:07 PM) (Source: DCOM) (EventID: 10016) (User: IT-CONSULT)
Description: Durch die Berechtigungseinstellungen für "Computerstandard" wird dem Benutzer "IT-CONSULT\martinha" (SID: S-1-5-21-1278887282-1552680147-1237208637-1224) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 und der APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 im Anwendungscontainer "Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.


CodeIntegrity:
===================================
  Date: 2016-10-25 12:59:57.820
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-25 12:59:57.804
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-25 12:59:57.767
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-25 12:57:54.967
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-25 12:57:54.943
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-25 12:41:33.164
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-25 12:41:33.159
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-25 12:41:33.153
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-25 12:41:31.072
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-25 12:41:31.047
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-4550U CPU @ 1.50GHz
Prozentuale Nutzung des RAM: 44%
Installierter physikalischer RAM: 8092.86 MB
Verfügbarer physikalischer RAM: 4501.34 MB
Summe virtueller Speicher: 9372.86 MB
Verfügbarer virtueller Speicher: 5066.29 MB

==================== Laufwerke ================================

Drive c: (Windows8_OS) (Fixed) (Total:454.23 GB) (Free:288.78 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive z: (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.2 GB) FAT32

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 91ACF725)

Partition: GPT.

==================== Ende von Addition.txt ============================


Alt 25.10.2016, 15:19   #6
martinha
 
Downloadtrojaner Zonquadttax.exe - Standard

Downloadtrojaner Zonquadttax.exe


Zuerst schon mal herzlichen Dank für die Hilfe
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 17-10-2016
durchgeführt von martinha (25-10-2016 16:09:25)
Gestartet von C:\Users\martinha\Desktop
Windows 10 Enterprise Version 1607 (X64) (2016-10-01 10:28:02)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3971317600-4276828187-4244599763-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3971317600-4276828187-4244599763-503 - Limited - Disabled)
Gast (S-1-5-21-3971317600-4276828187-4244599763-501 - Limited - Disabled)
rauter (S-1-5-21-3971317600-4276828187-4244599763-1006 - Administrator - Enabled) => C:\Users\rauter
Support (S-1-5-21-3971317600-4276828187-4244599763-1001 - Administrator - Enabled) => C:\Users\Support

