AdwCleaner findet 2 Treffer, lassen sich nicht löschen Code:
Alles auswählen Aufklappen ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
durchgeführt von M (Administrator) auf NOTEBOOK (18-03-2017 00:20:12)
Gestartet von C:\Users\M\Desktop
Geladene Profile: M (Verfügbare Profile: M)
Platform: Windows 8.1 (Update) (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidMonitorSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\notepad2\notepad2.exe
(pdfforge GmbH) C:\Program Files\PDF Architect 4\creator-ws.exe
(© pdfforge GmbH.) C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.3.1.1\WsAppService.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TssSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\AnyMP4 Studio\AnyMP4 Free iPhone Data Recovery\AppService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe
==================== Registry (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672664 2014-06-30] (Realtek Semiconductor)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-22] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-09] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] => C:\Windows\system32\thpsrv /logon
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179288 2014-04-17] (TOSHIBA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [517536 2014-04-07] (TOSHIBA)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
HKLM-x32\...\Run: [AnyMP4 Free iPhone Data RecoveryAppService] => C:\Program Files (x86)\AnyMP4 Studio\AnyMP4 Free iPhone Data Recovery\AppService.exe [88128 2016-10-28] ()
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{01A3239A-66E6-4A37-95D3-D88991033A6A}: [DhcpNameServer] 192.168.1.251 8.8.8.8
Tcpip\..\Interfaces\{76A32D41-DACA-45F5-872C-C9D20FEE27CB}: [DhcpNameServer] 192.168.2.1
ManualProxies:
Internet Explorer:
==================
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-01] (Microsoft Corporation)
BHO-x32: PDF Architect 4 Helper -> {38279E1A-7019-40C1-B579-E99DFB3312E8} -> C:\Program Files (x86)\PDF Architect 4\creator-ie-helper.dll [2016-08-05] (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-04-04] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-05-14] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-04] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-20] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\M\AppData\Roaming\Mozilla\Firefox\Profiles\9079h1at.default-1481549202673 [2017-03-18]
FF Extension: (Adblock Plus) - C:\Users\M\AppData\Roaming\Mozilla\Firefox\Profiles\9079h1at.default-1481549202673\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-12-12]
FF HKLM\...\Firefox\Extensions: [pdf_architect_4_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension
FF Extension: (PDF Architect 4 Creator) - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension [2016-09-19] [ist nicht signiert]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-14] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-09-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-14] ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-09-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-04-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-04-04] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-02-25] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: PDF Architect 4 -> C:\Program Files (x86)\PDF Architect 4\np-previewer.dll [2016-08-05] (pdfforge GmbH)
FF Plugin HKU\S-1-5-21-235318688-4269726762-198329688-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-09-08] (Tracker Software Products (Canada) Ltd.)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\firefox.js [2017-02-15]
Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR Profile: C:\Users\M\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-03-16] <==== ACHTUNG
CHR Extension: (Google Präsentationen) - C:\Users\M\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-23]
CHR Extension: (Google Docs) - C:\Users\M\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-23]
CHR Extension: (Google Drive) - C:\Users\M\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-23]
CHR Extension: (YouTube) - C:\Users\M\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-23]
CHR Extension: (Google Tabellen) - C:\Users\M\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-23]
CHR Extension: (Google Docs Offline) - C:\Users\M\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-23]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\M\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-23]
CHR Extension: (Google Mail) - C:\Users\M\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-23]
CHR Extension: (Chrome Media Router) - C:\Users\M\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-23]
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 ApHidMonitorService; C:\Program Files\Apoint2K\HidMonitorSvc.exe [87384 2014-07-12] (Alps Electric Co., Ltd.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042032 2017-01-17] (Microsoft Corporation)
R3 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [21840 2014-06-11] ()
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-06-17] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-09] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-05-30] ()
R2 Ntp2NetSvc; C:\Program Files (x86)\notepad2\notepad2.exe [2340864 2017-02-16] (Don HO don.h@free.fr) [Datei ist nicht signiert]
