| |
| |||||||
Log-Analyse und Auswertung: Email Anhang(Zip-Datei) geöffnetWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
19.03.2017, 01:55
| #1 |
 |  Email Anhang(Zip-Datei) geöffnet Hallo, ich habe eine Phishing Mail von Online Pay AG erhalten. Ich habe leider überstürzt gehandelt, den Anhang heruntergeladen und geöffnet. Es war eine Zip Datei. Diese hat eine weiter Zip Datei beinhaltet, aber soweit ich mich erinnern kann keine exe Datei. Ich habe jetzt schon ein paar kostenlose Antivirus Programme durchlaufen lassen. Die haben bisher nichts angezeigt. Ich würde gerne noch meine Logdatein von euch durschauen lassen. Ich habe schon mit HijackThis ein Logfile erstellt und hier https://www.hijackthis.de/ eingetragen. Leider finde ich die Logfile nicht mehr. Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 15-03-2017
durchgeführt von Sergio (19-03-2017 01:44:38)
Gestartet von E:\Internet Downloads
Windows 10 Pro Version 1607 (X64) (2016-09-29 19:16:19)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-1478414814-3749218601-3539646535-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1478414814-3749218601-3539646535-503 - Limited - Disabled)
Gast (S-1-5-21-1478414814-3749218601-3539646535-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1478414814-3749218601-3539646535-1003 - Limited - Enabled)
postgres (S-1-5-21-1478414814-3749218601-3539646535-1007 - Limited - Enabled) => C:\Users\postgres
Sergio (S-1-5-21-1478414814-3749218601-3539646535-1001 - Administrator - Enabled) => C:\Users\Sergio
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
adaware antivirus (HKLM\...\{BECD7155-DC57-4F89-B1A8-A90B033C6209}_AdAwareUpdater) (Version: 12.0.649.11190 - adaware)
AdAwareInstaller (Version: 12.0.649.11190 - adaware) Hidden
AdAwareUpdater (Version: 12.0.649.11190 - adaware) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.19) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.19 - Adobe Systems Incorporated)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
AntimalwareEngine (Version: 3.0.144.0 - adaware) Hidden
Apple Application Support (32-Bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Ashampoo WinOptimizer 2017 (HKLM-x32\...\{4209F371-6CE9-533C-2CDC-94E053273B35}_is1) (Version: 14.00.04 - Ashampoo GmbH & Co. KG)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.2.2288 - AVAST Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
calibre 64bit (HKLM\...\{DD84AFA7-867C-428A-8FA4-59A98AB60A1F}) (Version: 2.7.0 - Kovid Goyal)
Catalyst Control Center Next Localization BR (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
chip 1-click download service (HKLM-x32\...\{503CA94E-0834-4CEE-AD92-BA17AF4E809A}) (Version: 3.6.9.0 - Chip Digital GmbH)
ComicRack v0.9.176 (HKLM\...\ComicRack) (Version: v0.9.176 - cYo Soft)
Dragon Ball Xenoverse 2 Digitale Deluxe Edition MULTi9 1.0 (HKLM-x32\...\Dragon Ball Xenoverse 2 Digitale Deluxe Edition MULTi9 1.0) (Version: - )
Evernote v. 6.4.2 (HKLM-x32\...\{E74F0DCA-9FC8-11E6-9D98-005056950253}) (Version: 6.4.2.3788 - Evernote Corp.)
f.lux (HKU\S-1-5-21-1478414814-3749218601-3539646535-1001\...\Flux) (Version: - )
FocalFilter (HKLM-x32\...\{78156F61-016D-402A-9EF9-C2AA253DB22A}) (Version: 0.9.00 - FocalFilter)
FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 1.0.1 - )
GeoGebra 5 (HKLM-x32\...\GeoGebra 5) (Version: 5.0.177.0 - International GeoGebra Institute)
Google Chrome (HKU\S-1-5-21-1478414814-3749218601-3539646535-1001\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 92 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418092F0}) (Version: 8.0.920.14 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
JetBrains PyCharm Community Edition 2016.3.2 (HKLM-x32\...\PyCharm Community Edition 2016.3.2) (Version: 163.10154.50 - JetBrains s.r.o.)
Maltego CE 4.0.11 (HKLM-x32\...\MaltegoCE 4.0.11) (Version: 4.0.11 - Paterva)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1478414814-3749218601-3539646535-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50905.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 47.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 47.0.2 (x86 de)) (Version: 47.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
Oracle VM VirtualBox 5.1.14 (HKLM\...\{6AE61854-0F78-49E3-ABCC-586FB43CE709}) (Version: 5.1.14 - Oracle Corporation)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version: - PokerStars.eu)
Python 3.6.0 (64-bit) (HKU\S-1-5-21-1478414814-3749218601-3539646535-1001\...\{37a4e38b-baf7-4500-97f1-0f7c51d9a395}) (Version: 3.6.150.0 - Python Software Foundation)
Python 3.6.0 Core Interpreter (64-bit) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Development Libraries (64-bit) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Documentation (64-bit) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Executables (64-bit) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 pip Bootstrap (64-bit) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Standard Library (64-bit) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Tcl/Tk Support (64-bit) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Test Suite (64-bit) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Utility Scripts (64-bit) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{A674B2CB-13CA-437B-A215-9DD257959A49}) (Version: 3.6.5835.0 - Python Software Foundation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
SafeZone Stable 3.55.2393.561 (x32 Version: 3.55.2393.561 - Avast Software) Hidden
Sandboxie 5.16 (64-bit) (HKLM\...\Sandboxie) (Version: 5.16 - Sandboxie Holdings, LLC)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
Soda PDF Desktop Asian Fonts Pack (Version: 9.0.24.30332 - LULU Software Limited) Hidden
Soda PDF Desktop Convert Module (Version: 9.0.24.30332 - LULU Software Limited) Hidden
Soda PDF Desktop Create Module (Version: 9.0.24.30332 - LULU Software Limited) Hidden
Soda PDF Desktop Edit Module (Version: 9.0.24.30332 - LULU Software Limited) Hidden
Soda PDF Desktop Forms Module (Version: 9.0.24.30332 - LULU Software Limited) Hidden
Soda PDF Desktop Insert Module (Version: 9.0.24.30332 - LULU Software Limited) Hidden
Soda PDF Desktop OCR Module (Version: 9.0.24.30332 - LULU Software Limited) Hidden
Soda PDF Desktop Review Module (Version: 9.0.24.30332 - LULU Software Limited) Hidden
Soda PDF Desktop Secure Module (Version: 9.0.24.30332 - LULU Software Limited) Hidden
Soda PDF Desktop View Module (Version: 9.0.24.30332 - LULU Software Limited) Hidden
South Park Der Stab der Wahrheit Incl. Ultimate Fellowship Pack MULTI-2 1.00 (HKLM-x32\...\South Park Der Stab der Wahrheit Incl. Ultimate Fellowship Pack MULTI-2 1.00) (Version: - )
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Spotify (HKU\S-1-5-21-1478414814-3749218601-3539646535-1001\...\Spotify) (Version: 1.0.50.41368.gbd68dbef - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.0 - Krzysztof Kowalczyk)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
Tenable Nessus (x64) (HKLM\...\{BD1A3F84-26A0-4B77-9441-A25A9456D05D}) (Version: 6.10.2.20085 - Tenable Network Security, Inc.)
The Elder Scrolls V Skyrim Total Conversion Enderal Edition 1.0.0.9 (HKLM-x32\...\The Elder Scrolls V Skyrim Total Conversion Enderal Edition 1.0.0.9) (Version: - )
The Swapper (HKLM\...\Steam App 231160) (Version: - Olli Harjola, Otto Hantula, Tom Jubert, Carlo Castellano)
The Talos Principle MULTi12 244371 (HKLM-x32\...\The Talos Principle MULTi12 244371) (Version: - )
The Witness MULTi2 1.0 (HKLM-x32\...\The Witness MULTi2 1.0) (Version: - )
The Witness Update 3 MULTi2 1.0 (HKLM-x32\...\The Witness Update 3 MULTi2 1.0) (Version: - )
Transmissions: Element 120 (HKLM\...\Steam App 365300) (Version: - Shokunin)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{5D2260D6-DB16-41DC-915B-A39BF4F66362}) (Version: - Microsoft)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VMware Player (HKLM-x32\...\VMware_Player) (Version: 6.0.7 - VMware, Inc)
VMware Player (Version: 6.0.7 - VMware, Inc.) Hidden
WinRAR 5.40 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wise Registry Cleaner 9.41 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 9.41 - WiseCleaner.com, Inc.)