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acronis Backup 11.5 Agent Core (HKLM-x32\...\{CE226895-5910-47CE-8A28-5D7D907A4FFF}) (Version: 11.5.38573 - Acronis)
Acronis Backup 11.5 Agent für Windows (HKLM-x32\...\{703EE602-5FB5-4592-9388-FE1D2C20F363}) (Version: 11.5.38573 - Acronis)
Acronis Backup 11.5 Bootable Media Builder (HKLM-x32\...\{EE1BE3AE-B8DB-4DBB-AC9F-F9B54AC2C52E}) (Version: 11.5.38573 - Acronis)
Acronis Backup 11.5 Command-Line Tool (HKLM-x32\...\{13CAA62E-4226-4B29-BB1A-23DC92CE4B6A}) (Version: 11.5.38573 - Acronis)
Acronis Backup 11.5 Management Console (HKLM-x32\...\{90BE6C97-1F7A-4F35-9876-FA62CE20D2C9}) (Version: 11.5.38573 - Acronis)
Acronis Backup 11.5 Tray Monitor (HKLM-x32\...\{0402F389-E3BD-47B7-AAAD-D2B4DAA8F90B}) (Version: 11.5.38573 - Acronis)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.020.20039 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.185 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-Bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Capella Micro CM3218x SPB Driver (HKLM-x32\...\CM3218x) (Version: 1.1.1.0 - Capella Microsystems, Inc.)
Configuration Manager Client (Version: 5.00.8412.1000 - Microsoft Corporation) Hidden
Dependency Package Update (x32 Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7/8 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
DisplayLink Core Software (HKLM\...\{58F4C39B-D946-4A45-A314-DEFC2AFDF397}) (Version: 7.5.54609.0 - DisplayLink Corp.)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
EasyGPS 5.23.0.0 (HKLM-x32\...\EasyGPS_is1) (Version: 5.23.0.0 - TopoGrafix)
Elevated Installer (x32 Version: 4.1.27.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin BaseCamp (HKLM-x32\...\{23A4DBD1-D847-4957-995D-8B1CC527E2E2}) (Version: 4.6.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{5b45c228-dcb1-4a0b-a9de-3b4b683ef15d}) (Version: 4.1.27.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.27.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.27.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin TOPO Deutschland V7 PRO (HKLM-x32\...\{340A2FCE-F4B5-4F80-8AEE-F72D55711F83}) (Version: 7.0.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{DC7720F2-98BE-41C1-B0A8-E391362E86B8}) (Version: 2.3.1.1 - Garmin Ltd or its subsidiaries)
GDR 6241 für SQL Server 2008 (KB 3045311) (HKLM-x32\...\KB3045311) (Version: 10.4.6241.0 - Microsoft Corporation)
Gesture Control (HKLM-x32\...\{7777DD46-E32D-44FE-A08B-AF83CD8FB54C}) (Version: 6.1.163.8 - Lenovo)
Gigaset QuickSync (HKLM\...\{192f673d-d310-4488-96da-4a4bfcd6ab2b}) (Version: 8.6.0875.1 - Gigaset Communications GmbH)
HP Deskjet 1000 J110 series - Grundlegende Software für das Gerät (HKLM\...\{CED47C99-8892-4956-BCA7-CC3123531371}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 1000 J110 series Hilfe (HKLM-x32\...\{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}) (Version: 140.0.65.65 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Support Solutions Framework (HKLM-x32\...\{B1AD4FFB-DD17-43EC-8C30-B9E71EAD9132}) (Version: 12.5.32.37 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDetect (HKLM-x32\...\{CCCDD476-98F9-4B06-91DB-23F27CEC3BE1}) (Version: 1.0.0.0 - HP)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
iCloud (HKLM\...\{B33C558F-772F-4308-A059-390FBF9BAAAE}) (Version: 5.0.2.61 - Apple Inc.)
Inst5676 (Version: 8.01.42 - Softex Inc.) Hidden
Integrated Camera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10252 - Realtek Semiconductor Corp.)
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.4.129.1 - Intel Security)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1156 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 20.2 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4206 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.253.0 - Intel Corporation)
Intel(R) Wireless Bluetooth(R)(patch version 17.1.1512.771) (HKLM\...\{302600C1-6BDF-4FD1-1501-148929CC1385}) (Version: 17.1.1501.0514 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel® PROSet/Wireless Software (HKLM-x32\...\{d5572863-793c-4ec8-872a-43cccc68b948}) (Version: 18.40.0 - Intel Corporation)
iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version: 12.5.1.21 - Apple Inc.)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
LavasoftTcpService (x32 Version: 2.3.3.0 - Lavasoft) Hidden
Lenovo Anzeige am Bildschirm (Version: 8.80.10 - Lenovo) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.13 - )
Lenovo Patch Utility (x32 Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Peer Connect SDK (HKLM\...\{75C87855-9CBB-4892-B1A9-74C73A19CACA}_is1) (Version: 1.0.0.7 - Lenovo)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.11.06 - Lenovo)
Lenovo QuickConnect NFC Utility (HKLM-x32\...\{7C8A2D9F-10CF-4071-BFE4-6B0843A6302E}_is1) (Version: 2.0.0.54 - Lenovo Group Limited)
Lenovo QuickControl (HKLM-x32\...\{ABA0A3F7-649E-4338-BDC9-18437D9699D6}) (Version: 2.40 - Lenovo Group Limited)
Lenovo Settings - Power (x32 Version: 2.00.000 - Lenovo) Hidden
Lenovo Solution Center (HKLM\...\{558E50EE-5E2D-479A-A455-8A826191583B}) (Version: 3.3.004.00 - Lenovo)
Lenovo System Interface Foundation (HKLM\...\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.067.00 - Lenovo)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0022 - Lenovo)
Lenovo USB Graphics (HKLM\...\{E6B1FE9A-CB1E-4096-A0AF-163419CB971C}) (Version: 7.5.54614.0 - Lenovo)
Lenovo USB3.0 to DVI VGA Monitor Adapter (HKLM-x32\...\{454D32AD-C149-49BE-9F2E-8C089C3D6620}) (Version: 1.07.17 - Lenovo)
Lexware Abschreibungsrechner (x32 Version: 15.00.00.0006 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware büro easy 2016 (x32 Version: 29.04.00.0114 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware büro easy plus 2016 (HKLM-x32\...\{17d7e319-ac59-4a31-84cb-3009092079e2}) (Version: 29.4.0.114 - Haufe-Lexware GmbH & Co.KG)
Lexware Datenbank plus 2016 (x32 Version: 16.00.00.0097 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Elster (x32 Version: 16.05.00.0033 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Elster 2016 (HKLM-x32\...\{c9c745c2-74e4-454e-91e0-ca041e6ed42c}) (Version: 16.5.0.33 - Haufe-Lexware GmbH & Co.KG)
Lexware Info Service (x32 Version: 16.00.00.0040 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Installations Dienst (HKLM-x32\...\{6FF55A3A-4E59-4CF8-9248-2EE747168B3E}) (Version: 5.01.00.0040 - Haufe-Lexware GmbH & Co.KG)
Lexware online banking (x32 Version: 22.04.00.0043 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware PDF-Export 5 (x32 Version: 5.00.01.0009 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware reisekosten 2016 (HKLM-x32\...\{8a317b7d-5b5c-49d3-bc29-71a1c3f03f76}) (Version: 16.2.0.161 - Haufe-Lexware GmbH & Co.KG)
Lexware reisekosten plus 2016 (x32 Version: 16.02.00.0211 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Services (x32 Version: 4.00.00.0066 - Haufe-Lexware GmbH & Co.KG) Hidden
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Managed Windows Defender (Version: 4.7.0214.0 - Microsoft Corporation) Hidden
Manager (x32 Version: 4.1.4.27792 - 2015 pdfforge GmbH. All rights reserved) Hidden
Metric Collection SDK (x32 Version: 1.1.0008.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0011.00 - Lenovo Group Limited) Hidden
Microsoft Dynamics CRM 2015 für Microsoft Office Outlook (HKLM\...\Microsoft CRM Client) (Version: 7.1.0001.3113 - Microsoft Corporation)
Microsoft Dynamics CRM für Outlook Update 1.0 (KB3056327) (HKLM\...\KB3056327_Client_1031) (Version: 7.1.0000.1074 - Microsoft Corporation)
Microsoft Dynamics CRM für Outlook Update 1.1 (KB3072333) (HKLM\...\KB3072333_Client_1031) (Version: 7.1.0001.3113 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 16.0.7369.2038 - Microsoft Corporation)