S2 Ntp2UpSvc; C:\Program Files (x86)\Common Files\ntp2UpSvc\notepad2.exe [2340864 2017-02-16] (Don HO don.h@free.fr) [Datei ist nicht signiert]
S3 PDF Architect 4; C:\Program Files\PDF Architect 4\ws.exe [2438880 2016-08-05] (pdfforge GmbH)
S3 PDF Architect 4 CrashHandler; C:\Program Files\PDF Architect 4\crash-handler-ws.exe [1038048 2016-08-05] (pdfforge GmbH)
R2 PDF Architect 4 Creator; C:\Program Files\PDF Architect 4\creator-ws.exe [851168 2016-08-05] (pdfforge GmbH)
R2 PDF Architect 4 Manager; C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe [972056 2016-05-18] (© pdfforge GmbH.)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116088 2013-12-24] (Toshiba Europe GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.1.1\WsAppService.exe [437392 2016-10-10] (Wondershare)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Dr.Fone for iOS\DriverInstall.exe [97792 2016-11-30] (Wondershare) [Datei ist nicht signiert]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-05-30] (Intel® Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [191944 2014-05-09] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2017-03-17] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3446240 2014-06-18] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [27136 2014-03-24] (Windows (R) Win 7 DDK provider)
S1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-09-08] (Oracle Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 ZTEusbmdm6k; \SystemRoot\system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; \SystemRoot\system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; \SystemRoot\system32\DRIVERS\ZTEusbser6k.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-03-18 00:20 - 2017-03-18 00:21 - 00018541 _____ C:\Users\M\Desktop\FRST.txt
2017-03-18 00:20 - 2017-03-18 00:20 - 00000000 ____D C:\FRST
2017-03-18 00:19 - 2017-03-18 00:19 - 04747704 _____ (AO Kaspersky Lab) C:\Users\M\Desktop\tdsskiller.exe
2017-03-18 00:19 - 2017-03-18 00:19 - 02424832 _____ (Farbar) C:\Users\M\Desktop\FRST64.exe
2017-03-16 22:53 - 2017-03-17 20:06 - 00000000 ____D C:\Users\M\Desktop\Hausarbeit
2017-03-15 12:32 - 2017-03-15 12:32 - 00001237 _____ C:\Users\M\Desktop\Google Chrome.lnk
2017-03-15 12:09 - 2017-02-23 15:50 - 00093360 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-03-15 12:09 - 2017-02-22 15:35 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-03-15 12:09 - 2017-02-22 15:35 - 01286144 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-03-15 12:09 - 2017-02-22 15:35 - 00646656 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-03-15 12:09 - 2017-02-22 15:35 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-03-15 12:09 - 2017-02-22 15:35 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-03-15 12:09 - 2017-02-22 15:35 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-03-15 12:09 - 2017-02-22 15:35 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-03-15 12:09 - 2017-02-22 15:35 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-03-15 12:09 - 2016-06-03 18:11 - 00472576 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2017-03-15 10:52 - 2017-03-04 09:01 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-03-15 10:52 - 2017-03-04 08:59 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-03-15 10:52 - 2017-03-04 08:48 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-03-15 10:52 - 2017-03-04 08:44 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-03-15 10:52 - 2017-03-04 08:31 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-03-15 10:52 - 2017-03-04 08:05 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-03-15 10:52 - 2017-03-04 07:54 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-03-15 10:52 - 2017-03-04 07:26 - 15259648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-03-15 10:52 - 2017-03-04 07:25 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-03-15 10:52 - 2017-03-04 07:12 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-03-15 10:52 - 2017-03-04 05:18 - 20281856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-03-15 10:52 - 2017-03-02 19:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-03-15 10:52 - 2017-03-02 18:55 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-03-15 10:52 - 2017-03-02 18:49 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-03-15 10:52 - 2017-03-02 18:25 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-03-15 10:52 - 2017-03-02 18:22 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-03-15 10:52 - 2017-03-02 18:19 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-03-15 10:52 - 2017-03-02 18:11 - 13654528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-03-15 10:52 - 2017-03-02 17:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-03-15 10:52 - 2017-03-02 17:50 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-03-15 10:52 - 2017-02-11 06:12 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-03-15 10:52 - 2017-02-11 06:12 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2017-03-15 10:52 - 2017-02-11 06:00 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-03-15 10:52 - 2017-02-11 05:58 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-03-15 10:52 - 2017-02-11 05:56 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-03-15 10:52 - 2017-02-10 20:09 - 04169728 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-03-15 10:52 - 2017-02-10 06:10 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-03-15 10:52 - 2017-02-10 06:09 