XMind 7 (Update 1) (v3.6.1) (HKLM-x32\...\XMind_is1) (Version: 3.6.1.201512240104 - XMind Ltd.)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1478414814-3749218601-3539646535-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Sergio\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1478414814-3749218601-3539646535-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Sergio\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {05866645-3760-4F4E-BC6C-3BBDEDFB310F} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-02-26] (Advanced Micro Devices, Inc.)
Task: {05C0574D-989C-4495-8DE8-D6246D77AF3C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {12154CA5-8F42-4B2F-A33E-3A02C98490B3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {1BFBFA70-D3C6-4DB6-A3D3-6A34F0996C8F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1478414814-3749218601-3539646535-1001Core => C:\Users\Sergio\AppData\Local\Google\Update\GoogleUpdate.exe [2015-03-26] (Google Inc.)
Task: {1CF529C5-D29F-43AE-92FD-82A50EC964BA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1478414814-3749218601-3539646535-1001Core1d2597b6c57f2c5 => C:\Users\Sergio\AppData\Local\Google\Update\GoogleUpdate.exe [2015-03-26] (Google Inc.)
Task: {2AA358D6-9F4F-48E9-916F-1A0EDC6BE390} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {30F3058C-0415-4F77-84D4-B602143DF305} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => %SystemRoot%\System32\AutoWorkplace.exe
Task: {377CB5EC-1FF1-4320-9889-A0AB77542A9E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-18] (Adobe Systems Incorporated)
Task: {3D20A507-D104-4CED-89A4-AF8E3F5AAC5C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {41AE71CD-3633-4445-9DD8-8E56D5BB7919} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-03-18] (AVAST Software)
Task: {43B97978-A6E7-44F8-B307-9CD98822E46C} - System32\Tasks\{B009C1D4-4FB9-4DE4-AEC7-12D4889EE128} => pcalua.exe -a "F:\Life Is Strange\Binaries\Win32\LifeIsStrange.exe" -d "F:\Life Is Strange\Binaries\Win32"
Task: {4828E74B-9E89-46CC-9738-CB90DB87849F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {4A698CF9-7317-4812-B893-2ED3C387B5BE} - System32\Tasks\WiseCleaner\WRCSkipUAC => C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe [2017-02-24] (WiseCleaner.com)
Task: {4ACAD694-0240-4765-BA30-2BC16F8E9EB3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {4E5192E3-4E39-4011-A759-A7FC60E97131} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {56BD91C2-7935-449E-9A59-5C3704317F6F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {57033CC7-D3A0-4EAD-A992-F3900D9707E6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-03] (Piriform Ltd)
Task: {5BC97B11-E50F-4910-B8EA-B069DA4F7BBE} - System32\Tasks\SafeZone scheduled Autoupdate 1489876984 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-02-15] (Avast Software)
Task: {6324C092-090C-47D8-9DC5-45B732284B97} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {75AAB113-5325-48D5-B655-732CC5E749E4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {7996838F-3C7C-4E99-88CF-527934FEDA39} - System32\Tasks\Auto Re-Aktivierung => C:\WINDOWS\Re-Aktivierung\TriggerKMS.exe [2013-01-23] ()
Task: {838F70AE-67A7-4327-AB01-D85A7E6734B1} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {9148DF24-37DC-4805-9F26-DF5BCE9715A9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1478414814-3749218601-3539646535-1001UA => C:\Users\Sergio\AppData\Local\Google\Update\GoogleUpdate.exe [2015-03-26] (Google Inc.)
Task: {A145E2BD-13DB-446C-8821-33AC603DDDE2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {A85DBF88-3373-427A-9A4E-5749730B3413} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {BD98A2E4-0C6E-4836-9C3D-16F4843C32DC} - System32\Tasks\Wise Registry Cleaner Schedule Task => C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe [2017-02-24] (WiseCleaner.com)
Task: {BE8DAB0C-5FAF-45A6-A5E7-BE07970E0515} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {C2240968-5C24-4A71-816D-7A321E9E1A2F} - System32\Tasks\{DD5EF7D6-65B6-4080-B57C-5810676A3FEA} => Firefox.exe hxxp://ui.skype.com/ui/0/6.21.60.104/de/abandoninstall?page=tsBing
Task: {D7E2333E-A177-4BF2-9C9E-4A5584D13208} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {D80DA320-B7AE-4200-9C6D-6CD0EC753296} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {E03FB901-52D3-453C-A2C8-E048E8DE5B75} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {E4015168-5F3B-4C32-93EC-98E3B5132F6A} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-03-18] (AVAST Software)
Task: {EF679536-F393-428B-947B-09BA2A858E4D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {F56BBAD0-3E2C-46C1-AE47-78A3F2DDE496} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {F69F380B-C6CC-4E25-85D7-5A95585509AF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1478414814-3749218601-3539646535-1001UA1d2597b6c617c32 => C:\Users\Sergio\AppData\Local\Google\Update\GoogleUpdate.exe [2015-03-26] (Google Inc.)
Task: {FA1C89C0-1F9A-4401-9AE3-5C5284B8138A} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Sergio\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1478414814-3749218601-3539646535-1001Core.job => C:\Users\Sergio\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1478414814-3749218601-3539646535-1001UA.job => C:\Users\Sergio\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-18 23:02 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-12-18 23:02 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-18 23:02 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-30 08:34 - 2016-09-07 05:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-16 14:57 - 2016-12-21 08:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-16 14:57 - 2016-12-21 07:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-16 14:57 - 2016-12-21 07:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-16 14:57 - 2016-12-21 07:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-16 14:57 - 2016-12-21 07:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-16 14:57 - 2016-12-21 07:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-16 14:57 - 2016-12-21 07:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-03-13 18:23 - 2017-03-13 18:23 - 00077312 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-03-13 18:23 - 2017-03-13 18:23 - 00182784 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-03-13 18:23 - 2017-03-13 18:23 - 41048064 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-03-13 18:23 - 2017-03-13 18:23 - 02236896 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\roottools.dll
2015-06-25 16:34 - 2015-06-25 16:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 16:37 - 2015-06-25 16:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 16:35 - 2015-06-25 16:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2015-06-25 16:38 - 2015-06-25 16:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 15:53 - 2015-06-25 15:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 15:51 - 2015-06-25 15:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2017-02-27 19:37 - 2017-02-27 19:37 - 00019456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-02-27 19:37 - 2017-02-27 19:37 - 21149696 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-02-27 19:37 - 2017-02-27 19:37 - 05380096 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2016-06-09 18:30 - 2016-06-09 18:30 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2017-02-27 19:37 - 2017-02-27 19:37 - 00387584 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-02-27 19:37 - 2017-02-27 19:37 - 01047552 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2016-03-03 17:58 - 2016-03-03 17:58 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-02-21 14:45 - 2017-02-21 14:45 - 00585784 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareService.exe
2017-02-21 14:50 - 2017-02-21 14:50 - 00121816 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\boost_thread-vc140-mt-1_61.dll
2017-02-21 14:50 - 2017-02-21 14:50 - 00030680 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\boost_system-vc140-mt-1_61.dll
2017-02-21 14:50 - 2017-02-21 14:50 - 00067544 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\boost_date_time-vc140-mt-1_61.dll
2017-02-21 14:50 - 2017-02-21 14:50 - 00144856 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\boost_filesystem-vc140-mt-1_61.dll
2017-02-21 14:50 - 2017-02-21 14:50 - 00733144 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\boost_log-vc140-mt-1_61.dll
2017-02-21 14:50 - 2017-02-21 14:50 - 00524760 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\boost_locale-vc140-mt-1_61.dll
2017-02-21 14:50 - 2017-02-21 14:50 - 00039384 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\boost_chrono-vc140-mt-1_61.dll
2017-02-21 14:50 - 2017-02-21 14:50 - 11554264 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\rpc_server.dll
2017-02-21 14:51 - 2017-02-21 14:51 - 03712984 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\RCF.dll