Microsoft Online Services-Anmeldeassistent (HKLM\...\{46E637E2-AC34-4B45-B5DF-D20903A3DB61}) (Version: 7.250.4303.0 - Microsoft Corporation)
Microsoft Report Viewer 2012-Laufzeit (HKLM-x32\...\{65F3578A-F54F-4402-A9B1-E36B06976706}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft ReportViewer 2010 Redistributable (HKLM-x32\...\{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM-x32\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{4AF2248C-B3DF-46FB-9596-87F5DB193689}) (Version: 10.4.6000.29 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{F5A944B8-426D-4A6A-BE6F-DAAA957CA50D}) (Version: 10.4.6000.29 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM-x32\...\{AE70D6C9-AF27-405C-9BF7-7D7AB70AC177}) (Version: 10.4.6241.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{F0DA699A-5279-49F2-AC5C-1BA58B3CC613}) (Version: 3.5.8082.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{419A1C86-B998-4395-A848-AA95E8869E13}) (Version: 3.5.8082.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 DEU  (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{28D06854-572C-4A65-83E5-F8CAF26B9FDC}) (Version: 10.4.6000.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
ModemAuthenticator (HKLM-x32\...\{C19BC2FE-B85D-42E3-B7FE-1628B2E22298}) (Version: 1.0.7 - Intel Mobile Communications)
Mozilla Firefox 47.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 de)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla)
Net at Work Mail Gateway Outlook add-in (HKLM-x32\...\{9bb32908-fa74-4345-b108-b7e371dd1e22}) (Version: 8.5.164.0 - Net at Work Netzwerksysteme GmbH)
Net at Work Mail Gateway Outlook Add-in (Version: 8.5.164.0 - Net at Work Netzwerksysteme GmbH) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
OfficeMaster Client G5 (x86) (HKLM-x32\...\{efa9fdfb-f1cc-49fb-81ab-14878b2e8f7a}) (Version: 5.21.29362 - Ferrari electronic AG)
OSM generic routable(GRC) (HKLM-x32\...\OSM generic routable(GRC)) (Version:  - )
PDF Architect 4 (HKLM-x32\...\PDF Architect 4) (Version: 4.0.34.26215 - pdfforge GmbH)
PDF Architect 4 Create Module (Version: 4.1.5.29097 - pdfforge GmbH) Hidden
PDF Architect 4 Edit Module (Version: 4.1.5.29097 - pdfforge GmbH) Hidden
PDF Architect 4 View Module (Version: 4.1.5.29097 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.3.2 - pdfforge GmbH)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Plantronics CSR Driver (64-bit) (Version: 3.1.51094.21292 - Plantronics, Inc.) Hidden
Plantronics CsrDfu Installer (x32 Version: 3.1.51094.21292 - Plantronics, Inc.) Hidden
Plantronics HidDfu Installer (x32 Version: 3.1.51094.21292 - Plantronics, Inc.) Hidden
Plantronics MyHeadset Updater (HKLM-x32\...\{f3913714-6d44-49ee-9526-a47d548f2334}) (Version: 3.1.51094.21292 - Plantronics, Inc.)
Plantronics MyHeadset Updater (x32 Version: 3.1.51094.21292 - Plantronics, Inc.) Hidden
Plantronics MyHeadset Updater Device Handlers (32-bit) (x32 Version: 3.1.51094.21292 - Plantronics, Inc.) Hidden
Plantronics MyHeadset Updater DFU Handlers (32-bit) (x32 Version: 3.1.51094.21292 - Plantronics, Inc.) Hidden
Plantronics MyHeadset Updater Install Check (x32 Version: 3.1.51094.21292 - Plantronics, Inc.) Hidden
Plantronics MyHeadset Updater MLS (Version: 3.0.0.0 - Plantronics, Inc.) Hidden
Plantronics MyHeadset Updater Runtime (x32 Version: 3.1.51094.21292 - Plantronics, Inc.) Hidden
Plantronics MyHeadset Updater Startup (x32 Version: 3.1.51094.21292 - Plantronics, Inc.) Hidden
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7572 - Realtek Semiconductor Corp.)
Rossmann Fotowelt Software (HKLM-x32\...\Rossmann Fotowelt Software) (Version: 4.14.5. - ORWO Net)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.61.0 - Samsung Electronics Co., Ltd.)
Service Pack 4 für SQL Server 2008 (KB2979596) (HKLM-x32\...\KB2979596) (Version: 10.4.6000.29 - Microsoft Corporation)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 3.3.0.658 - Lenovo)
Sierra Wireless EM7345 4G LTE Software (HKLM-x32\...\SWIIntelDrvInstaller) (Version: 2.5.10640.4317 - Sierra Wireless, Inc.)
Sign Live! CC Sparkassen-Edition 6.3 (HKLM\...\SIGNLIVE_CC_Sparkassen_Edition_6_3_is1) (Version: 6.3 - intarsys consulting GmbH)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Snip (HKU\S-1-5-21-1278887282-1552680147-1237208637-1224\...\{525d439e-e22a-4221-8fd1-25b845fe0038}) (Version: 0.1.5119.0 - Microsoft Corporation)
Snip (x32 Version: 0.1.5119.0 - Microsoft) Hidden
Sophos SSL VPN Client 2.1 (HKLM-x32\...\Sophos SSL VPN Client) (Version: 2.1 - )
Sql Server Customer Experience Improvement Program (x32 Version: 10.4.6000.29 - Microsoft Corporation) Hidden
Start Menu (HKU\S-1-5-21-1278887282-1552680147-1237208637-500\...\Pokki_Start_Menu) (Version: 0.269.4.145 - Pokki)
Studie zur Verbesserung von HP Deskjet 1000 J110 series Produkten (HKLM\...\{28F4BC72-75AE-47DD-B5B3-2A027BCA48A7}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.85 - Synaptics Incorporated)
Synaptics WBF DDK 5011 (Advanced) (HKLM\...\{87E2D28A-EEE2-4C3C-B0C1-CDA986B3C42E}) (Version: 4.5.503.0 - Synaptics)
System Center Endpoint Protection (HKLM\...\Microsoft Security Client) (Version: 4.7.214.0 - Microsoft Corporation)
tax 2015 Professional (HKLM-x32\...\{4CF96070-DEE5-43B5-B6A7-23AC07BC0C77}) (Version: 22.00.8811 - Buhl Data Service GmbH)
tax 2016 Professional (HKLM-x32\...\{30E85B0C-57D8-4ECE-814B-264550A92FAB}) (Version: 23.00.1146 - Buhl Data Service GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.63017 - TeamViewer)
ThinkPad OneLink Dock (HKLM-x32\...\{8E1CACF5-2493-4950-9AD5-189903FE57E7}) (Version: 1.08.36 - Lenovo)
ThinkPad Settings Dependency (Version: 3.0.1.29 - Lenovo) Hidden
Thinkpad USB 3.0 Ethernet Adapter Driver (HKLM-x32\...\{D8102684-7BA1-4948-88B9-535F84E6E588}) (Version: 8.8.911.2013 - Lenovo)
ThinkVantage Password Manager (HKLM-x32\...\{70EE2BAA-F82A-4B8A-950E-649EFD64D5B9}) (Version: 4.70.2.0 - Lenovo Group Limited)
TimeTracking Outlook AddIn (HKLM-x32\...\{092C9DD6-6641-4DEC-B607-E0C5C8901A24}) (Version: 4.2.0 - proMX GmbH)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
Windows Firewall Configuration Provider (HKLM\...\{109A5A16-E09E-4B82-A784-D1780F1190D6}) (Version: 1.2.3412.0 - Microsoft Corporation)
Windows-Treiberpaket - Cambridge Silicon Radio (CSRBC) USB  (10/26/2012 2.4.0.0) (HKLM\...\20C7EDA3129B3FF8F72F9BF59252B718B554FBDC) (Version: 10/26/2012 2.4.0.0 - Cambridge Silicon Radio)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Intel (e1dexpress) Net  (03/13/2014 12.11.77.1) (HKLM\...\8B9947A3FCC81D9507E333A63C6CC56E091BA6DB) (Version: 03/13/2014 12.11.77.1 - Intel)
Windows-Treiberpaket - Intel Corporation (iaStorA) HDC  (11/15/2013 12.8.10.1005) (HKLM\...\D25E6F494D3225DFE05884186452E2C79AF2E506) (Version: 11/15/2013 12.8.10.1005 - Intel Corporation)
Windows-Treiberpaket - Lenovo 1.67.04.05 (12/17/2013 1.67.04.05) (HKLM\...\68ECF461D6E85BB67AFC110D2FEBF1955C9F26B5) (Version: 12/17/2013 1.67.04.05 - Lenovo)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows-Treiberpaket - Synaptics (SmbDrv) System  (04/07/2014 18.0.7.40) (HKLM\...\FB2627FE59EA6DAD058B4A4C82647DC162F8723D) (Version: 04/07/2014 18.0.7.40 - Synaptics)
Windows-Treiberpaket - Synaptics (SynTP) Mouse  (04/07/2014 18.0.7.40) (HKLM\...\5879A8A324E612CD4CB110632BF1186381FA46F0) (Version: 04/07/2014 18.0.7.40 - Synaptics)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-1278887282-1552680147-1237208637-1224_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\martinha\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_2\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1278887282-1552680147-1237208637-1224_Classes\CLSID\{9E90BC4A-C30F-4BB1-AE57-757E5089FFE2}\InprocServer32 -> C:\Users\martinha\AppData\Local\TimeTrackingOutlookAddIn20\adxloader64.dll ()