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2017-03-15 10:52 - 2017-02-10 06:08 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-03-15 10:52 - 2017-02-10 06:01 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-03-15 10:52 - 2017-02-10 06:00 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-03-15 10:52 - 2017-02-10 05:59 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-03-15 10:52 - 2017-02-04 21:32 - 07444832 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-03-15 10:51 - 2017-03-04 08:45 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-03-15 10:51 - 2017-03-04 07:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-03-15 10:51 - 2017-03-02 17:50 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-03-15 10:51 - 2017-02-11 20:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-03-15 10:51 - 2017-02-10 06:34 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-03-15 10:51 - 2017-02-10 02:31 - 01549144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-03-15 10:51 - 2017-02-10 01:12 - 01375960 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-03-15 10:51 - 2017-02-09 16:28 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-03-15 10:51 - 2017-02-09 16:19 - 01377792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-03-15 10:51 - 2017-02-09 16:16 - 01560064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-03-15 10:51 - 2017-02-09 16:16 - 01094656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-03-15 10:51 - 2017-02-09 15:59 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2017-03-15 10:51 - 2017-02-09 15:58 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2017-03-15 10:51 - 2017-02-09 15:58 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2017-03-15 10:51 - 2017-02-04 21:30 - 01663184 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-03-15 10:51 - 2017-02-04 21:30 - 01523216 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2017-03-15 10:51 - 2017-02-04 21:30 - 01490128 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-03-15 10:51 - 2017-02-04 21:30 - 01358960 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2017-03-15 10:51 - 2017-02-04 20:32 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2017-03-15 10:51 - 2017-02-04 20:30 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-03-15 10:51 - 2017-02-04 19:14 - 01001472 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-03-15 10:51 - 2017-02-04 18:50 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-03-15 10:51 - 2017-02-04 18:40 - 01754112 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2017-03-15 10:51 - 2017-02-04 18:32 - 00584704 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2017-03-15 10:51 - 2017-02-04 18:17 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2017-03-15 10:51 - 2017-02-04 18:10 - 01491456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2017-03-15 10:51 - 2017-02-04 18:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2017-03-15 10:51 - 2017-01-21 22:37 - 00567152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-03-15 10:51 - 2017-01-21 20:27 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-03-15 10:51 - 2017-01-21 20:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-03-15 10:51 - 2017-01-21 20:22 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-03-15 10:51 - 2017-01-21 20:20 - 00401920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-03-15 10:51 - 2017-01-21 19:40 - 00756736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-03-15 10:51 - 2017-01-21 19:40 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-03-15 10:51 - 2017-01-21 19:37 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-03-15 10:51 - 2017-01-21 18:58 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-03-15 10:51 - 2017-01-21 18:48 - 01437696 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-03-15 10:51 - 2017-01-14 18:49 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\wininit.exe
2017-03-15 10:51 - 2017-01-11 20:37 - 02345984 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-03-15 10:51 - 2017-01-10 20:08 - 01549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-03-15 10:51 - 2017-01-05 19:20 - 01697792 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-03-15 10:51 - 2017-01-05 19:09 - 07076864 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2017-03-15 10:51 - 2017-01-05 18:36 - 01501184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-03-15 10:51 - 2017-01-05 18:29 - 05273600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2017-03-15 10:51 - 2017-01-05 18:13 - 07796224 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2017-03-15 10:51 - 2017-01-05 17:57 - 05268480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2017-03-15 10:51 - 2016-11-09 20:22 - 00681472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-03-06 14:40 - 2017-03-06 14:52 - 00000000 ____D C:\Users\M\Desktop\fotos
2017-03-05 12:21 - 2017-03-05 12:21 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-03-05 12:21 - 2017-03-05 12:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-03-04 21:04 - 2017-03-04 22:20 - 00000000 ____D C:\Users\M\Desktop\bekaert meister
2017-03-01 21:41 - 2017-03-01 21:41 - 04031440 _____ C:\Users\M\Desktop\adwcleaner_6.044.exe
2017-03-01 21:40 - 2017-03-17 15:35 - 00000000 ____D C:\AdwCleaner
2017-03-01 21:40 - 2017-03-01 21:40 - 00000000 _____ C:\Program Files (x86)\metadata
2017-03-01 21:39 - 2017-03-01 21:39 - 01663736 _____ (Malwarebytes) C:\Users\M\Desktop\JRT.exe