2017-02-21 14:50 - 2017-02-21 14:50 - 01000920 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\boost_regex-vc140-mt-1_61.dll
2017-02-21 14:49 - 2017-02-21 14:49 - 01142232 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareActivation.dll
2017-02-21 14:49 - 2017-02-21 14:49 - 00633816 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareApplicationUpdater.dll
2017-02-21 14:50 - 2017-02-21 14:50 - 00843736 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareGamingMode.dll
2017-02-21 14:50 - 2017-02-21 14:50 - 00120280 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareReset.dll
2017-02-21 14:50 - 2017-02-21 14:50 - 00142296 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareTime.dll
2017-02-21 14:49 - 2017-02-21 14:49 - 01024472 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareDefinitionsUpdater.dll
2017-02-21 14:49 - 2017-02-21 14:49 - 00906712 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareDefinitionsUpdaterScheduler.dll
2017-02-21 14:50 - 2017-02-21 14:50 - 01468376 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareIgnoreList.dll
2017-02-21 14:50 - 2017-02-21 14:50 - 00261080 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareQuarantine.dll
2017-02-21 14:49 - 2017-02-21 14:49 - 01652184 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareAntiMalwareEngine.dll
2017-02-21 14:50 - 2017-02-21 14:50 - 01194456 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareScannerHistory.dll
2017-02-21 14:50 - 2017-02-21 14:50 - 01553880 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareScanner.dll
2017-02-21 14:50 - 2017-02-21 14:50 - 00039384 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\boost_timer-vc140-mt-1_61.dll
2017-02-21 14:50 - 2017-02-21 14:50 - 01032152 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareScannerScheduler.dll
2017-02-21 14:50 - 2017-02-21 14:50 - 01183192 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareRealTimeProtection.dll
2017-02-21 14:50 - 2017-02-21 14:50 - 02887640 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareIncompatibles.dll
2017-02-21 14:49 - 2017-02-21 14:49 - 01525208 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareAntiSpam.dll
2017-02-21 14:49 - 2017-02-21 14:49 - 01456600 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareAntiPhishing.dll
2017-02-21 14:50 - 2017-02-21 14:50 - 03464664 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareParentalControl.dll
2017-02-21 14:50 - 2017-02-21 14:50 - 01653720 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareWebProtection.dll
2017-02-21 14:49 - 2017-02-21 14:49 - 01598936 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareEmailProtection.dll
2017-02-21 14:50 - 2017-02-21 14:50 - 00073176 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\boost_iostreams-vc140-mt-1_61.dll
2017-02-21 14:50 - 2017-02-21 14:50 - 01712088 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareNetworkProtection.dll
2017-02-21 14:50 - 2017-02-21 14:50 - 01067480 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwarePromo.dll
2017-02-21 14:50 - 2017-02-21 14:50 - 00475096 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareFeedback.dll
2017-02-21 14:50 - 2017-02-21 14:50 - 03166168 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareThreatWorkAlliance.dll
2017-02-21 14:50 - 2017-02-21 14:50 - 00667096 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwarePinCode.dll
2017-02-21 14:50 - 2017-02-21 14:50 - 01069528 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareNotice.dll
2017-02-21 14:49 - 2017-02-21 14:49 - 01598424 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareAvcEngine.dll
2017-02-21 14:50 - 2017-02-21 14:50 - 01496536 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareRealTimeProtectionHistory.dll
2017-02-21 14:50 - 2017-02-21 14:50 - 00774104 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareStatistics.dll
2017-02-21 14:50 - 2017-02-21 14:50 - 04461016 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareTray.exe
2017-02-21 14:50 - 2017-02-21 14:50 - 11717592 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\rpc_client.dll
2016-07-16 12:42 - 2016-07-16 12:42 - 01872384 _____ () C:\Windows\System32\speech_onecore\engines\tts\MSTTSEngine_OneCore.dll
2015-06-24 14:28 - 2015-06-24 14:28 - 01301720 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2016-10-31 17:45 - 2016-10-31 17:45 - 00148664 _____ () C:\Program Files (x86)\Evernote\Evernote\zlibwapi.dll
2016-10-31 17:45 - 2016-10-31 17:45 - 26137272 _____ () C:\Program Files (x86)\Evernote\Evernote\libcef.dll
2016-10-31 17:45 - 2016-10-31 17:45 - 00212664 _____ () C:\Program Files (x86)\Evernote\Evernote\websockets.dll
2016-10-31 17:45 - 2016-10-31 17:45 - 00321208 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2016-10-31 17:17 - 2016-10-31 17:17 - 00740352 _____ () C:\Program Files (x86)\Evernote\Evernote\libglesv2.dll
2016-10-31 17:17 - 2016-10-31 17:17 - 00130048 _____ () C:\Program Files (x86)\Evernote\Evernote\libegl.dll
2017-03-18 23:41 - 2017-03-18 23:41 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-03-18 23:41 - 2017-03-18 23:41 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-03-18 23:40 - 2017-03-18 23:40 - 00290352 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-03-18 23:41 - 2017-03-18 23:41 - 00655056 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-03-19 01:07 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-03-19 01:07 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2017-03-19 01:07 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2017-03-19 01:07 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2017-03-19 01:07 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Users\Sergio\Desktop\2014-06-09 12.36.44.jpg:com.dropbox.attributes [912]
AlternateDataStreams: C:\Users\Sergio\Desktop\2014-06-09 12.41.14.jpg:com.dropbox.attributes [225]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\adawareantivirusservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\adawareantivirusservice => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1478414814-3749218601-3539646535-1001\...\localhost -> localhost
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 14:25 - 2016-12-13 20:23 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\AvGeneric_S-1-5-21-1478414814-3749218601-3539646535-1007\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-1478414814-3749218601-3539646535-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Sergio\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img2.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
HKLM\...\StartupApproved\StartupFolder: => "Audible Download Manager.lnk"
HKLM\...\StartupApproved\StartupFolder: => "FocalFilterHelper.lnk"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "StartCN"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKU\S-1-5-21-1478414814-3749218601-3539646535-1001\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
HKU\S-1-5-21-1478414814-3749218601-3539646535-1001\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
HKU\S-1-5-21-1478414814-3749218601-3539646535-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1478414814-3749218601-3539646535-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-1478414814-3749218601-3539646535-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1478414814-3749218601-3539646535-1001\...\StartupApproved\Run: => "adaware browser dock"
HKU\S-1-5-21-1478414814-3749218601-3539646535-1001\...\StartupApproved\Run: => "Ad-Aware Search Companion"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{4C815F25-BA44-4DF0-A139-B4513592AB11}] => (Allow) E:\Programme\Steam\SteamApps\common\Transmissions Element 120\hl2.exe
FirewallRules: [{4AF4DBE9-2A28-45E8-A394-CF9DDBF7E046}] => (Allow) E:\Programme\Steam\SteamApps\common\Transmissions Element 120\hl2.exe
FirewallRules: [{47A0FAEC-0EED-465B-B623-8E03A2EF9F4A}] => (Allow) E:\Programme\Steam\SteamApps\common\The Swapper\TheSwapper.exe
FirewallRules: [{32189D55-9C1C-46C4-B9DB-0392B2032C1D}] => (Allow) E:\Programme\Steam\SteamApps\common\The Swapper\TheSwapper.exe
FirewallRules: [{23A94911-6B0C-4AD2-9CF3-1E3C4DF42CEF}] => (Allow) E:\Programme\Steam\SteamApps\common\Source SDK Base\hl2.exe
FirewallRules: [{14CD92EA-C74F-46A5-8AE1-1256A02B73B5}] => (Allow) E:\Programme\Steam\SteamApps\common\Source SDK Base\hl2.exe