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {083BCDAD-F56A-4C27-BE44-774922CCD363} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {0BE19FBC-CA7F-4E92-BB05-C5FB6A148AEF} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_TVSUUpdateTask => reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler  /v start /t reg_dword /d 1 /f /reg:32
Task: {12C523F8-40DC-4032-A176-15EEBCBCB005} - \WPD\SqmUpload_S-1-5-21-1278887282-1552680147-1237208637-1224 -> Keine Datei <==== ACHTUNG
Task: {140BC594-94C0-44FF-9361-DD926C3D1663} - \WPD\SqmUpload_S-1-5-21-3971317600-4276828187-4244599763-1001 -> Keine Datei <==== ACHTUNG
Task: {15E0C3AA-2D89-42F6-ACD0-437661FA0E3D} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-04-01] (Oracle Corporation)
Task: {24E826E0-421F-46F3-9079-3B6AF34B1266} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-08-13] (Realtek Semiconductor)
Task: {2A14A12F-2298-4FB4-9578-B1B780364B54} - \Microsoft\Windows\RemoteApp and Desktop Connections Update\martinha@IT-CONSULT.NET\Report update status -> Keine Datei <==== ACHTUNG
Task: {2A8541BC-F922-4E2C-B70F-55DED8A51555} - \WPD\SqmUpload_S-1-5-21-1278887282-1552680147-1237208637-1332 -> Keine Datei <==== ACHTUNG
Task: {2F6A7B13-A044-42CD-9875-CEECB3D2A2DE} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-08-18] (HP Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {4793A9E9-69AF-454E-83AE-86B63EA9556B} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-12] (Adobe Systems Incorporated)
Task: {47C8B51B-7854-42DF-9BAA-E98FFDA1DF5B} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Maintenance
Task: {49312AC5-D52B-4B18-8DED-5C3155204076} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-10-12] (Microsoft Corporation)
Task: {4A174699-4C93-4E5F-B2C1-865C43C808AE} - System32\Tasks\Lenovo\Lenovo Settings Power => Rundll32.exe "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.dll",PwrMgrBkGndMonitor
Task: {4AEAD71D-051E-457E-A6D2-CF61297EB5DF} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {4CC90EA5-155F-4747-97A0-10D0358DC769} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-08] (Microsoft Corporation)
Task: {507F2F84-124F-402E-8AD7-BA299752F2B3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-10-09] (Microsoft Corporation)
Task: {5085AB57-C81A-4C1B-ABDD-12717E4A2C0C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {5D6C7DFE-6F2A-4CC1-8490-ED9E41186CCC} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Health Evaluation => C:\WINDOWS\CCM\ccmeval.exe [2016-06-20] (Microsoft Corporation)
Task: {63E32C29-8092-4EB3-854A-7D9A5C31EA8F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {69E8B51E-A33C-4C3E-B581-78F198FD91CB} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Idle Detection
Task: {6A9E64BA-B5B6-4A1E-9ACE-003867676ACC} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {6B215071-BCB2-4440-86B6-E4562B4F8EBF} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.UpdateStatusService.exe [2016-08-24] ()
Task: {6FD832FD-6202-4B36-8BC3-8A868CA46227} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-08] (Microsoft Corporation)
Task: {74ED73D0-505C-45F3-8048-34765681F225} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-08-24] (Lenovo)
Task: {7CF2F00F-4AA7-4964-A72E-324597B6C93B} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {7DB45B4A-2762-4441-BE74-2374B62F3FE5} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => Sc.exe START ImControllerService
Task: {81491D64-24FF-4A4F-B249-9ABD29CF3C50} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-08-13] (Realtek Semiconductor)
Task: {87D1761F-53E0-407A-8228-57BE9D17118F} - System32\Tasks\Kopiere Fahrtenbuch => 
Task: {880A47A6-108D-46A1-9A7E-242A7A11592B} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Passport for Work Certificate Enrollment Task => C:\WINDOWS\System32\Wbem\wmic.exe [2016-07-16] (Microsoft Corporation) <==== ACHTUNG
Task: {8D360885-0724-4AF3-9619-66A1B9EDEB6C} - System32\Tasks\LenovoQuickDisplay => C:\Program Files (x86)\Lenovo\QuickConnect NFC Utility\qdtap.exe [2014-03-05] (Lenovo)
Task: {8F4592C4-5D3D-4D3D-99E3-B39929FD11EC} - System32\Tasks\HPCustParticipation HP Deskjet 1000 J110 series => C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {8FD1E83C-3575-4685-8821-861B6A0C747F} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-08-31] ()
Task: {91294BE9-6728-4689-9382-A91C623B279C} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2016-01-13] ()
Task: {948A9ECC-4088-4B37-916F-B87B3EE34036} - \WPD\SqmUpload_S-1-5-21-1278887282-1552680147-1237208637-1125 -> Keine Datei <==== ACHTUNG
Task: {979E16DA-189E-480C-979E-B9B0809A6605} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {9A1DD3BC-78AF-43E0-A442-F5FC96235BB2} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2016-04-20] (Lenovo)
Task: {9F4289BE-5AC6-4042-9535-BF635D635D68} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202}
Task: {A046DC57-4CDD-479F-9334-E61CDBEBAA77} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\WINDOWS\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {A8CA310C-B9DE-4E33-A8F7-9F16A4BCC859} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {AAF2731B-22E4-4C00-80F1-A2C6CDA5F5F7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {AC7B9DFB-1931-468E-B0C9-C66643A99756} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {AF59060C-40DF-4877-845D-44058A3B2D05} - \WPD\SqmUpload_S-1-5-21-3971317600-4276828187-4244599763-1006 -> Keine Datei <==== ACHTUNG
Task: {B5EEA664-5383-4FE8-BC6E-E85B66D14C1C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-10-09] (Microsoft Corporation)
Task: {BF9954B5-6B28-48DD-9E72-2CC684417BD3} - \Microsoft\Windows\Setup\gwx\runappraiser -> Keine Datei <==== ACHTUNG
Task: {BFEA1D7E-B9F1-42F0-9F1F-AC0C0621B247} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {C4DA72FD-C613-409E-82B3-AD9FD59475FA} - \WPD\SqmUpload_S-1-5-21-1278887282-1552680147-1237208637-18922 -> Keine Datei <==== ACHTUNG
Task: {C75162A0-587E-49E2-AF7D-46F441F31D4D} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\martinha\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-28] (Microsoft Corporation)
Task: {C795E956-ADB5-4D68-B762-3956C4DB9660} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}
Task: {C843E6DE-61F7-48B7-BCED-263F48D4A1C4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {CB32CD67-D8C1-4DED-AE7D-6EC45A4506C7} - System32\Tasks\RtHDVBg_LENOVO_MICPKEY => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-08-13] (Realtek Semiconductor)
Task: {D8CEED34-D22B-4D0B-97ED-6D0C384CAE8D} - System32\Tasks\Lenovo\Gesture Control => C:\Program Files (x86)\eyeSight\Gesture Control\GestureControl.exe [2014-07-31] (Lenovo)
Task: {DFC6C251-21C1-401B-8E47-83D90F885003} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-08-24] (Lenovo)
Task: {DFECBAE1-230A-4128-8E41-56CAA7D4D64C} - \Microsoft\Windows\RemoteApp and Desktop Connections Update\martinha@IT-CONSULT.NET\Update connections -> Keine Datei <==== ACHTUNG
Task: {F05788F6-6910-4EA0-91E3-BBD9E4DA6CE5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-10-12] (HP Inc.)
Task: {F3BE8384-6CA4-44FE-8317-AD089A72909E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {F5CD90D4-9CB1-429A-B76A-9E46515C7462} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {F72D0D12-F5F5-4261-9535-F5BBD795E302} - System32\Tasks\HPCeeScheduleFormartinha => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {F74E8997-9768-42BC-A19B-9013844CFA96} - System32\Tasks\Lexware Info Service Assistent => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [2015-09-29] (Haufe-Lexware GmbH & Co. KG)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleFormartinha.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements (1).job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