2017-03-01 21:00 - 2017-03-01 21:00 - 00001480 _____ C:\mbam4.txt
2017-03-01 21:00 - 2017-03-01 21:00 - 00001416 _____ C:\mbam3.txt
2017-03-01 20:59 - 2017-03-01 20:59 - 00001686 _____ C:\mbam2.txt
2017-02-28 21:58 - 2017-03-01 19:24 - 00001182 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-28 21:58 - 2017-03-01 19:24 - 00001164 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-02-16 12:20 - 2017-02-16 12:20 - 00000000 ____D C:\Users\M\AppData\Local\DOSBox
2017-02-16 12:14 - 2017-02-16 12:14 - 00000000 ____D C:\Program Files (x86)\notepad2
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-03-17 23:00 - 2014-05-06 05:41 - 00765582 _____ C:\Windows\system32\perfh007.dat
2017-03-17 23:00 - 2014-05-06 05:41 - 00159366 _____ C:\Windows\system32\perfc007.dat
2017-03-17 23:00 - 2014-03-18 10:47 - 01776918 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-17 23:00 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf
2017-03-17 15:34 - 2016-11-18 12:07 - 00000000 ____D C:\Users\M\AppData\LocalLow\Mozilla
2017-03-17 15:32 - 2015-02-23 20:25 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-17 15:32 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-17 14:45 - 2016-11-18 00:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-17 14:45 - 2015-02-23 20:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-17 13:57 - 2015-12-08 21:49 - 00000000 ____D C:\Users\M\Desktop\Vertrag
2017-03-17 01:18 - 2016-01-30 19:54 - 00006309 _____ C:\Users\M\Desktop\aktuellste erledigungen.odt
2017-03-16 15:16 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\rescache
2017-03-16 11:19 - 2015-02-26 23:45 - 00000000 ____D C:\Windows\system32\MRT
2017-03-16 02:24 - 2015-02-25 00:55 - 00000000 ____D C:\Users\M\AppData\Roaming\Skype
2017-03-16 01:14 - 2014-09-02 02:00 - 00000000 ____D C:\ProgramData\Skype
2017-03-16 00:40 - 2013-08-22 15:44 - 00372760 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-16 00:37 - 2016-02-18 21:51 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-03-16 00:37 - 2016-02-18 21:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-03-15 19:52 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-03-15 19:48 - 2015-04-18 02:29 - 00000000 ____D C:\Windows\system32\appraiser
2017-03-15 14:28 - 2015-02-23 19:36 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-235318688-4269726762-198329688-1001
2017-03-15 12:35 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-15 12:35 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness
2017-03-15 12:35 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp
2017-03-15 12:32 - 2015-02-23 19:29 - 00001065 _____ C:\Users\M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-03-15 12:30 - 2015-02-26 23:45 - 138634176 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-03-15 12:29 - 2016-02-18 21:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-03-15 10:32 - 2015-04-12 18:56 - 00045568 _____ C:\Users\M\Desktop\konzertarchiv.xls
2017-03-15 10:31 - 2017-02-09 19:55 - 00000000 ____D C:\Users\M\Desktop\Praktikum
2017-03-15 01:13 - 2015-02-23 19:29 - 00000000 ____D C:\Users\M\AppData\Local\Packages
2017-03-14 15:12 - 2015-03-20 16:02 - 00004342 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-03-14 15:12 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-03-14 15:12 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-14 12:20 - 2016-07-20 09:22 - 00000000 ____D C:\Users\M\Desktop\RAM
2017-03-10 05:34 - 2016-12-15 10:43 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-03-10 05:34 - 2016-12-15 10:43 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-08 18:15 - 2016-04-12 20:36 - 00000000 ____D C:\Users\M\Knuddels-Stapp
2017-03-05 12:21 - 2014-09-02 02:00 - 00002715 _____ C:\Users\Public\Desktop\Skype.lnk
2017-03-05 12:21 - 2014-09-02 01:28 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-01 19:24 - 2017-01-18 22:16 - 00001632 _____ C:\Users\Public\Desktop\AnyMP4 Free iPhone Data Recovery.lnk
2017-03-01 19:24 - 2016-12-15 23:21 - 00001770 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-03-01 19:24 - 2016-12-13 17:04 - 00001328 _____ C:\Users\Public\Desktop\Wondershare Dr.Fone für iOS.lnk
2017-03-01 19:24 - 2016-10-07 11:08 - 00002134 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-01 19:24 - 2016-09-19 23:21 - 00000861 _____ C:\Users\Public\Desktop\PDF Architect 4.lnk
2017-03-01 19:24 - 2016-09-19 23:17 - 00000897 _____ C:\Users\Public\Desktop\PDFCreator.lnk
2017-03-01 19:24 - 2016-04-23 16:50 - 00002317 _____ C:\Users\M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2017-03-01 19:24 - 2016-04-12 20:37 - 00002135 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Knuddels.lnk
2017-03-01 19:24 - 2016-04-12 20:37 - 00002095 _____ C:\Users\M\Desktop\Knuddels.lnk
2017-03-01 19:24 - 2016-01-21 00:38 - 00002126 _____ C:\Users\M\Desktop\The Last Express Spielen (MS-DOS).lnk
2017-03-01 19:24 - 2016-01-21 00:38 - 00001181 _____ C:\Users\M\Desktop\The Last Express Spielen.lnk
2017-03-01 19:24 - 2015-11-27 00:21 - 00001083 _____ C:\Users\Public\Desktop\PDF-Viewer.lnk
2017-03-01 19:24 - 2015-10-14 18:45 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-03-01 19:24 - 2015-08-07 20:41 - 00000980 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinAce Archiver.lnk
2017-03-01 19:24 - 2015-08-07 20:41 - 00000968 _____ C:\Users\Public\Desktop\WinAce Archiver.lnk