FirewallRules: [{9A299CDF-8BB6-4808-855F-F7C6CFD167A7}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{6675D4DE-F544-4B9B-A575-E6846DD19E20}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{B0C6423F-1101-4D9A-8753-70A726AF5D5C}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{87D07077-0624-4F4D-900A-D386616BC2AD}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{009303E8-3CA0-4E1E-820F-CDE4AD59A1D6}] => (Block) C:\users\sergio\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [{1855B2DC-993E-44BF-B82A-82A401F84346}] => (Block) C:\users\sergio\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{B08CCC1D-249D-415A-8AF7-DFE695CC02A4}C:\users\sergio\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\sergio\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{92FC82E6-BB8B-4FDB-BB0C-D66610CC6E81}C:\users\sergio\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\sergio\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{584B85C8-235C-45FB-9319-87EF691E539D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{33DFD8A9-855F-4E8B-90E4-926E8A79B917}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{65CD0DC4-573A-4AB2-A279-A06DDCD94042}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9B5CB91F-B20C-496F-8460-B7BE1F4AFC7B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CDB31AB7-B993-4463-991F-B3EB167A3E23}] => (Block) C:\users\sergio\appdata\roaming\spotify\spotify.exe
FirewallRules: [{85CE2457-1383-4B34-BC70-5CA7C0BC5A85}] => (Block) C:\users\sergio\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{18FD3C22-8C57-4B91-97BC-F02E9C848220}C:\users\sergio\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sergio\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{0D0FB75B-A70C-402D-A16F-3513F8A6413B}C:\users\sergio\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sergio\appdata\roaming\spotify\spotify.exe
FirewallRules: [{582F26A3-1FAD-42CB-BFB8-DB77E40EC5A5}] => (Allow) LPort=5432
FirewallRules: [{9E7793F6-2CCD-44F1-8D81-F075D049DDB3}] => (Block) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [{CAEB2973-36B7-4F35-A65A-7C4651A0FA4A}] => (Block) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{7F4C7349-2C86-498A-86FB-BC98B46CEB17}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{24433994-3951-43D1-84CA-58C7E56D128C}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [{896305FD-B8F2-4767-A7D4-AF7AE2FC10A1}] => (Allow) E:\Programme\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{ED008F0A-3699-49D8-BB63-729B1FEBE9C5}] => (Allow) E:\Programme\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{1DBD2A9C-E0C4-4A62-82B9-695C77AC5539}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A1280161-B9C7-48B9-9966-18A895246AC7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{B6018279-DBCC-44F5-A85B-7F0E7FD3C508}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{C60CA2E5-E012-46D7-A014-68EB519DEC77}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{BA017C2C-61FD-4A8E-9A4B-B19C5F76EC42}C:\program files\comicrack\comicrack.exe] => (Allow) C:\program files\comicrack\comicrack.exe
FirewallRules: [TCP Query User{8A02E307-EB1C-4D12-882F-FF81FACC0914}C:\program files\comicrack\comicrack.exe] => (Allow) C:\program files\comicrack\comicrack.exe
FirewallRules: [UDP Query User{A26D4721-8F6B-4D4A-B429-722CF1A9DDF4}C:\program files\comicrack\comicrack.exe] => (Allow) C:\program files\comicrack\comicrack.exe
FirewallRules: [TCP Query User{B9867C9B-0E8C-4B86-8DD7-AB4AD89674A9}C:\program files\comicrack\comicrack.exe] => (Allow) C:\program files\comicrack\comicrack.exe
FirewallRules: [UDP Query User{0DE25D3A-A50D-4640-A918-C97C3D1E4E4F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{B46581C9-E59C-4D84-BFB1-6C9C1CF619D5}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{3D1D317E-92BE-4AD7-AE40-DCEF97EE6F30}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{DCDF178F-94BA-423C-93AF-32ABA338F5B2}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{3BFDC46F-7EF3-4D7B-BADF-37C1CD73DBA8}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{71A620CB-4170-4016-8DE5-6BD6C5B280BA}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{51E9595D-0B58-445E-8FF9-D91A0E2B56C3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{89FA8679-D274-40D5-8BCA-C4F7FAECC288}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{17602036-2F09-45C4-96DE-81E103792C0C}C:\program files (x86)\xmind\xmind.exe] => (Allow) C:\program files (x86)\xmind\xmind.exe
FirewallRules: [UDP Query User{47B0516F-37FD-411C-ABF4-31E6FF92ABAE}C:\program files (x86)\xmind\xmind.exe] => (Allow) C:\program files (x86)\xmind\xmind.exe
FirewallRules: [{E2AFCA20-7814-40F8-A2E4-A56B54B2B703}] => (Block) C:\program files (x86)\xmind\xmind.exe
FirewallRules: [{FFE14415-8CB9-46A2-93AE-FCA222B3FEB6}] => (Block) C:\program files (x86)\xmind\xmind.exe
FirewallRules: [{DF131065-E096-470C-B6C4-0BDC3B7AD887}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{39AA17E3-BFDE-40D5-9EB3-CC8F488F2791}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{C462C04B-0D25-49B1-BF38-97DB80556660}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{1317C778-FF74-44DB-B012-C987FF732B42}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [TCP Query User{C665D105-55D0-4485-9F8F-98BFAFC4277A}C:\program files (x86)\jetbrains\pycharm community edition 2016.3.2\bin\pycharm.exe] => (Allow) C:\program files (x86)\jetbrains\pycharm community edition 2016.3.2\bin\pycharm.exe
FirewallRules: [UDP Query User{89F44F37-EE89-49AC-9CF0-D7A984CC4463}C:\program files (x86)\jetbrains\pycharm community edition 2016.3.2\bin\pycharm.exe] => (Allow) C:\program files (x86)\jetbrains\pycharm community edition 2016.3.2\bin\pycharm.exe
FirewallRules: [{FCA6B532-4E95-469C-95E1-E58DA1577D22}] => (Block) C:\program files (x86)\jetbrains\pycharm community edition 2016.3.2\bin\pycharm.exe
FirewallRules: [{8DB45E81-EE46-454C-9C3B-8822B06D4867}] => (Block) C:\program files (x86)\jetbrains\pycharm community edition 2016.3.2\bin\pycharm.exe
FirewallRules: [{646A70D8-16BB-4ADD-8797-DF653A94BB69}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.561\SZBrowser.exe
FirewallRules: [{87A747CA-FD99-4796-8585-B3AE0E5C1AFE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2A3FF431-1752-43AF-8AD1-087AA8AB8B45}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F7438A7F-5156-4022-A304-F2ED32707A1D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1D667304-E1AC-41D7-AE98-239DD24636D3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{94A6CFFB-2252-4515-94E5-28245AD1CBF7}] => (Allow) C:\Program Files\iTunes\iTunes.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Wiederherstellungspunkte =========================
ACHTUNG: Systemwiederherstellung ist deaktiviert
==================== Fehlerhafte Geräte im Gerätemanager =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (03/19/2017 12:00:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: microsoftedgecp.exe, Version: 11.0.14393.82, Zeitstempel: 0x57a55786
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000604
Fehleroffset: 0x0000000000000000
ID des fehlerhaften Prozesses: 0x2a9c
Startzeit der fehlerhaften Anwendung: 0x01d2a03b629d3174
Pfad der fehlerhaften Anwendung: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: e1005bb4-b07d-4cfd-a84f-5673e4768a0d
Vollständiger Name des fehlerhaften Pakets: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MicrosoftEdge
Error: (03/19/2017 12:00:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: microsoftedgecp.exe, Version: 11.0.14393.82, Zeitstempel: 0x57a55786
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000604
Fehleroffset: 0x0000000000000000
ID des fehlerhaften Prozesses: 0x2a9c
Startzeit der fehlerhaften Anwendung: 0x01d2a03b629d3174
Pfad der fehlerhaften Anwendung: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 1502f4c6-37e3-4962-9115-0c4bb8d94caf
Vollständiger Name des fehlerhaften Pakets: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MicrosoftEdge
Error: (03/18/2017 11:58:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SERGIOS-PC)
Description: Bei der Aktivierung der App „Microsoft.BingFoodAndDrink_8wekyb3d8bbwe!AppexFoodAndDrink“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (03/18/2017 11:48:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 42.0.0.5780, Zeitstempel: 0x5632d0a4
Name des fehlerhaften Moduls: mozglue.dll, Version: 42.0.0.5780, Zeitstempel: 0x5632ba58
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000ed50
ID des fehlerhaften Prozesses: 0x1784
Startzeit der fehlerhaften Anwendung: 0x01d2a036e51d7f29
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
Berichtskennung: e823e1c5-594e-4361-be5e-c0c8886034cd
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (03/18/2017 11:42:00 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll".
Die abhängige Assemblierung "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (03/18/2017 09:58:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SERGIOS-PC)
Description: Bei der Aktivierung der App „Microsoft.BingFoodAndDrink_8wekyb3d8bbwe!AppexFoodAndDrink“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (03/18/2017 09:12:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SERGIOS-PC)
Description: Bei der Aktivierung der App „Microsoft.BingFoodAndDrink_8wekyb3d8bbwe!AppexFoodAndDrink“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (03/18/2017 09:00:04 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (03/18/2017 12:21:03 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.