ShortcutWithArgument: C:\Users\martinha\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-07-16 13:42 - 2016-07-16 13:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-10-13 08:05 - 2016-09-15 19:25 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-07-02 22:32 - 2015-07-02 22:32 - 00023040 _____ () C:\Program Files (x86)\Sierra Wireless Inc\LENOVO MBIM Toolkit\firmwareupdaterservice.exe
2016-10-01 12:23 - 2016-10-01 12:05 - 00400896 _____ () C:\ProgramData\focel\focel.exe
2015-07-02 22:32 - 2015-07-02 22:32 - 00564224 _____ () C:\Program Files (x86)\Sierra Wireless Inc\LENOVO MBIM Toolkit\FirmwareApp.exe
2016-09-20 19:26 - 2016-08-23 08:02 - 00213320 _____ () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2016-10-13 08:05 - 2016-09-15 19:25 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-10-01 12:33 - 2016-10-01 12:33 - 01864384 _____ () C:\Users\martinha\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_2\amd64\ClientTelemetry.dll
2016-07-16 13:42 - 2016-07-16 13:42 - 00130048 _____ () C:\WINDOWS\SYSTEM32\CHARTV.dll
2016-10-01 13:20 - 2016-09-07 06:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-10-13 08:06 - 2016-10-05 11:35 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-10-13 08:06 - 2016-10-05 11:21 - 09760256 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-10-13 08:06 - 2016-10-05 11:13 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-10-13 08:06 - 2016-10-05 11:13 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-10-13 08:06 - 2016-10-05 11:13 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-10-13 08:06 - 2016-10-05 11:13 - 02424832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-10-13 08:06 - 2016-10-05 11:14 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2014-11-07 15:23 - 2014-07-03 12:04 - 00915968 _____ () C:\Program Files (x86)\Lenovo\OneLink Dock\onelinkpromgn.exe
2015-03-23 13:02 - 2015-03-23 13:02 - 00480992 _____ () C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpn-gui.exe
2016-10-20 07:45 - 2016-10-20 07:46 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.197.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-10-20 07:45 - 2016-10-20 07:46 - 00178176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.197.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-10-20 07:45 - 2016-10-20 07:46 - 35253760 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.197.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-08-28 11:19 - 2016-08-28 11:20 - 00017408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-08-28 11:19 - 2016-08-28 11:20 - 13475840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-08-28 11:19 - 2016-08-28 11:20 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-08-28 11:19 - 2016-08-28 11:20 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2014-02-19 05:56 - 2014-02-19 05:56 - 00284552 _____ () C:\Program Files (x86)\Common Files\Acronis\BackupAndRecovery\Common\fnls.dll
2014-02-19 05:56 - 2014-02-19 05:56 - 00327312 _____ () C:\Program Files (x86)\Common Files\Acronis\BackupAndRecovery\Common\events_trace.dll
2014-02-19 05:57 - 2014-02-19 05:57 - 00441760 _____ () C:\Program Files (x86)\Common Files\Acronis\BackupAndRecovery\Common\FileTrace.dll
2016-08-31 10:02 - 2016-08-31 10:02 - 00073216 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\FixBootSector.dll
2014-02-19 06:00 - 2014-02-19 06:00 - 00933568 _____ () C:\Program Files (x86)\Acronis\BackupAndRecovery\human_resolving_mms.dll
2014-02-19 05:58 - 2014-02-19 05:58 - 01931408 _____ () C:\Program Files (x86)\Acronis\BackupAndRecovery\msp_agent.dll
2016-06-18 15:40 - 2016-06-18 15:45 - 01754296 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\tmpod.dll
2016-06-18 15:41 - 2016-10-08 13:05 - 00039616 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\lynchtmlconvpxy.dll
2016-10-01 12:33 - 2016-10-01 12:33 - 01383616 _____ () C:\Users\martinha\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_2\ClientTelemetry.dll
2016-10-01 12:33 - 2016-10-01 12:33 - 00118976 _____ () C:\Users\martinha\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_2\FileSyncViews.dll
2015-07-06 21:36 - 2015-07-06 21:36 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-06-19 00:55 - 2016-10-20 08:08 - 03593408 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\gfx.dll
2016-06-18 15:40 - 2016-06-18 15:45 - 01754296 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\tmpod.dll
2016-06-18 15:40 - 2016-10-08 07:45 - 01010376 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\ADDINS\UmOutlookAddin.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 15:25 - 2016-02-18 14:01 - 00034972 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost
13.69.186.195       global.bing.com
13.69.186.195       www.bing.com
13.69.186.195       cn.bing.com
13.69.186.195       bing.com
13.69.186.195       0search.internetquickaccess.com
13.69.186.195       1and1.com
13.69.186.195       22find.com
13.69.186.195       24img.com
13.69.186.195       7mcn.tvnewtabsearch.com
13.69.186.195       abcsearch.ru
13.69.186.195       airzip.inspsearch.com
13.69.186.195       alexnova.com
13.69.186.195       alles-im-inter.net
13.69.186.195       allinsearch.com
13.69.186.195       allsearch.ca
13.69.186.195       allsearch.space
13.69.186.195       alternativesearch.ru
13.69.186.195       amaizingsearches.info
13.69.186.195       amazon.smart-search.com
13.69.186.195       appiance.com
13.69.186.195       apps.searchalgo.com
13.69.186.195       asiasearch.co
13.69.186.195       ask.com
13.69.186.195       atajitos.com
13.69.186.195       autosearch.centurylink.com
13.69.186.195       autosearch.zoominternet.net
13.69.186.195       avg.com
13.69.186.195       avg.nation.com
13.69.186.195       awesomehp.com