2017-03-01 19:24 - 2015-05-02 23:30 - 00000295 _____ C:\Users\M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Papierkorb.lnk
2017-03-01 19:24 - 2015-04-22 17:56 - 00000965 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2017-03-01 19:24 - 2015-04-22 17:46 - 00001553 _____ C:\Users\Public\Desktop\Free Image Convert and Resize.lnk
2017-03-01 19:24 - 2015-02-23 20:24 - 00001119 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2017-03-01 19:24 - 2015-02-23 19:28 - 00000469 _____ C:\Users\M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2017-03-01 19:24 - 2015-02-23 19:28 - 00000467 _____ C:\Users\M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2017-03-01 19:24 - 2014-09-02 02:08 - 00002051 _____ C:\Users\Public\Desktop\Manual.lnk
2017-03-01 19:24 - 2014-09-02 02:03 - 00002012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Symbaloo.lnk
2017-03-01 19:24 - 2014-09-02 02:00 - 00002302 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2017-03-01 19:24 - 2014-09-02 02:00 - 00002290 _____ C:\Users\Public\Desktop\WinZip.lnk
2017-03-01 19:24 - 2014-09-02 01:50 - 00000456 _____ C:\Users\Public\Desktop\TOSHIBA Services.lnk
2017-03-01 19:24 - 2014-07-03 23:19 - 00001958 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2017-03-01 19:24 - 2014-07-03 23:19 - 00001940 _____ C:\Users\Public\Desktop\Spotify.lnk
2017-03-01 19:04 - 2013-08-22 16:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-03-01 19:02 - 2015-02-25 00:17 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-02-28 21:27 - 2015-07-28 11:38 - 00001761 _____ C:\DelFix.txt
2017-02-28 18:37 - 2016-12-14 11:51 - 00003164 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-28 18:37 - 2015-02-25 00:23 - 00003172 _____ C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-235318688-4269726762-198329688-1001
2017-02-23 01:49 - 2013-08-22 15:45 - 00000000 ____D C:\Windows\ServiceProfiles
2017-02-21 15:18 - 2016-01-06 00:24 - 00000000 ____D C:\Program Files\Common Files\AV
2017-02-21 12:49 - 2015-02-23 19:31 - 00000000 ____D C:\Users\M\AppData\Local\Google
2017-02-21 12:33 - 2017-02-15 23:27 - 00000008 __RSH C:\Users\M\ntuser.pol
2017-02-21 12:33 - 2017-02-15 22:17 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-02-21 12:33 - 2015-02-23 19:28 - 00000000 ____D C:\Users\M
2017-02-20 01:05 - 2017-02-06 12:48 - 00000000 ____D C:\Users\M\Desktop\shm neu
2017-02-16 11:08 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\L2Schemas
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2017-03-01 21:40 - 2017-03-01 21:40 - 0000000 _____ () C:\Program Files (x86)\metadata
2015-04-22 18:20 - 2015-04-22 18:20 - 0002533 _____ () C:\Users\M\AppData\Local\recently-used.xbel
2014-09-02 01:22 - 2014-09-02 01:22 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Einige Dateien in TEMP:
====================
2017-03-16 01:14 - 2017-03-16 01:14 - 14456872 _____ (Microsoft Corporation) C:\Users\M\AppData\Local\Temp\vc_redist.x86.exe
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-03-08 19:29
==================== Ende von FRST.txt ============================
Code:
Alles auswählen Aufklappen ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 15-03-2017
durchgeführt von M (18-03-2017 00:21:49)
Gestartet von C:\Users\M\Desktop
Windows 8.1 (Update) (X64) (2015-02-23 18:28:35)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-235318688-4269726762-198329688-500 - Administrator - Disabled)
Gast (S-1-5-21-235318688-4269726762-198329688-501 - Limited - Disabled)
M (S-1-5-21-235318688-4269726762-198329688-1001 - Administrator - Enabled) => C:\Users\M
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.106.303.109 - ALPS ELECTRIC CO., LTD.)
AnyMP4 Free iPhone Data Recovery 7.3.28 (HKLM-x32\...\{2F81F350-B3A3-4f2a-A670-5BC3358AC1F6}_is1) (Version: 7.3.28 - AnyMP4 Studio)
Apple Application Support (32-Bit) (HKLM-x32\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{64E6007B-1DA9-42CD-BBE4-D5FA67A7C71D}) (Version: 5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
DTS Sound (HKLM-x32\...\{1A938032-98EE-4C0F-9EAB-B3B5B64E28F8}) (Version: 1.01.8500 - DTS, Inc.)
Evernote v. 5.4 (HKLM-x32\...\{59071464-DAEE-11E3-9080-00163E98E7D0}) (Version: 5.4.0.3698 - Evernote Corp.)
Free Image Convert and Resize version 2.1.31.415 (HKLM-x32\...\Free Image Convert and Resize_is1) (Version: 2.1.31.415 - DVDVideoSoft Ltd.)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3643 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) 4.0 (HKLM-x32\...\{001A29E3-D8DD-46C0-A7F9-B33E3DFA9338}) (Version: 17.0.1419.02 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{85b9d34f-7397-4e39-8600-07942ef6ca04}) (Version: 17.0.5 - Intel Corporation)
iTunes (HKLM\...\{81C96689-EA5B-4B7D-A04F-16326EC51BC2}) (Version: 12.5.4.42 - Apple Inc.)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Knuddels Standalone App (HKU\S-1-5-21-235318688-4269726762-198329688-1001\...\Knuddels App ) (Version: "2015.12.6.0" - "Knuddels App")
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Manager (x32 Version: 4.1.4.27792 - 2015 pdfforge GmbH. All rights reserved) Hidden
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4903.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-235318688-4269726762-198329688-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50905.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 52.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 52.0 (x86 de)) (Version: 52.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.0.6270 - Mozilla)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4903.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4903.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4903.1002 - Microsoft Corporation) Hidden