Error: (03/17/2017 11:57:42 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SERGIOS-PC)
Description: Bei der Aktivierung der App „Microsoft.BingFoodAndDrink_8wekyb3d8bbwe!AppexFoodAndDrink“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Systemfehler:
=============
Error: (03/19/2017 12:39:10 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Soda PDF Desktop Creator" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/19/2017 12:38:19 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (03/18/2017 11:43:40 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (03/18/2017 11:41:20 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (03/18/2017 10:53:29 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "chip 1-click download service" hat einen ungültigen aktuellen Status gemeldet: 0
Error: (03/18/2017 10:53:29 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "chip 1-click download service" hat einen ungültigen aktuellen Status gemeldet: 0
Error: (03/18/2017 10:51:49 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (03/18/2017 09:15:28 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: Der Server "{784E29F4-5EBE-4279-9948-1E8FE941646D}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (03/18/2017 09:12:28 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
und der APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (03/18/2017 01:05:16 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5
CodeIntegrity:
===================================
Date: 2017-03-18 00:15:51.902
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-03-08 20:41:44.737
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-03-07 16:07:59.583
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-03-05 12:03:31.285
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-03-03 17:01:58.393
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-03-01 22:16:13.030
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-02-28 23:26:03.401
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-02-28 12:36:19.913
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-02-04 18:13:32.823
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-01-25 14:45:21.281
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Speicherinformationen ===========================
Prozessor: AMD Phenom(tm) II X4 945 Processor
Prozentuale Nutzung des RAM: 31%
Installierter physikalischer RAM: 16383.17 MB
Verfügbarer physikalischer RAM: 11175.08 MB
Summe virtueller Speicher: 18815.17 MB
Verfügbarer virtueller Speicher: 13238.09 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:100.21 GB) (Free:2.2 GB) NTFS
Drive d: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive e: () (Fixed) (Total:931.41 GB) (Free:44.85 GB) NTFS
Drive f: () (Fixed) (Total:156.25 GB) (Free:30.61 GB) NTFS
Drive h: () (Fixed) (Total:100 GB) (Free:99.68 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: FEBD6380)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 01EE8E42)
Partition 1: (Not Active) - (Size=100.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)
========================================================
Disk: 2 (Size: 335.4 GB) (Disk ID: F261F55D)
Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=156.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=79.1 GB) - (Type=05)
==================== Ende von Addition.txt ============================
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
durchgeführt von Sergio (Administrator) auf SERGIOS-PC (19-03-2017 01:43:45)
Gestartet von E:\Internet Downloads
Geladene Profile: Sergio (Verfügbare Profile: Sergio & postgres)
Platform: Windows 10 Pro Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Tenable Network Security, Inc) C:\Program Files\Tenable\Nessus\nessus-service.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Tenable Network Security, Inc) C:\Program Files\Tenable\Nessus\nessusd.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
(Flux Software LLC) C:\Users\Sergio\AppData\Local\FluxSoftware\Flux\flux.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Krzysztof Kowalczyk) C:\Program Files (x86)\SumatraPDF\SumatraPDF.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Chip Digital GmbH) C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
() C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareService.exe
() C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4926664 2016-02-26] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-07] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM\...\Run: [AdAwareTray] => C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareTray.exe [4461016 2017-02-21] ()
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-03-18] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2016-12-17] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\AvGeneric_S-1-5-21-1478414814-3749218601-3539646535-1007\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-21-1478414814-3749218601-3539646535-1001\...\Run: [Spotify Web Helper] => C:\Users\Sergio\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-03-11] (Spotify Ltd)
HKU\S-1-5-21-1478414814-3749218601-3539646535-1001\...\Run: [Google Update] => C:\Users\Sergio\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-18] (Google Inc.)
HKU\S-1-5-21-1478414814-3749218601-3539646535-1001\...\Run: [f.lux] => C:\Users\Sergio\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-1478414814-3749218601-3539646535-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-03] (Piriform Ltd)
HKU\S-1-5-21-1478414814-3749218601-3539646535-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [799376 2016-12-14] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-1478414814-3749218601-3539646535-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1478414814-3749218601-3539646535-1001\...\MountPoints2: {b52f257e-9541-11e6-82b3-485b39c9a198} - "K:\HiSuiteDownLoader.exe"
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-03-18] (AVAST Software)
ShellIconOverlayIdentifiers: [00ExpanDriveExt1] -> {C955792B-31A0-4791-9DDE-0A9A57411C16} => -> Keine Datei
ShellIconOverlayIdentifiers: [00ExpanDriveExt2] -> {C955792C-31A0-4791-9DDE-0A9A57411C16} => -> Keine Datei
ShellIconOverlayIdentifiers-x32: [00ExpanDriveExt1] -> {C955792B-31A0-4791-9DDE-0A9A57411C16} => -> Keine Datei
ShellIconOverlayIdentifiers-x32: [00ExpanDriveExt2] -> {C955792C-31A0-4791-9DDE-0A9A57411C16} => -> Keine Datei
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk [2015-05-07]
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Keine Datei)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FocalFilterHelper.lnk [2016-02-26]
ShortcutTarget: FocalFilterHelper.lnk -> C:\Program Files (x86)\FocalFilter\FocalFilterHelper.exe (Microsoft)
Startup: C:\Users\Sergio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2015-08-09]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Sergio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2016-04-20]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy\User: Beschränkung <======= ACHTUNG
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{65462354-7EE1-4401-902C-4D58B7DBDA87}: [DhcpNameServer] 7.254.254.254
Tcpip\..\Interfaces\{8c608b9e-9074-4d1b-b1db-702840d39f03}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{aa6288ab-a4c6-4734-8fa6-9d9b694d76cd}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1478414814-3749218601-3539646535-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\AvGeneric_S-1-5-21-1478414814-3749218601-3539646535-1007 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1478414814-3749218601-3539646535-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1478414814-3749218601-3539646535-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-03-18] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-18] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2016-10-31] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Sergio\AppData\Roaming\Mozilla\Firefox\Profiles\0fihcjle.default [2017-03-19]
FF NewTab: Mozilla\Firefox\Profiles\0fihcjle.default -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\0fihcjle.default -> Google
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\0fihcjle.default -> hxxps://www.google.com/search?bcutc=sp-006
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\0fihcjle.default -> Google
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\0fihcjle.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\0fihcjle.default -> hxxps://www.google.com/?bcutc=sp-006
FF Keyword.URL: Mozilla\Firefox\Profiles\0fihcjle.default -> hxxps://www.google.com/search?bcutc=sp-006