Da befinden sich 836 zusätzliche Einträge.


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1278887282-1552680147-1237208637-1224\Control Panel\Desktop\\Wallpaper -> C:\Users\martinha\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-1278887282-1552680147-1237208637-500\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Lenovo\RedBurst.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

MSCONFIG\Services: SpyHunter 4 Service => 2
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "PasswordManager"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "LexwareInfoService"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "Fitbit Connect"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "PLTUpdater.exe"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-1278887282-1552680147-1237208637-1224\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-1278887282-1552680147-1237208637-1224\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1278887282-1552680147-1237208637-1224\...\StartupApproved\Run: => "Dropbox Update"
HKU\S-1-5-21-1278887282-1552680147-1237208637-1224\...\StartupApproved\Run: => "Fitbit Connect"
HKU\S-1-5-21-1278887282-1552680147-1237208637-1224\...\StartupApproved\Run: => "iCloudServices"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{63D811CC-0593-4CBF-89D1-5FEA021016F1}C:\program files (x86)\microsoft office\root\office16\lync.exe] => (Allow) C:\program files (x86)\microsoft office\root\office16\lync.exe
FirewallRules: [TCP Query User{13D127D9-DE3D-4FFC-B03A-C79C92F44061}C:\program files (x86)\microsoft office\root\office16\lync.exe] => (Allow) C:\program files (x86)\microsoft office\root\office16\lync.exe
FirewallRules: [{069F42CC-6F6A-4D5C-80DE-6A44C6890967}] => (Allow) C:\Program Files (x86)\SQL Anywhere 16\Bin32\dbsrv16.exe
FirewallRules: [{89CCE8F7-9A4D-45A2-8E92-673E947B96A8}] => (Allow) C:\Program Files (x86)\SQL Anywhere 16\Bin32\dbsrv16.exe
FirewallRules: [{383F4C8B-A214-4794-8E03-4F402C83ABD3}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{E64CFCDC-82F8-4E86-B76E-7682120BF6F0}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{B52B744A-A7F9-4584-887D-D80154673931}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{C85478E4-DB5E-433F-B3BF-A640C49CAE4E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{44743B7F-B6F3-4DBF-912D-099029708B2E}] => (Allow) C:\Users\martinha\AppData\Local\Temp\7zS41F3\HPDiagnosticCoreUI.exe
FirewallRules: [{0EF2C4D0-0B07-4A0F-A843-990D1EDBA334}] => (Allow) C:\Users\martinha\AppData\Local\Temp\7zS41F3\HPDiagnosticCoreUI.exe
FirewallRules: [{3BCC16BE-A280-4734-8C7E-151C801C5498}] => (Allow) C:\Users\martinha\AppData\Local\Temp\7zS2E31\HPDiagnosticCoreUI.exe
FirewallRules: [{95C7F43C-A6C0-4E59-B1D7-AD3B7A900486}] => (Allow) C:\Users\martinha\AppData\Local\Temp\7zS2E31\HPDiagnosticCoreUI.exe
FirewallRules: [{68D89644-8CE7-4A66-BFB6-1A5630050DCD}] => (Allow) C:\Users\martinha\AppData\Local\Temp\7zS1CB2\HPDiagnosticCoreUI.exe
FirewallRules: [{8EB3B9CF-8884-4114-8317-AA6785354AAC}] => (Allow) C:\Users\martinha\AppData\Local\Temp\7zS1CB2\HPDiagnosticCoreUI.exe
FirewallRules: [{EE807A6E-7F12-46C2-8A53-0CCE2BE169CC}] => (Allow) C:\Program Files (x86)\Lexware\services\Haufe.FabricHostService.exe
FirewallRules: [{5D66E0F6-95D0-4576-9DA0-F1E7E66D417C}] => (Allow) C:\Program Files (x86)\Lexware\services\Haufe.FabricHostService.exe
FirewallRules: [{B7023848-71CE-4F9C-B5FB-C7134D5D72D4}] => (Allow) C:\Program Files (x86)\SQL Anywhere 12\Bin32\dbsrv12.exe
FirewallRules: [{9D37163E-B31D-4720-B2AA-636A3C253E47}] => (Allow) C:\Program Files (x86)\SQL Anywhere 12\Bin32\dbsrv12.exe
FirewallRules: [{C74E0952-59C8-4FE2-B01E-536FEE5C6D91}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{CC074C17-6376-4518-ACCB-1147F94AA1B5}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{8FF4582A-66B5-4FC6-BCE2-D45DC950286E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B21127DD-90B9-4BAF-B8FB-C1B5847D50E6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{03A3FF36-2D7E-486D-B043-0D433F0F971B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2F971BFF-9A17-4FB4-9DCA-75C415DFA3BA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D9EE5824-8AF9-4510-BFAC-423F7E431C77}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{E4F95422-6789-4244-9212-1591906F9832}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{C104E45D-5715-4787-874D-6BA2E1D90235}] => (Allow) C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\USBSetup.exe
FirewallRules: [UDP Query User{1A6BFFC7-9D09-469C-963C-40F17EA815EF}C:\users\martinha\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\martinha\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{2055DDB2-7E76-446E-9AC5-AE0082833902}C:\users\martinha\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\martinha\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{9197BA06-4DD0-472F-B495-0CB81058E4B0}C:\program files\microsoft office\office15\lync.exe] => (Allow) C:\program files\microsoft office\office15\lync.exe
FirewallRules: [TCP Query User{297F51E6-A343-4C1B-B55B-93A7AA444460}C:\program files\microsoft office\office15\lync.exe] => (Allow) C:\program files\microsoft office\office15\lync.exe
FirewallRules: [{0274A9C0-94FF-4533-9040-83B3A5BFE5E2}] => (Allow) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
FirewallRules: [{BBF56B60-8922-4DE1-BCE1-AC1310C43454}] => (Allow) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
FirewallRules: [{5AF66E65-A16D-41DE-8227-9CAAE2E85A57}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E971ADB0-484F-4B6F-9D93-1AA21F21204C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{27208934-0015-4403-8AF3-C1DC3E4F1D3C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1E1D42AE-23EC-44AD-B983-5D80C0398F45}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C209A5F7-CF49-4842-A679-4F04E956B719}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{AEF56502-915F-40D8-8C06-8F1E7B742929}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E3780AE3-CD78-41EE-A7F9-97F47DEB08C1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{2F1B4DF4-922F-48F8-A78C-AE06F22CEA79}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{6A1C1605-5278-402F-916F-6F9BD7A57E0A}] => (Allow) C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe
FirewallRules: [{7B130657-70AC-435C-B898-9C246086C901}] => (Allow) C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe
FirewallRules: [{A3CAF720-D9BD-4BF7-AAF6-C075F072126E}] => (Allow) C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe
FirewallRules: [{1FD41DE8-3A9A-4E1B-B6F6-D3AFB4DC376F}] => (Allow) C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe
FirewallRules: [{2E91EC70-1915-422F-BE79-FF1EE7858605}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe
FirewallRules: [{BA2850C7-0F4F-4E1D-9F9D-ED45054766FB}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe
FirewallRules: [{75EF22F2-5904-4BDE-88F0-9C3F1E52BA90}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe
FirewallRules: [{5ECCF999-7175-48D9-A642-058C342547F2}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe
FirewallRules: [{56D59956-ED0E-4AA3-B9D4-D398A152FDD9}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{F4CE020A-4C80-4267-9D20-59F1D8FA21E8}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{12FA5668-6F5F-4280-928C-AF3BEEC13C14}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{A119A95C-0A6B-4997-8CFC-B7262C731E08}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{A2341B34-E953-4251-970E-4A27AEA04975}] => (Allow) C:\WINDOWS\CCM\RemCtrl\CmRcService.exe
FirewallRules: [{55082E6C-6DB3-41D5-B25A-2F834781F6C5}] => (Allow) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
FirewallRules: [{48675F8F-7B7C-46CB-AB14-F55A5A7507E3}] => (Allow) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
FirewallRules: [{7927BF85-C501-4A2C-BBF9-B3A15BF89963}] => (Allow) C:\Users\martinha\AppData\Local\Temp\7zS6690\HPDiagnosticCoreUI.exe
FirewallRules: [{9702A9ED-1D10-4968-B01D-783F8D0E1401}] => (Allow) C:\Users\martinha\AppData\Local\Temp\7zS6690\HPDiagnosticCoreUI.exe
FirewallRules: [{1645A085-FA44-420A-A4D9-660EC9D985F7}] => (Allow) C:\Users\martinha\AppData\Local\Temp\7zS66D4\HPDiagnosticCoreUI.exe
FirewallRules: [{69D5DCE6-FE06-422B-A262-A7BCE13D2A7D}] => (Allow) C:\Users\martinha\AppData\Local\Temp\7zS66D4\HPDiagnosticCoreUI.exe
FirewallRules: [{AFC4BFB6-1312-4714-9607-6A53D3869F84}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{85D062F0-8AA8-43AC-B9DC-F4968133064E}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{55C3F113-9419-4BB8-8AE9-B0258BE47BF5}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{7A447C3C-D155-42A8-BB86-F7556065496E}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{90252D5F-5F98-4DB5-8C13-860FD906108A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BCDB17DF-9D6A-4C45-9E42-2062A58A7DA2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{066735DA-2110-4D25-9F97-784AF1ECBA4D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{7DB6FFAE-0564-4493-A346-D8134EE3D2FF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{78124E29-0D0C-4A4E-99CA-734C1CD3F304}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{FF25888E-7318-43BD-8500-E32E4A62A575}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{034A56CD-AEAE-40DD-A252-C379CD467B30}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{0BE02A14-3F9F-4A95-8CEA-40422C20FBF2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{338FAA0A-518B-49AD-B6C4-9B2A257D6B73}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{21AC9A90-10B4-400E-9EFF-29DE7E3A859D}C:\program files (x86)\microsoft office\root\office16\lync.exe] => (Allow) C:\program files (x86)\microsoft office\root\office16\lync.exe
FirewallRules: [UDP Query User{779F8FBD-A572-4C19-AFC1-D927FA51E341}C:\program files (x86)\microsoft office\root\office16\lync.exe] => (Allow) C:\program files (x86)\microsoft office\root\office16\lync.exe
FirewallRules: [{93604640-FA6E-4D1B-B2BE-C9E2B05B5D06}] => (Allow) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
FirewallRules: [{49B6C320-E182-46AA-8E53-4B16B73ACD93}] => (Allow) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
FirewallRules: [{444FFE63-99F4-4C72-90E4-130C0B8BB2F4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{CB62E4FF-3905-4B5A-B1C5-F4B97B0AC04C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{9444189D-3B14-40FE-BFB5-729E063D828A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{070439DA-7497-43FB-8B0B-00379EADD4BB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{28890C94-FDED-4582-A086-F21ED9A4838E}] => (Allow) C:\WINDOWS\CCM\RemCtrl\CmRcService.exe
FirewallRules: [{9C122C60-6068-4E32-BB11-754182095B11}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Wiederherstellungspunkte =========================