PDF Architect 4 (HKLM-x32\...\PDF Architect 4) (Version: 4.0.34.26215 - pdfforge GmbH)
PDF Architect 4 Create Module (Version: 4.1.5.29097 - pdfforge GmbH) Hidden
PDF Architect 4 Edit Module (Version: 4.1.5.29097 - pdfforge GmbH) Hidden
PDF Architect 4 View Module (Version: 4.1.5.29097 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.3.2 - pdfforge GmbH)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.315.0 - Tracker Software Products Ltd)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.39058 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.31.423.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7285 - Realtek Semiconductor Corp.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
SecureW2 EAP Suite 1.1.3 for Windows (HKLM-x32\...\SecureW2 EAP Suite) (Version: - )
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.5.1333.g822e0de8 - Spotify AB)
Symbaloo (HKLM-x32\...\Symbaloo) (Version: 1.0.0 - Symbaloo Launcher by Toshiba Europe GmbH)
The Last Express (HKLM-x32\...\The Last Express) (Version: 1.0 - DotEmu)
TOSHIBA Battery Check Utility (HKLM-x32\...\{5468E297-7EF8-4CB3-A091-F8714147793F}) (Version: 1.00.01.01 - Toshiba Corporation)
TOSHIBA Desktop Assist (HKLM\...\{C4CDCEF0-0A7A-4425-887C-33E39533D758}) (Version: 1.03.06.6403 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{B9A67DC9-EAD3-4B87-B733-F2BA28F0D68E}) (Version: 1.2.4.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{94D2A899-0C34-4420-880E-AE337E635AB0}) (Version: 2.5.2.6401 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}) (Version: 1.1.5.6402 - Toshiba Corporation)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.6.02.6403 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.20 - TOSHIBA)
TOSHIBA Password Utility (HKLM\...\{CD4B9E2C-4295-4920-82F2-C87113822E32}) (Version: 3.03.04.02 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{A0D34C74-70AC-45E4-9735-A11DA95A5810}) (Version: 4.00.00.6402 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.2.01.56006006 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{0DFA8761-7735-4DE8-A0EB-2286578DCFC6}) (Version: 2.6.14 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{E3FCDCBE-0A13-4F73-95C1-000A51CF1C8C}) (Version: 2.6.16.0 - Toshiba Corporation)
TOSHIBA Start Screen Option (HKLM\...\{06B71035-F19F-4F76-9875-FFCCD4FC3F83}) (Version: 1.00.05.6401 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0036 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.5.32002 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.5.1 - Toshiba Europe GmbH)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 6.2.4.5 - Toshiba Corporation)
WEB.DE MailCheck für Mozilla Firefox (HKLM-x32\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 3.0.1.1739 - 1&1 Mail & Media GmbH)
WinAce Archiver (HKLM-x32\...\WinAce Archiver) (Version: 2.69 - e-merge GmbH)
WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. )
Wondershare Dr.Fone für iOS(Build 7.6.3.3) (HKLM-x32\...\{A26F8BBD-EC10-4bdc-8AD8-F146825A8A63}_is1) (Version: 7.6.3.3 - Wondershare Software Co.,Ltd.)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-235318688-4269726762-198329688-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\M\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\amd64\FileCoAuthLib64.dll (Microsoft Corporation)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {1963AB86-3CCF-4921-A86E-0C95FDFC2C41} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe [2014-03-12] (TOSHIBA Corporation)
Task: {209B473A-B232-4ADE-A7B9-D3A062794DEE} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-01-17] (Microsoft Corporation)
Task: {23A4E842-AE98-4C0B-8BD2-7BAF8F38E306} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {244CF0E9-1DC6-4B7D-A2DC-0EE33652C114} - System32\Tasks\dts_apo_service_task => C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_task.exe [2014-06-04] ()
Task: {474488AF-0A50-4378-B8CC-355200CAEF43} - System32\Tasks\{19F6666D-E5AA-4781-BD88-047860B4F25B} => pcalua.exe -a C:\Windows\76d5fa8fd3020718f7133f7301d20d13.exe
Task: {4F2206ED-6C81-45EC-99C7-C8D654E24A86} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-14] (Adobe Systems Incorporated)
Task: {AE0AB1BD-14CC-4495-B555-DF2F6C20A8EB} - System32\Tasks\{CA17C8C7-3267-4637-8D2D-7ABA72B5B2D0} => pcalua.exe -a "C:\Program Files (x86)\Ex1iV4c7ul\uninstall.exe"
Task: {C278E144-B7D0-4012-99F0-1BF832EA664D} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2013-12-24] (Toshiba Europe GmbH)
Task: {D805C9A9-EB28-4146-A7A8-3C909DF50B9E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-01-17] (Microsoft Corporation)
Task: {F6BD4D82-50B1-4C1C-857B-D6982B174360} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2014-04-03] (TOSHIBA Corporation)
Task: {F71F83E2-0465-4B27-93E1-6245D356AB57} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {F72DE3DC-C245-4A38-82A3-4AC879811071} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
Shortcut: C:\Users\M\Desktop\The Last Express Spielen (MS-DOS).lnk -> C:\Program Files (x86)\DotEmu\The Last Express\LastExpress.bat ()
Shortcut: C:\Users\M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DotEmu\The Last Express\The Last Express Spielen (MS-DOS).lnk -> C:\Program Files (x86)\DotEmu\The Last Express\LastExpress.bat ()