FF Extension: (BeeLine Reader) - C:\Users\Sergio\AppData\Roaming\Mozilla\Firefox\Profiles\0fihcjle.default\Extensions\beelinereader-firefox@beelinereader.com.xpi [2016-03-08]
FF Extension: (FoxyProxy Standard) - C:\Users\Sergio\AppData\Roaming\Mozilla\Firefox\Profiles\0fihcjle.default\Extensions\foxyproxy@eric.h.jung [2017-02-07]
FF Extension: (convert2mp3.net YouTube2MP3 Converter) - C:\Users\Sergio\AppData\Roaming\Mozilla\Firefox\Profiles\0fihcjle.default\Extensions\info@convert2mp3.net.xpi [2016-12-15]
FF Extension: (pdf updater) - C:\Users\Sergio\AppData\Roaming\Mozilla\Firefox\Profiles\0fihcjle.default\Extensions\{34840d80-0446-4a42-83ce-5c0fa22cd4e3}.xpi [2016-05-18] [ist nicht signiert]
FF Extension: (NoScript) - C:\Users\Sergio\AppData\Roaming\Mozilla\Firefox\Profiles\0fihcjle.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-08-13]
FF Extension: (LeechBlock) - C:\Users\Sergio\AppData\Roaming\Mozilla\Firefox\Profiles\0fihcjle.default\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387} [2017-01-22]
FF Extension: (Adblock Plus) - C:\Users\Sergio\AppData\Roaming\Mozilla\Firefox\Profiles\0fihcjle.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24]
FF Extension: (DownThemAll!) - C:\Users\Sergio\AppData\Roaming\Mozilla\Firefox\Profiles\0fihcjle.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-04-15]
FF SearchPlugin: C:\Users\Sergio\AppData\Roaming\Mozilla\Firefox\Profiles\0fihcjle.default\searchplugins\google-avast.xml [2017-03-18]
FF HKLM\...\Firefox\Extensions: [soda_pdf_desktop_conv@sodapdf.com] - C:\Program Files\Soda PDF Desktop\resources\sodapdfdesktopfirefoxextension => nicht gefunden
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-18] ()
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-18] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-18] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
FF Plugin-x32: Soda PDF Desktop -> C:\Program Files (x86)\Soda PDF Desktop\np-previewer.dll [2016-10-21] (LULU SOFTWARE LIMITED)
FF Plugin HKU\S-1-5-21-1478414814-3749218601-3539646535-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Sergio\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-1478414814-3749218601-3539646535-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Sergio\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Sergio\AppData\Local\Google\Chrome\User Data\Default [2017-03-18]
CHR Extension: (Google Präsentationen) - C:\Users\Sergio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-26]
CHR Extension: (Google Docs) - C:\Users\Sergio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-26]
CHR Extension: (Google Drive) - C:\Users\Sergio\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-11]
CHR Extension: (YouTube) - C:\Users\Sergio\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-11]
CHR Extension: (Google-Suche) - C:\Users\Sergio\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-11]
CHR Extension: (Google Tabellen) - C:\Users\Sergio\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-26]
CHR Extension: (Google Docs Offline) - C:\Users\Sergio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-21]
CHR Extension: (AMZ Seller Browser) - C:\Users\Sergio\AppData\Local\Google\Chrome\User Data\Default\Extensions\klgpelgeohjghmccooegimcfhanlnngc [2016-05-09]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Sergio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-12]
CHR Extension: (Google Mail) - C:\Users\Sergio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-01]
CHR Extension: (Chrome Media Router) - C:\Users\Sergio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-11]
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 adawareantivirusservice; C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareService.exe [585784 2017-02-21] ()
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-04] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7147320 2017-03-18] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-03-18] (AVAST Software)
R2 chip1click; C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe [91136 2016-10-27] (Chip Digital GmbH) [Datei ist nicht signiert]
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [197776 2016-12-14] (Sandboxie Holdings, LLC)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R2 Tenable Nessus; C:\Program Files\Tenable\Nessus\nessus-service.exe [17376 2017-02-15] (Tenable Network Security, Inc)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S3 Soda PDF Desktop; "C:\Program Files\Soda PDF Desktop\ws.exe" [X]
S3 Soda PDF Desktop CrashHandler; "C:\Program Files\Soda PDF Desktop\crash-handler-ws.exe" [X]
S2 Soda PDF Desktop Creator; "C:\Program Files\Soda PDF Desktop\creator-ws.exe" [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [23240 2016-02-26] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [309272 2017-03-18] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [189768 2017-03-18] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334600 2017-03-18] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [48528 2017-03-18] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-03-18] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32088 2017-03-18] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [126600 2017-03-18] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [100640 2017-03-18] (AVAST Software)
S0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [75704 2017-03-18] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [993608 2017-03-18] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [548928 2017-03-18] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [162528 2017-03-18] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [337592 2017-03-18] (AVAST Software)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102400 2016-02-26] (Advanced Micro Devices)
S3 HTCAND64; C:\WINDOWS\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [Datei ist nicht signiert]
S3 HtcVCom32; C:\WINDOWS\system32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated) [Datei ist nicht signiert]
R3 MTsensor; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
S3 RtlWlanu_OldIC; C:\WINDOWS\System32\drivers\rtwlanu_oldIC.sys [3814400 2016-07-16] (Realtek Semiconductor Corporation )
S3 rzdaendpt; C:\WINDOWS\System32\drivers\rzdaendpt.sys [33448 2014-09-05] (Razer Inc)
S3 rzvkeyboard; C:\WINDOWS\System32\drivers\rzvkeyboard.sys [31912 2014-09-05] (Razer Inc)
S3 SaiK0728; C:\WINDOWS\system32\DRIVERS\SaiK0728.sys [129024 2008-01-21] (Saitek)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [205968 2016-12-14] (Sandboxie Holdings, LLC)
S3 Trufos; C:\WINDOWS\System32\DRIVERS\Trufos.sys [442848 2017-02-08] (BitDefender S.R.L.)
R1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [131144 2017-01-16] (Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [205440 2017-01-16] (Oracle Corporation)
R0 vsock; C:\WINDOWS\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U3 DfSdkS; kein ImagePath
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-03-19 01:43 - 2017-03-19 01:43 - 00000000 ____D C:\FRST
2017-03-19 01:12 - 2017-03-19 01:12 - 00000000 ____D C:\Users\Sergio\AppData\Roaming\adaware
2017-03-19 01:12 - 2017-03-19 01:12 - 00000000 ____D C:\Users\Sergio\AppData\Local\AdAwareDesktop
2017-03-19 01:11 - 2017-03-19 01:11 - 00002416 _____ C:\Users\Public\Desktop\adaware antivirus.lnk
2017-03-19 01:11 - 2017-03-19 01:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\adaware
2017-03-19 01:11 - 2017-03-19 01:11 - 00000000 ____D C:\Program Files\adaware
2017-03-19 01:10 - 2017-03-19 01:10 - 00000000 ____D C:\Users\Sergio\AppData\Local\AdAwareUpdater
2017-03-19 01:10 - 2017-03-19 01:10 - 00000000 ____D C:\Program Files\Common Files\adaware
2017-03-19 01:09 - 2017-03-19 01:09 - 00000000 ____D C:\ProgramData\adaware
2017-03-19 01:07 - 2017-03-19 01:32 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-03-19 01:07 - 2017-03-19 01:07 - 00001464 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-03-19 01:07 - 2017-03-19 01:07 - 00001452 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-03-19 01:07 - 2017-03-19 01:07 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-03-19 01:07 - 2017-03-19 01:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-03-19 01:07 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2017-03-19 01:05 - 2017-03-19 01:06 - 00001748 _____ C:\WINDOWS\Sandboxie.ini
2017-03-19 01:05 - 2017-03-19 01:04 - 00000955 _____ C:\Users\Sergio\Desktop\Sandboxed Web Browser.lnk
2017-03-19 01:04 - 2017-03-19 01:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2017-03-19 01:04 - 2017-03-19 01:04 - 00000000 ____D C:\Program Files\Sandboxie
2017-03-19 01:02 - 2017-03-19 01:02 - 00000000 ___HD C:\$SysReset