12-10-2016 00:12:47 Windows Update
13-10-2016 14:54:15 Installed iTunes
19-10-2016 12:03:37 Windows Update
21-10-2016 21:16:12 Installed Gigaset QuickSync.
22-10-2016 22:02:31 Removed Gigaset QuickSync.

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (10/25/2016 03:54:48 PM) (Source: Windows Search Service) (EventID: 3083) (User: )
Description: Fehler beim Laden des Protokollhandlers Mapi16. Fehlerbeschreibung: (HRESULT : 0x80004005).

Error: (10/25/2016 03:50:21 PM) (Source: Windows Search Service) (EventID: 3083) (User: )
Description: Fehler beim Laden des Protokollhandlers Mapi16. Fehlerbeschreibung: (HRESULT : 0x80004005).

Error: (10/25/2016 03:27:39 PM) (Source: Windows Search Service) (EventID: 3083) (User: )
Description: Fehler beim Laden des Protokollhandlers Mapi16. Fehlerbeschreibung: (HRESULT : 0x80004005).

Error: (10/25/2016 03:22:45 PM) (Source: Windows Search Service) (EventID: 3083) (User: )
Description: Fehler beim Laden des Protokollhandlers Mapi16. Fehlerbeschreibung: (HRESULT : 0x80004005).

Error: (10/25/2016 02:44:27 PM) (Source: Windows Search Service) (EventID: 3083) (User: )
Description: Fehler beim Laden des Protokollhandlers Mapi16. Fehlerbeschreibung: (HRESULT : 0x80004005).

Error: (10/25/2016 02:39:16 PM) (Source: Windows Search Service) (EventID: 3083) (User: )
Description: Fehler beim Laden des Protokollhandlers Mapi16. Fehlerbeschreibung: (HRESULT : 0x80004005).

Error: (10/25/2016 02:35:16 PM) (Source: Windows Search Service) (EventID: 3083) (User: )
Description: Fehler beim Laden des Protokollhandlers Mapi16. Fehlerbeschreibung: (HRESULT : 0x80004005).

Error: (10/25/2016 02:21:41 PM) (Source: Windows Search Service) (EventID: 3083) (User: )
Description: Fehler beim Laden des Protokollhandlers Mapi16. Fehlerbeschreibung: (HRESULT : 0x80004005).

Error: (10/25/2016 02:19:16 PM) (Source: Windows Search Service) (EventID: 3083) (User: )
Description: Fehler beim Laden des Protokollhandlers Mapi16. Fehlerbeschreibung: (HRESULT : 0x80004005).

Error: (10/25/2016 02:06:22 PM) (Source: Windows Search Service) (EventID: 3083) (User: )
Description: Fehler beim Laden des Protokollhandlers Mapi16. Fehlerbeschreibung: (HRESULT : 0x80004005).


Systemfehler:
=============
Error: (10/25/2016 01:39:13 PM) (Source: DCOM) (EventID: 10010) (User: IT-CONSULT)
Description: Der Server "{889821A7-F3E9-4CB7-B2A0-08979395125B}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (10/25/2016 01:37:43 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1096) (User: NT-AUTORITÄT)
Description: Fehler bei der Verarbeitung der Gruppenrichtlinie. Es wurde versucht, registrierungsbasierte Richtlinieneinstellungen für das Gruppenrichtlinienobjekt "LDAP://CN=Machine,cn={96303C8C-9F18-408F-A372-710471F7C067},cn=policies,cn=system,DC=IT-CONSULT,DC=NET" zu lesen. Die Gruppenrichtlinieneinstellungen dürfen nicht erzwungen werden, bis dieses Ereignis behoben ist. Weitere Informationen über den Dateinamen und -pfad, der den Fehler verursacht hat, können den Ereignisdetails entnommen werden.