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-07-15 09:17 - 2015-07-15 09:17 - 00022528 _____ () C:\Windows\System32\ssz2clm.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-11-17 01:28 - 2016-11-17 01:28 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-02-25 00:17 - 2017-01-17 03:25 - 00117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-07-19 02:38 - 2012-07-19 02:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2017-01-18 22:16 - 2016-10-28 01:56 - 00088128 _____ () C:\Program Files (x86)\AnyMP4 Studio\AnyMP4 Free iPhone Data Recovery\AppService.exe
2014-06-11 23:06 - 2014-06-11 23:06 - 00021840 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2016-12-19 09:12 - 2016-12-19 09:12 - 01459712 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.UI\ea494708300f305a0bfdb9484f99e357\Windows.UI.ni.dll
2016-12-19 09:12 - 2016-12-19 09:12 - 00521216 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Data\f68d203e69c1916668d932e1718f7b08\Windows.Data.ni.dll
2013-08-22 08:19 - 2013-08-22 07:54 - 00030208 _____ () C:\Windows\system32\WinMetadata\Windows.Foundation.winmd
2017-01-18 22:16 - 2015-11-16 10:10 - 00887808 _____ () C:\Program Files (x86)\AnyMP4 Studio\AnyMP4 Free iPhone Data Recovery\Framework.dll
2017-01-18 22:16 - 2015-11-24 06:18 - 00013824 _____ () C:\Program Files (x86)\AnyMP4 Studio\AnyMP4 Free iPhone Data Recovery\Utility.dll
2017-01-18 22:16 - 2015-06-24 05:53 - 02825216 _____ () C:\Program Files (x86)\AnyMP4 Studio\AnyMP4 Free iPhone Data Recovery\IosDevice.dll
2017-01-18 22:16 - 2011-03-24 08:42 - 00334848 _____ () C:\Program Files (x86)\AnyMP4 Studio\AnyMP4 Free iPhone Data Recovery\QtXml4.dll
2017-01-18 22:16 - 2011-03-24 08:56 - 07981056 _____ () C:\Program Files (x86)\AnyMP4 Studio\AnyMP4 Free iPhone Data Recovery\QtGui4.dll
2017-01-18 22:16 - 2011-03-24 08:43 - 00934912 _____ () C:\Program Files (x86)\AnyMP4 Studio\AnyMP4 Free iPhone Data Recovery\QtNetwork4.dll
2017-01-18 22:16 - 2011-03-24 08:42 - 02145792 _____ () C:\Program Files (x86)\AnyMP4 Studio\AnyMP4 Free iPhone Data Recovery\QtCore4.dll
2017-01-18 22:16 - 2011-03-24 10:25 - 09843200 _____ () C:\Program Files (x86)\AnyMP4 Studio\AnyMP4 Free iPhone Data Recovery\QtWebKit4.dll
2017-01-18 22:16 - 2015-11-24 06:18 - 00987136 _____ () C:\Program Files (x86)\AnyMP4 Studio\AnyMP4 Free iPhone Data Recovery\libxml2.dll
2017-01-18 22:16 - 2011-03-24 09:06 - 00232960 _____ () C:\Program Files (x86)\AnyMP4 Studio\AnyMP4 Free iPhone Data Recovery\phonon4.dll
2017-01-18 22:16 - 2011-03-24 09:06 - 02530816 _____ () C:\Program Files (x86)\AnyMP4 Studio\AnyMP4 Free iPhone Data Recovery\QtXmlPatterns4.dll
2017-01-18 22:16 - 2015-11-24 06:18 - 00077824 _____ () C:\Program Files (x86)\AnyMP4 Studio\AnyMP4 Free iPhone Data Recovery\zlib1.dll
2017-01-18 22:16 - 2015-11-24 06:18 - 00562072 _____ () C:\Program Files (x86)\AnyMP4 Studio\AnyMP4 Free iPhone Data Recovery\SQLite3.dll
2017-01-18 22:16 - 2011-03-24 10:37 - 00025600 _____ () C:\Program Files (x86)\AnyMP4 Studio\AnyMP4 Free iPhone Data Recovery\imageformats\qgif4.dll
2017-01-18 22:16 - 2011-03-24 10:37 - 00027648 _____ () C:\Program Files (x86)\AnyMP4 Studio\AnyMP4 Free iPhone Data Recovery\imageformats\qico4.dll
2017-01-18 22:16 - 2011-03-24 10:37 - 00119808 _____ () C:\Program Files (x86)\AnyMP4 Studio\AnyMP4 Free iPhone Data Recovery\imageformats\qjpeg4.dll
2017-01-18 22:16 - 2011-03-24 10:37 - 00220672 _____ () C:\Program Files (x86)\AnyMP4 Studio\AnyMP4 Free iPhone Data Recovery\imageformats\qmng4.dll
2017-01-18 22:16 - 2011-03-24 10:37 - 00278528 _____ () C:\Program Files (x86)\AnyMP4 Studio\AnyMP4 Free iPhone Data Recovery\imageformats\qtiff4.dll
2014-09-02 01:17 - 2013-12-09 23:26 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\S-1-5-21-235318688-4269726762-198329688-1001\...\amazon.de -> hxxps://amazon.de
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-235318688-4269726762-198329688-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Toshiba\standard.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{1AE20044-6F71-4787-B4F7-22D2C65F91D0}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{587D8541-F16D-4387-BC22-3B5001E958EF}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{0438D64D-1EE6-4219-A1E4-8F23A895627E}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{8890D3FA-A9D8-418A-9429-63F487CD7DF1}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{8F2A2D7E-8CB0-489A-92AC-EBCFF33CBFDE}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{8D0F9C4D-6C8D-4EA3-8EDD-594A919DFA18}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{0C6E0F95-E835-403C-B85B-D7F1D88E6194}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{A83F76AC-1574-4364-97CD-9DCF891C23FD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D1CBE926-0360-4C39-A7BB-D7F3FFEF0D99}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{63B0833A-DF61-4913-87D2-5C518357417B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{65FDEC65-2BDE-4249-B1D1-F927B1E55532}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{08FB6F16-DF51-457A-A5EA-B762C5D23C91}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2C016DCA-D3CC-4EBB-A4A3-A8547F02E607}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{17E3355E-11F7-43C5-886E-44E3F2A9B8E8}] => (Allow) C:\Users\M\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [TCP Query