2017-03-19 01:02 - 2017-03-19 01:02 - 00000000 ____D C:\WINDOWS\Panther
2017-03-19 00:06 - 2017-03-19 00:06 - 00217088 _____ C:\Users\postgres\NTUSER.rhk
2017-03-19 00:03 - 2017-03-19 00:03 - 00015836 _____ C:\Users\Sergio\Documents\cc_20170319_000336.reg
2017-03-18 23:51 - 2017-03-18 23:51 - 00001822 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-03-18 23:51 - 2017-03-18 23:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-03-18 23:50 - 2017-03-18 23:51 - 00000000 ____D C:\Program Files\iTunes
2017-03-18 23:50 - 2017-03-18 23:50 - 00000000 ____D C:\Program Files\iPod
2017-03-18 23:49 - 2017-03-18 23:49 - 00000000 ____D C:\Program Files\Bonjour
2017-03-18 23:49 - 2017-03-18 23:49 - 00000000 ____D C:\Program Files (x86)\Bonjour
2017-03-18 23:43 - 2017-03-18 23:43 - 00004034 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1489876984
2017-03-18 23:43 - 2017-03-18 23:43 - 00001088 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2017-03-18 23:43 - 2017-03-18 23:43 - 00001088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-03-18 23:42 - 2017-03-18 23:42 - 00032088 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-03-18 23:42 - 2017-03-18 23:42 - 00000000 ____D C:\Users\Sergio\AppData\Roaming\AVAST Software
2017-03-18 23:41 - 2017-03-18 23:41 - 00548928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2017-03-18 23:41 - 2017-03-18 23:41 - 00547904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys.148987690906204
2017-03-18 23:41 - 2017-03-18 23:41 - 00398408 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-03-18 23:41 - 2017-03-18 23:41 - 00337592 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys.148987691079606
2017-03-18 23:41 - 2017-03-18 23:41 - 00337592 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys
2017-03-18 23:41 - 2017-03-18 23:41 - 00162528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-03-18 23:41 - 2017-03-18 23:41 - 00126600 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-03-18 23:41 - 2017-03-18 23:41 - 00100640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-03-18 23:41 - 2017-03-18 23:41 - 00075704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-03-18 23:41 - 2017-03-18 23:41 - 00038296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-03-18 23:41 - 2017-03-18 23:41 - 00003994 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-03-18 23:41 - 2017-03-18 23:41 - 00001979 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2017-03-18 23:41 - 2017-03-18 23:41 - 00001967 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-03-18 23:41 - 2017-03-18 23:41 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2017-03-18 23:41 - 2017-03-18 23:41 - 00000000 ____D C:\Program Files\Common Files\AV
2017-03-18 23:41 - 2017-03-18 23:40 - 00993608 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-03-18 23:41 - 2017-03-18 23:40 - 00334600 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-03-18 23:41 - 2017-03-18 23:40 - 00309272 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-03-18 23:41 - 2017-03-18 23:40 - 00189768 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-03-18 23:41 - 2017-03-18 23:40 - 00048528 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-03-18 23:40 - 2017-03-18 23:42 - 00000000 ____D C:\Program Files\AVAST Software
2017-03-18 23:39 - 2017-03-18 23:56 - 00000000 ____D C:\ProgramData\AVAST Software
2017-03-18 23:01 - 2017-03-19 00:06 - 04333568 _____ C:\Users\Sergio\NTUSER.rhk
2017-03-18 23:01 - 2017-03-18 23:01 - 00004058 _____ C:\WINDOWS\System32\Tasks\Wise Registry Cleaner Schedule Task
2017-03-18 22:57 - 2017-03-18 22:57 - 00763016 _____ C:\Users\Sergio\Documents\cc_20170318_225706.reg
2017-03-18 22:55 - 2017-03-18 22:55 - 00001329 _____ C:\Users\Public\Desktop\Ashampoo WinOptimizer 2017.lnk
2017-03-18 22:55 - 2017-03-18 22:55 - 00000237 _____ C:\Users\Public\Desktop\Ashampoo Deals.url
2017-03-18 22:55 - 2017-03-18 22:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2017-03-18 22:55 - 2017-03-18 22:55 - 00000000 ____D C:\ProgramData\Ashampoo
2017-03-18 22:55 - 2017-03-18 22:55 - 00000000 ____D C:\Program Files (x86)\Ashampoo
2017-03-18 22:55 - 2009-08-24 21:13 - 00034304 _____ (mst software GmbH, Germany) C:\WINDOWS\system32\DfSdkBt.exe
2017-03-18 22:53 - 2017-03-18 23:01 - 00000000 ____D C:\Users\Sergio\AppData\Roaming\Wise Registry Cleaner
2017-03-18 22:53 - 2017-03-18 23:01 - 00000000 ____D C:\Users\Sergio\AppData\Roaming\Wise Euask
2017-03-18 22:53 - 2017-03-18 22:53 - 00001304 _____ C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
2017-03-18 22:53 - 2017-03-18 22:53 - 00000000 ____D C:\WINDOWS\System32\Tasks\WiseCleaner
2017-03-18 22:53 - 2017-03-18 22:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2017-03-18 22:53 - 2017-03-18 22:53 - 00000000 ____D C:\Program Files (x86)\Wise
2017-03-18 22:53 - 2017-03-18 22:53 - 00000000 ____D C:\Program Files (x86)\Chip Digital GmbH
2017-03-18 22:48 - 2017-03-18 22:48 - 00002862 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-03-18 22:48 - 2017-03-18 22:48 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-03-18 22:48 - 2017-03-18 22:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-03-18 22:48 - 2017-03-18 22:48 - 00000000 ____D C:\Program Files\CCleaner
2017-03-18 22:25 - 2016-06-05 07:42 - 00000000 ____D C:\Users\Sergio\Desktop\Python 3 - Intensivkurs Projekte erfolgreich realisieren By Mark Pilgrim
2017-03-18 21:48 - 2016-09-01 12:09 - 00000000 ____D C:\Users\Sergio\Desktop\Yael Adler - Haut nah. Alles über unser größtes Organ inkl. pdf
2017-03-18 21:47 - 2016-10-17 16:46 - 00000000 ____D C:\Users\Sergio\Desktop\Nadja Hermann - Fettlogik überwinden
2017-03-18 01:04 - 2017-03-17 21:06 - 00000000 ____D C:\Users\Sergio\Desktop\Gunter Dueck - Flachsinn_ Ich habe Hirn, ich will hier raus
2017-03-16 21:27 - 2016-11-24 02:24 - 00000000 ____D C:\Users\Sergio\Desktop\Haiyti - Nightliner (2016)
2017-03-13 20:44 - 2017-03-13 20:44 - 14966655 _____ C:\Users\Sergio\Desktop\3662536676.psychologie.der.maerchen.2017.by.www.lul.to.pdf
2017-03-12 12:29 - 2017-03-12 12:26 - 00074345 ____N C:\Users\Sergio\Desktop\11057856.pdf
2017-03-11 11:55 - 2017-03-11 11:55 - 00000000 ____D C:\Users\Sergio\AppData\Local\TeamSpeak 3
2017-03-11 11:55 - 2017-03-11 11:55 - 00000000 ____D C:\Users\Sergio\.TeamSpeak 3
2017-03-10 22:56 - 2017-03-10 22:56 - 00000000 ____D C:\Users\Sergio\PycharmProjects
2017-03-10 22:55 - 2017-03-10 22:55 - 00001078 _____ C:\Users\Sergio\Desktop\JetBrains PyCharm Community Edition 2016.3.2.lnk
2017-03-10 22:55 - 2017-03-10 22:55 - 00000000 ____D C:\Users\Sergio\AppData\Roaming\JetBrains
2017-03-10 22:55 - 2017-03-10 22:55 - 00000000 ____D C:\Users\Sergio\.PyCharmCE2016.3
2017-03-10 22:54 - 2017-03-10 22:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetBrains
2017-03-10 22:54 - 2017-03-10 22:54 - 00000000 ____D C:\Program Files (x86)\JetBrains
2017-03-09 16:03 - 2017-03-09 16:03 - 00002713 _____ C:\Users\Sergio\Desktop\IDLE (Python 3.6 64-bit).lnk
2017-03-09 16:03 - 2017-03-09 16:03 - 00001520 _____ C:\Users\Sergio\Desktop\Python 3.6 (64-bit).lnk
2017-03-09 15:59 - 2017-03-09 15:59 - 00000000 ____D C:\Users\Sergio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.6
2017-03-09 15:59 - 2017-03-09 15:59 - 00000000 ____D C:\Users\Sergio\AppData\Local\Package Cache
2017-03-08 16:00 - 2017-03-08 16:00 - 06744873 ____R C:\Users\Sergio\Desktop\3658108576.ich.glaube.es.hackt.2016.4.auflage.by.www.lul.to.pdf
2017-03-06 19:08 - 2017-03-06 19:08 - 00004296 _____ C:\WINDOWS\System32\Tasks\AMD Updater
2017-03-06 19:07 - 2017-03-06 19:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings
2017-03-06 18:50 - 2017-03-06 18:50 - 00000000 ____D C:\Users\Sergio\.QtWebEngineProcess
2017-03-06 18:50 - 2017-03-06 18:50 - 00000000 ____D C:\Users\Sergio\.Plays.tv
2017-03-05 18:37 - 2017-01-01 17:08 - 00000000 ____D C:\Users\Sergio\Desktop\Tory Lanez - Chixtape 4 (DatPiff.com)
2017-03-05 18:27 - 2017-03-05 18:27 - 00000000 ____D C:\ProgramData\GeoComply
2017-03-04 21:04 - 2017-03-04 21:06 - 00000000 ____D C:\Users\Sergio\VirtualBox VMs
2017-03-04 20:55 - 2017-03-05 14:02 - 00000000 ____D C:\Users\Sergio\.VirtualBox
2017-03-04 20:55 - 2017-03-04 20:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2017-03-04 20:55 - 2017-03-04 20:55 - 00000000 ____D C:\Program Files\Oracle
2017-03-04 20:55 - 2017-01-16 17:38 - 00959720 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxDrv.sys
2017-03-04 20:55 - 2017-01-16 17:38 - 00149304 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys
2017-03-01 23:49 - 2017-03-17 23:57 - 00001024 _____ C:\.rnd
2017-03-01 23:49 - 2017-03-01 23:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tenable Network Security