Error: (10/25/2016 01:35:22 PM) (Source: DCOM) (EventID: 10010) (User: IT-CONSULT)
Description: Der Server "{889821A7-F3E9-4CB7-B2A0-08979395125B}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (10/25/2016 01:22:46 PM) (Source: DCOM) (EventID: 10010) (User: IT-CONSULT)
Description: Der Server "{889821A7-F3E9-4CB7-B2A0-08979395125B}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (10/25/2016 12:47:09 PM) (Source: DCOM) (EventID: 10016) (User: IT-CONSULT)
Description: Durch die Berechtigungseinstellungen für "Computerstandard" wird dem Benutzer "IT-CONSULT\martinha" (SID: S-1-5-21-1278887282-1552680147-1237208637-1224) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 und der APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 im Anwendungscontainer "Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (10/25/2016 12:47:08 PM) (Source: DCOM) (EventID: 10016) (User: IT-CONSULT)
Description: Durch die Berechtigungseinstellungen für "Computerstandard" wird dem Benutzer "IT-CONSULT\martinha" (SID: S-1-5-21-1278887282-1552680147-1237208637-1224) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 und der APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 im Anwendungscontainer "Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (10/25/2016 12:47:08 PM) (Source: DCOM) (EventID: 10016) (User: IT-CONSULT)
Description: Durch die Berechtigungseinstellungen für "Computerstandard" wird dem Benutzer "IT-CONSULT\martinha" (SID: S-1-5-21-1278887282-1552680147-1237208637-1224) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 und der APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 im Anwendungscontainer "Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (10/25/2016 12:47:08 PM) (Source: DCOM) (EventID: 10016) (User: IT-CONSULT)
Description: Durch die Berechtigungseinstellungen für "Computerstandard" wird dem Benutzer "IT-CONSULT\martinha" (SID: S-1-5-21-1278887282-1552680147-1237208637-1224) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 und der APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 im Anwendungscontainer "Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (10/25/2016 12:47:07 PM) (Source: DCOM) (EventID: 10016) (User: IT-CONSULT)
Description: Durch die Berechtigungseinstellungen für "Computerstandard" wird dem Benutzer "IT-CONSULT\martinha" (SID: S-1-5-21-1278887282-1552680147-1237208637-1224) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 und der APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 im Anwendungscontainer "Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (10/25/2016 12:47:07 PM) (Source: DCOM) (EventID: 10016) (User: IT-CONSULT)
Description: Durch die Berechtigungseinstellungen für "Computerstandard" wird dem Benutzer "IT-CONSULT\martinha" (SID: S-1-5-21-1278887282-1552680147-1237208637-1224) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 und der APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 im Anwendungscontainer "Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.


CodeIntegrity:
===================================
  Date: 2016-10-25 12:59:57.820
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-25 12:59:57.804
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-25 12:59:57.767
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-25 12:57:54.967
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-25 12:57:54.943
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-25 12:41:33.164
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-25 12:41:33.159
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-25 12:41:33.153
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-25 12:41:31.072
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-25 12:41:31.047
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-4550U CPU @ 1.50GHz
Prozentuale Nutzung des RAM: 44%
Installierter physikalischer RAM: 8092.86 MB
Verfügbarer physikalischer RAM: 4501.34 MB
Summe virtueller Speicher: 9372.86 MB
Verfügbarer virtueller Speicher: 5066.29 MB

==================== Laufwerke ================================

Drive c: (Windows8_OS) (Fixed) (Total:454.23 GB) (Free:288.78 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive z: (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.2 GB) FAT32

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 91ACF725)

Partition: GPT.

==================== Ende von Addition.txt ============================

Alt 25.10.2016, 15:30   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Downloadtrojaner Zonquadttax.exe - Standard

Downloadtrojaner Zonquadttax.exe


Zitat:
Windows 10 Enterprise
Das hast du bitte woher?
So eine Edition haben legal nur Großkunden

Außerdem seh ich da einiges anderes an Bürosoftware.

Das TB ist für privaten Support da. Nicht dafür, dass Großbuden ihre IT-Abteilung einsparen und sich bei PC-Problemen dann hier melden.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 25.10.2016, 15:52   #8
martinha
 
Downloadtrojaner Zonquadttax.exe - Standard

Downloadtrojaner Zonquadttax.exe


Warum denn so giftig "...dass Großbuden ihre IT-Abteilung einsparen und sich bei PC-Problemen dann...."

Es gibt eine einfache Erklärung: Ich bin seit 5 Jahren Rentner und mache für eine kleine 5 Mann Firma auf Minijob-Basis Buchhaltung mit meinem privaten PC. Von dieser Firma stammt auch die Software, die sind Microsoft Provider...

...aber nichts für ungut, es muß ja niemand helfen der es nicht will...

Alt 26.10.2016, 08:30   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Downloadtrojaner Zonquadttax.exe - Standard

Downloadtrojaner Zonquadttax.exe


Das hat nix mit giftig zu tun, sondern ist ne klare Ansage.

Wie gesagt, Enterprise Editionen sind extrem teuer. Ich glaube das so nicht, dass eine kleine 5 Mann Firma solche teuren Editionen kauft. Für so eine kleine Firma lohnt sich ja nichtmal wirklich ein lokales Active Directory.

Was bitte soll ein "Microsoft Provider" sein?
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Downloadtrojaner Zonquadttax.exe
compu, danke, download, downloadtrojaner, firefox, gefunde, helft, malware / adware / spyware etc, malwarebytes, problem, ständige, suchlauf, veränderung


« PUP Elex, -.Ghokswa, -TXQQBrowser and more | msconfig eigenartige Dienste »


Ähnliche Themen: Downloadtrojaner Zonquadttax.exe


  1. Downloadtrojaner eingefangen?
    Plagegeister aller Art und deren Bekämpfung - 26.05.2016 (16)
  2. Downloadtrojaner gefunden (Win32/Dofoil.R)
    Log-Analyse und Auswertung - 06.03.2013 (13)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Downloadtrojaner Zonquadttax.exe - Bei einem Suchlauf hat Malwarebytes u.a. Downloadtrojaner auf C:\ProgrammData\focel\Zonquadttax.exe gefunden. Daneben habe ich das Problem einer ständigen Veränderung meiner Firefox Startseite. Bitte helft einem 68-jährigen Computer-Halbwissendem. DANKE !!! - Downloadtrojaner Zonquadttax.exe...
Archiv
Du betrachtest: Downloadtrojaner Zonquadttax.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130