User{1FEFDD73-2C91-4B7C-A0EC-2472218F259B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{E4FB2BCE-031B-4943-8C30-6DB4D30FD37D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{44DD637B-C478-4539-A783-31CD086B1199}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{728FCBDC-657D-4F11-A114-C8ECC059149E}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{C30C1B93-724C-4AB5-B803-72BED103BD9B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7FFBF84E-F820-43AA-9347-B25F5F562295}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A9375983-A0F8-43DE-B79F-B104D561C7A9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D622E66C-CBA9-4E2A-BDEF-C410CC75B8B9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A818F6FA-BACB-4911-AB9C-4D6AFF1250BD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{ED96F61E-CD4A-483B-83C3-59AA512122E8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D656335D-447D-4874-93DE-B2ACBF23C34B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{60542E9D-B3C4-46E5-8CBD-E17C468DF3A7}] => (Allow) C:\Users\M\AppData\Local\LINE\bin\4.11.2.1298\LINE.exe
FirewallRules: [{3FFFBBF9-E5FB-4320-8C3B-DE58D40E45C2}] => (Allow) C:\Users\M\AppData\Local\LINE\bin\4.11.2.1298\LINE.exe
FirewallRules: [{27CD1FC5-585B-4694-ACFB-6370F2BF1FD7}] => (Allow) C:\Users\M\AppData\Local\LINE\bin\4.11.2.1298\LineUpdater.exe
FirewallRules: [{8DE37CC8-203E-4E72-A244-0E8B451E59F4}] => (Allow) C:\Users\M\AppData\Local\LINE\bin\4.11.2.1298\LineUpdater.exe
FirewallRules: [{3F176F4F-A34E-4F02-9B48-7E47BE659802}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{2ADFB605-0A1A-40C6-9613-A99910E000DC}] => (Allow) C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
FirewallRules: [{9E6CDF58-2665-4413-B1E4-7AE1768C4931}] => (Allow) C:\Program Files (x86)\Firefox\Firefox.exe
FirewallRules: [{0CC126A6-6EA2-4B9E-80D4-DBA156A276A3}] => (Allow) C:\Program Files (x86)\Standuck\Application\chrome.exe
==================== Wiederherstellungspunkte =========================
01-03-2017 23:24:47 JRT Pre-Junkware Removal
06-03-2017 00:47:50 JRT Pre-Junkware Removal
13-03-2017 08:27:47 JRT Pre-Junkware Removal
14-03-2017 00:31:35 JRT Pre-Junkware Removal
15-03-2017 10:59:09 JRT Pre-Junkware Removal
16-03-2017 11:22:17 JRT Pre-Junkware Removal
17-03-2017 14:47:50 JRT Pre-Junkware Removal
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: TOSHIBA Web Camera - HD
Description: USB-Videogerät
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (03/17/2017 10:58:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1203
Error: (03/17/2017 10:58:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1203
Error: (03/17/2017 10:25:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (03/17/2017 01:19:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9047
Error: (03/17/2017 01:19:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9047
Error: (03/17/2017 01:19:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (03/16/2017 10:14:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.3.9600.17415, Zeitstempel: 0x54504134
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.18438, Zeitstempel: 0x57ae642e
Ausnahmecode: 0xc0000409
Fehleroffset: 0x00000000000815f8
ID des fehlerhaften Prozesses: 0x14b0
Startzeit der fehlerhaften Anwendung: 0x01d29e9a4dd337ba
Pfad der fehlerhaften Anwendung: C:\Windows\system32\DllHost.exe
Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll
Berichtskennung: 8c203b36-0a8d-11e7-82ce-303a64aa1620
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (03/15/2017 01:29:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8438
Error: (03/15/2017 01:29:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8438
Error: (03/15/2017 01:29:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Systemfehler:
=============
Error: (03/17/2017 03:31:51 PM) (Source: Application Popup) (EventID: 56) (User: )
Description: ACPI4
Error: (03/17/2017 03:31:28 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\Windows\System32\IWMSSvc.dll
Error: (03/17/2017 03:31:28 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\Windows\System32\IWMSSvc.dll
Error: (03/17/2017 03:31:23 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\Windows\System32\IWMSSvc.dll
Error: (03/17/2017 03:30:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "TPCH Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/17/2017 03:30:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PDF Architect 4 Creator" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/17/2017 03:30:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/17/2017 03:30:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "TMachInfo" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/17/2017 03:30:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "DTS APO Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/17/2017 03:30:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) ME Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i3-4005U CPU @ 1.70GHz
Prozentuale Nutzung des RAM: 52%
Installierter physikalischer RAM: 4013.33 MB
Verfügbarer physikalischer RAM: 1921.48 MB
Summe virtueller Speicher: 5037.33 MB
Verfügbarer virtueller Speicher: 2350.83 MB
==================== Laufwerke ================================
Drive c: (TI31360000B) (Fixed) (Total:454.94 GB) (Free:395.73 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)
Partition: GPT.
==================== Ende von Addition.txt ============================
18.03.2017, 00:35
Baum-Darstellung