2017-03-01 23:48 - 2017-03-01 23:48 - 00000000 ____D C:\ProgramData\Tenable
2017-03-01 23:48 - 2017-03-01 23:48 - 00000000 ____D C:\Program Files\Tenable
2017-02-28 21:46 - 2017-03-05 11:48 - 00000000 ____D C:\Users\Sergio\Desktop\Ethic Hacking
2017-02-28 21:33 - 2017-02-28 21:33 - 00000000 ____D C:\Users\Sergio\AppData\Roaming\.maltego
2017-02-28 21:33 - 2017-02-28 21:33 - 00000000 ____D C:\ProgramData\Paterva
2017-02-28 21:33 - 2017-02-28 21:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paterva
2017-02-28 21:32 - 2017-02-28 21:32 - 00000000 ____D C:\Users\Sergio\AppData\Roaming\Sun
2017-02-28 21:32 - 2017-02-28 21:32 - 00000000 ____D C:\Program Files (x86)\Paterva
2017-02-28 21:31 - 2017-03-18 23:51 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2017-02-28 21:31 - 2017-03-18 23:51 - 00000000 ____D C:\Program Files\Java
2017-02-27 22:16 - 2015-06-24 14:30 - 00064728 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmx86.sys
2017-02-27 22:16 - 2013-10-08 18:21 - 00073296 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vsock.sys
2017-02-27 22:16 - 2013-10-08 18:21 - 00067664 _____ (VMware, Inc.) C:\WINDOWS\system32\vsocklib.dll
2017-02-27 22:16 - 2013-10-08 18:21 - 00063568 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vsocklib.dll
2017-02-27 22:15 - 2015-06-24 14:30 - 00437976 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vmnat.exe
2017-02-27 22:15 - 2015-06-24 14:30 - 00359128 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vmnetdhcp.exe
2017-02-27 22:15 - 2015-06-24 14:27 - 00031448 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmnetuserif.sys
2017-02-27 22:14 - 2017-02-27 22:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2017-02-27 22:14 - 2017-02-27 22:14 - 00000000 ____D C:\Program Files\Common Files\VMware
2017-02-27 22:14 - 2017-02-27 22:14 - 00000000 ____D C:\Program Files (x86)\VMware
2017-02-27 22:14 - 2015-06-24 14:27 - 00931032 _____ (VMware, Inc.) C:\WINDOWS\system32\vnetlib64.dll
2017-02-27 22:14 - 2014-08-21 08:07 - 00054976 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\hcmon.sys
2017-02-27 22:14 - 2014-08-21 08:06 - 00058048 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmusb.sys
2017-02-27 22:11 - 2017-02-27 22:42 - 00000000 ____D C:\Users\Sergio\Documents\Virtual Machines
2017-02-27 19:48 - 2017-02-27 19:48 - 00000000 ____D C:\Users\Sergio\.idlerc
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-03-19 00:55 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-03-19 00:48 - 2015-06-02 19:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-19 00:37 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-19 00:07 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-03-19 00:06 - 2016-09-29 20:05 - 00000000 ____D C:\Users\Sergio
2017-03-19 00:06 - 2016-09-29 20:05 - 00000000 ____D C:\Users\postgres
2017-03-18 23:52 - 2016-09-29 20:14 - 00004440 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-03-18 23:52 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-03-18 23:52 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-03-18 23:52 - 2014-10-27 17:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-03-18 23:52 - 2014-10-26 12:23 - 00000000 ____D C:\Users\Sergio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-03-18 23:52 - 2014-10-26 12:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-03-18 23:52 - 2014-10-26 12:23 - 00000000 ____D C:\Program Files\WinRAR
2017-03-18 23:51 - 2014-10-26 12:41 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2017-03-18 23:50 - 2015-05-06 18:27 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-03-18 23:49 - 2014-10-26 00:07 - 00001151 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-03-18 23:44 - 2016-07-16 07:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-03-18 23:02 - 2015-03-10 17:03 - 00000000 ____D C:\Users\Sergio\AppData\LocalLow\Temp
2017-03-18 22:59 - 2014-10-26 12:50 - 00000000 ____D C:\Users\Sergio\AppData\Local\JDownloader v2.0
2017-03-18 22:55 - 2016-09-23 20:37 - 00000000 ____D C:\Users\Sergio\AppData\Roaming\TS3Client
2017-03-18 22:55 - 2014-11-05 17:58 - 00000000 ____D C:\Program Files (x86)\Steam
2017-03-18 22:50 - 2014-10-26 10:16 - 00000000 ____D C:\Users\Sergio\AppData\Local\Razer
2017-03-18 22:50 - 2014-10-26 00:15 - 00000000 ____D C:\ProgramData\Razer
2017-03-18 22:50 - 2014-10-26 00:15 - 00000000 ____D C:\Program Files (x86)\Razer
2017-03-18 22:34 - 2016-09-29 20:02 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-18 21:23 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-03-18 00:59 - 2014-10-27 09:42 - 00000000 ____D C:\Users\Sergio\AppData\Roaming\vlc
2017-03-18 00:21 - 2014-10-29 14:39 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-03-18 00:19 - 2015-04-16 15:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-03-18 00:19 - 2014-10-29 14:39 - 138634176 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-03-18 00:18 - 2015-04-16 15:08 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-03-18 00:18 - 2015-04-16 15:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-03-18 00:18 - 2014-10-26 12:31 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-03-18 00:15 - 2016-11-05 15:37 - 00000000 ____D C:\Users\Sergio\AppData\Local\ElevatedDiagnostics
2017-03-18 00:14 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-18 00:00 - 2016-07-16 23:51 - 01032822 _____ C:\WINDOWS\system32\perfh007.dat
2017-03-18 00:00 - 2016-07-16 23:51 - 00243530 _____ C:\WINDOWS\system32\perfc007.dat
2017-03-18 00:00 - 2015-08-09 20:57 - 02469750 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-17 23:52 - 2014-10-27 17:10 - 00000000 ____D C:\ProgramData\VMware
2017-03-17 23:51 - 2016-09-29 20:14 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-16 22:25 - 2016-07-16 07:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-03-16 21:23 - 2013-08-22 14:25 - 00000167 _____ C:\WINDOWS\win.ini
2017-03-14 19:22 - 2014-12-23 17:29 - 00000000 ____D C:\Users\Sergio\AppData\Local\Spotify
2017-03-13 20:27 - 2014-10-27 17:14 - 00000000 ____D C:\Users\Sergio\AppData\Local\VMware
2017-03-13 19:32 - 2014-12-23 17:28 - 00000000 ____D C:\Users\Sergio\AppData\Roaming\Spotify
2017-03-13 19:07 - 2014-10-27 17:14 - 00000000 ____D C:\Users\Sergio\AppData\Roaming\VMware
2017-03-11 14:19 - 2016-10-23 19:11 - 00000000 ____D C:\Users\Sergio\Documents\Soda PDF Files
2017-03-11 14:19 - 2016-10-23 19:11 - 00000000 ____D C:\Users\Sergio\AppData\Roaming\Soda PDF Desktop
2017-03-11 12:13 - 2014-12-13 14:35 - 00000000 ____D C:\Users\Sergio\AppData\Local\PokerStars.EU
2017-03-11 12:12 - 2014-12-13 14:34 - 00000000 ____D C:\Program Files (x86)\PokerStars.EU
2017-03-11 11:55 - 2016-09-23 20:37 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2017-03-10 06:17 - 2016-07-16 12:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-03-10 06:17 - 2016-07-16 12:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-06 19:07 - 2016-09-29 20:03 - 00000000 ____D C:\Program Files\AMD
2017-03-06 19:07 - 2015-05-19 18:55 - 00000000 ____D C:\Program Files (x86)\AMD
2017-03-06 19:07 - 2014-10-26 00:19 - 00000000 ____D C:\Users\Sergio\AppData\Local\AMD
2017-03-06 19:04 - 2014-10-26 00:14 - 00000000 ____D C:\AMD
2017-03-06 18:50 - 2016-09-29 20:03 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-06 18:48 - 2016-09-29 20:03 - 00000000 ____D C:\ProgramData\AMD
2017-03-04 23:55 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-28 21:32 - 2016-02-14 18:43 - 00000000 ____D C:\Users\Sergio\.oracle_jre_usage
2017-02-27 22:14 - 2014-10-27 17:10 - 02053002 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2017-02-25 11:31 - 2014-10-25 23:53 - 00000000 ____D C:\Users\Sergio\AppData\Local\Packages
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2015-07-20 16:32 - 2015-07-20 16:32 - 0923401 _____ () C:\Program Files (x86)\WinDlg_124.zip
2015-07-12 10:02 - 2015-07-12 10:02 - 0000000 ___SH () C:\Users\Sergio\AppData\Local\LumaEmu
2016-07-03 18:51 - 2016-07-03 18:51 - 0000733 _____ () C:\Users\Sergio\AppData\Local\recently-used.xbel
2016-09-29 20:03 - 2016-09-29 20:03 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-07-06 20:11 - 2015-07-06 20:11 - 0005036 _____ () C:\ProgramData\flwjycbm.bab
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-03-18 21:07
==================== Ende von FRST.txt ============================
|
| Themen zu Email Anhang(Zip-Datei) geöffnet |
| ad-aware, antivirus, avast, converter, defender, desktop, email, exe, firefox, flash player, hijack, hijackthis, homepage, internet, internet explorer, logfile, phishing, registry, safer networking, scan, security, services.exe, software, svchost.exe, tcp, udp, virtualbox, windowsapps |
Baum-Darstellung