|
Plagegeister aller Art und deren Bekämpfung: Windows 10: USB-Stick Ordner als VerknüpfungenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
07.04.2017, 17:15 | #1 |
| Windows 10: USB-Stick Ordner als Verknüpfungen Hallo liebes Trojaner-Board-Team, ich habe einen USB-Stick im Copyshop angesteckt, dort wurde er vermutlich mit Malware infiziert. Seitdem werden nämlich alle Ordner, die sich darauf befinden, als Verknüpfungen angezeigt. Ich hatte das gleiche Problem bereits 2014, schrauber hat mir damals geholfen und meinen Rechner und die Sticks befreit, hier der Thread: http://www.trojaner-board.de/152440-...angezeigt.html Allerdings ist das jetzt schon 3 Jahre her, ich habe einen anderen Laptop und Windows 10, deshalb bin ich mir nicht sicher, ob die Anleitung noch gültig ist. Könnt ihr mir bitte weiterhelfen? Vielen lieben Dank und liebe Grüße Simon Entschuldigt bitte, ich habe die FRST Logfiles vergessen. Hier sind sie: FRST Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017 durchgeführt von ***** (Administrator) auf NP730U3E-X04DE (07-04-2017 18:08:00) Gestartet von C:\Users\*****\Downloads Geladene Profile: ***** & (Verfügbare Profile: *****) Platform: Windows 10 Home Version 1511 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (AMD) C:\Windows\System32\atiesrxx.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Pulse Secure, LLC) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe (Pulse Secure, LLC) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe (Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Flux Software LLC) C:\Users\*****\AppData\Local\FluxSoftware\Flux\flux.exe (Spotify Ltd) C:\Users\*****\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Pulse Secure, LLC) C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\S Agent\CommonAgent.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1703.601.0_x64__8wekyb3d8bbwe\Calculator.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\Evernote.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe (Dropbox, Inc.) C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Microsoft Corporation) C:\Windows\System32\wscript.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe ==================== Registry (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242200 2016-11-11] (ELAN Microelectronics Corp.) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040296 2015-08-28] (Realtek Semiconductor) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310640 2013-03-07] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [909744 2017-03-22] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2017-01-13] (Apple Inc.) HKLM-x32\...\Run: [CheckNDISPortF0acA7] => C:\Program Files (x86)\Hostless Modem\o2 Surfstick\CheckNDISPort_df.exe [419072 2013-05-10] () HKLM-x32\...\Run: [CancelAutoPlay_df] => C:\Program Files (x86)\Hostless Modem\o2 Surfstick\CancelAutoPlay_df.exe [446720 2013-05-10] () HKLM-x32\...\Run: [DSL Soforthilfe] => C:\Program Files (x86)\DSL Soforthilfe\DSL_Soforthilfe.exe [20585888 2013-11-21] () HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [63432 2017-03-09] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [210432 2016-07-05] (Geek Software GmbH) HKLM-x32\...\Run: [PulseSecure] => C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe [2826584 2015-07-28] (Pulse Secure, LLC) HKU\S-1-5-21-680370811-642922712-648177064-1005\...\Run: [Amazon Music] => C:\Users\*****\AppData\Local\Amazon Music\Amazon Music Helper.exe [3464680 2016-11-16] () HKU\S-1-5-21-680370811-642922712-648177064-1005\...\Run: [Dropbox Update] => C:\Users\*****\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.) HKU\S-1-5-21-680370811-642922712-648177064-1005\...\Run: [Google Update] => C:\Users\*****\AppData\Local\Google\Update\1.3.32.8\GoogleUpdateCore.exe [601752 2017-04-07] (Google Inc.) HKU\S-1-5-21-680370811-642922712-648177064-1005\...\Run: [f.lux] => C:\Users\*****\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC) HKU\S-1-5-21-680370811-642922712-648177064-1005\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29494400 2016-07-13] (Skype Technologies S.A.) HKU\S-1-5-21-680370811-642922712-648177064-1005\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-19] (Valve Corporation) HKU\S-1-5-21-680370811-642922712-648177064-1005\...\Run: [Spotify Web Helper] => C:\Users\*****\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-04-03] (Spotify Ltd) HKU\S-1-5-21-680370811-642922712-648177064-1005\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd) HKU\S-1-5-21-680370811-642922712-648177064-1005\...\Run: [SysinfY2X] => C:\WINDOWS\system32\cmd.exe /c start wscript /e:VBScript.Encode %temp%\SysinfY2X.db HKU\S-1-5-21-680370811-642922712-648177064-1005\...\MountPoints2: {5ee60eeb-ec88-11e5-bf55-b4b676c88fd8} - "D:\AutoRun.exe" HKU\S-1-5-21-680370811-642922712-648177064-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Amazon Music] => C:\Users\*****\AppData\Local\Amazon Music\Amazon Music Helper.exe [3464680 2016-11-16] () HKU\S-1-5-21-680370811-642922712-648177064-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Dropbox Update] => C:\Users\*****\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.) HKU\S-1-5-21-680370811-642922712-648177064-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\*****\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe HKU\S-1-5-21-680370811-642922712-648177064-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [f.lux] => C:\Users\*****\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC) HKU\S-1-5-21-680370811-642922712-648177064-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29494400 2016-07-13] (Skype Technologies S.A.) HKU\S-1-5-21-680370811-642922712-648177064-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-19] (Valve Corporation) HKU\S-1-5-21-680370811-642922712-648177064-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\*****\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-04-03] (Spotify Ltd) HKU\S-1-5-21-680370811-642922712-648177064-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd) HKU\S-1-5-21-680370811-642922712-648177064-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SysinfY2X] => C:\WINDOWS\system32\cmd.exe /c start wscript /e:VBScript.Encode %temp%\SysinfY2X.db HKU\S-1-5-21-680370811-642922712-648177064-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {5ee60eeb-ec88-11e5-bf55-b4b676c88fd8} - "D:\AutoRun.exe" HKU\S-1-5-21-680370811-642922712-648177064-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Amazon Music] => C:\Users\*****\AppData\Local\Amazon Music\Amazon Music Helper.exe [3464680 2016-11-16] () HKU\S-1-5-21-680370811-642922712-648177064-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Dropbox Update] => C:\Users\*****\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.) HKU\S-1-5-21-680370811-642922712-648177064-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Google Update] => C:\Users\*****\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe HKU\S-1-5-21-680370811-642922712-648177064-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [f.lux] => C:\Users\*****\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC) HKU\S-1-5-21-680370811-642922712-648177064-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29494400 2016-07-13] (Skype Technologies S.A.) HKU\S-1-5-21-680370811-642922712-648177064-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-19] (Valve Corporation) HKU\S-1-5-21-680370811-642922712-648177064-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Spotify Web Helper] => C:\Users\*****\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-04-03] (Spotify Ltd) HKU\S-1-5-21-680370811-642922712-648177064-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd) HKU\S-1-5-21-680370811-642922712-648177064-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [SysinfY2X] => C:\WINDOWS\system32\cmd.exe /c start wscript /e:VBScript.Encode %temp%\SysinfY2X.db HKU\S-1-5-21-680370811-642922712-648177064-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {5ee60eeb-ec88-11e5-bf55-b4b676c88fd8} - "D:\AutoRun.exe" ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.) Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2014-11-09] ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) GroupPolicy: Beschränkung <======= ACHTUNG ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{739bafad-f725-464b-b239-cfcc34ab7a50}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{b47d9a86-7cdb-48fe-955f-fae754c6dd05}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-680370811-642922712-648177064-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung13.msn.com HKU\S-1-5-21-680370811-642922712-648177064-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com HKU\S-1-5-21-680370811-642922712-648177064-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung13.msn.com HKU\S-1-5-21-680370811-642922712-648177064-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com HKU\S-1-5-21-680370811-642922712-648177064-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung13.msn.com HKU\S-1-5-21-680370811-642922712-648177064-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-19] (Oracle Corporation) BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2017-03-20] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-19] (Oracle Corporation) DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab FireFox: ======== FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zy2zji0a.default [2017-04-07] FF Homepage: Mozilla\Firefox\Profiles\zy2zji0a.default -> hxxps://www.maschinenring.de/wetter.html#/mrWetter=ewogICJsb2NhdGlvbiI6ICI1MDY3NCBLw7ZsbiAoREUpIgp9/ FF Session Restore: Mozilla\Firefox\Profiles\zy2zji0a.default -> ist aktiviert. FF Extension: (OneTab) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zy2zji0a.default\Extensions\extension@one-tab.com.xpi [2017-01-24] FF Extension: (ZenMate Security, Privacy & Unblock VPN) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zy2zji0a.default\Extensions\firefox@zenmate.com.xpi [2016-09-29] FF Extension: (HTTPS Everywhere) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zy2zji0a.default\Extensions\https-everywhere-eff@eff.org.xpi [2017-04-07] FF Extension: (Pocket) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zy2zji0a.default\Extensions\isreaditlater@ideashower.com [2015-06-02] FF Extension: (Privacy Badger) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zy2zji0a.default\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2017-03-29] FF Extension: (Google Analytics Opt-out Add-on (by Google)) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zy2zji0a.default\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2017-03-31] FF Extension: (WOT) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zy2zji0a.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-11] FF Extension: (Video DownloadHelper) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zy2zji0a.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-12-31] FF Extension: (SoundCloud Downloader - Technowise) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zy2zji0a.default\Extensions\{c8d3bc80-0810-4d21-a2c2-be5f2b2832ac}.xpi [2016-06-23] FF Extension: (Adblock Plus) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zy2zji0a.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24] FF Extension: (DownThemAll!) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zy2zji0a.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-11-04] FF Extension: (Disable Prefetch) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zy2zji0a.default\features\{15417ee8-7328-4a2d-9322-3acee87b9d52}\disable-prefetch@mozilla.org.xpi [2017-04-04] FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zy2zji0a.default\searchplugins\dudende-suche.xml [2014-09-22] FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zy2zji0a.default\searchplugins\youtube.xml [2014-10-25] FF Extension: (Site Deployment Checker) - C:\Program Files (x86)\Mozilla Firefox\browser\features\deployment-checker@mozilla.org.xpi [2017-03-29] [ist nicht signiert] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-14] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-14] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-19] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-19] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.8\npGoogleUpdate3.dll [2017-04-07] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.8\npGoogleUpdate3.dll [2017-04-07] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-680370811-642922712-648177064-1005: @tools.google.com/Google Update;version=3 -> C:\Users\*****\AppData\Local\Google\Update\1.3.32.8\npGoogleUpdate3.dll [2017-04-07] (Google Inc.) FF Plugin HKU\S-1-5-21-680370811-642922712-648177064-1005: @tools.google.com/Google Update;version=9 -> C:\Users\*****\AppData\Local\Google\Update\1.3.32.8\npGoogleUpdate3.dll [2017-04-07] (Google Inc.) FF Plugin HKU\S-1-5-21-680370811-642922712-648177064-1005: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\*****\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-28] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-680370811-642922712-648177064-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\*****\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [Keine Datei] FF Plugin HKU\S-1-5-21-680370811-642922712-648177064-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\*****\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [Keine Datei] FF Plugin HKU\S-1-5-21-680370811-642922712-648177064-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\*****\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-28] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-680370811-642922712-648177064-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1: @tools.google.com/Google Update;version=3 -> C:\Users\*****\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [Keine Datei] FF Plugin HKU\S-1-5-21-680370811-642922712-648177064-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1: @tools.google.com/Google Update;version=9 -> C:\Users\*****\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [Keine Datei] FF Plugin HKU\S-1-5-21-680370811-642922712-648177064-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\*****\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-28] (Unity Technologies ApS) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default [2017-04-07] CHR Extension: (Google Slides) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-13] CHR Extension: (Google Docs) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-13] CHR Extension: (Google Drive) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-14] CHR Extension: (YouTube) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-22] CHR Extension: (Google Cast) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-03-29] CHR Extension: (Adblock Plus) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-29] CHR Extension: (Google Search) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-14] CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2017-03-18] CHR Extension: (Google Sheets) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-13] CHR Extension: (Avira Browser Safety) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-09-29] CHR Extension: (Google Docs Offline) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-29] CHR Extension: (FirstDraftNewsCheck) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\japockpeaaanknlkhagilkgcledilbfk [2017-02-21] CHR Extension: (RevEye Reverse Image Search) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\keaaclcjhehbbapnphnmpiklalfhelgf [2016-04-21] CHR Extension: (Chrome Web Store Payments) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-11] CHR Extension: (Gmail) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-13] CHR Extension: (Chrome Media Router) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-08] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [1115552 2017-03-22] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [487432 2017-03-22] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [487432 2017-03-22] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1519136 2017-03-22] (Avira Operations GmbH & Co. KG) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.) R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [349560 2017-03-09] (Avira Operations GmbH & Co. KG) R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593664 2015-06-19] (Samsung Electronics CO., LTD.) R2 ETDService; C:\Program Files\Elantech\ETDService.exe [129752 2016-11-11] (ELAN Microelectronics Corp.) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation) R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [330136 2015-11-08] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation) R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-07-06] (Intel Corporation) R2 JuniperAccessService; C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe [162136 2015-07-28] (Pulse Secure, LLC) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1136608 2016-03-10] (Malwarebytes) S2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3289448 2016-05-11] (Samsung Electronics Co., Ltd.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-10-25] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ====================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [36096 2013-05-21] (Advanced Micro Devices, Inc.) R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [161824 2017-03-03] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [163976 2017-03-03] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2017-03-03] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2017-03-03] (Avira Operations GmbH & Co. KG) R3 ETDSMBus; C:\WINDOWS\system32\DRIVERS\ETDSMBus.sys [41024 2015-09-23] (ELAN Microelectronic Corp.) R1 jnprns; C:\WINDOWS\system32\DRIVERS\jnprns.sys [507192 2015-07-28] (Juniper Networks) S4 jnprTdi_814_60331; C:\WINDOWS\system32\Drivers\jnprTdi_814_60331.sys [108344 2015-07-28] (Pulse Secure, LLC) S3 jnprva; C:\WINDOWS\System32\drivers\jnprva.sys [30072 2015-07-28] (Juniper Networks, Inc.) R3 JnprVaMgr; C:\WINDOWS\System32\drivers\jnprvamgr.sys [45352 2015-07-28] (Juniper Networks, Inc.) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2017-04-07] (Malwarebytes) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation) R3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew01.sys [3343872 2015-10-30] (Intel Corporation) S3 NvnUsbAudio; C:\WINDOWS\system32\DRIVERS\nvnusbaudio.sys [53552 2013-04-30] (Novation DMS Ltd.) R0 PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation) S3 qcusbser; C:\WINDOWS\system32\DRIVERS\qcusbser.sys [252448 2015-09-25] (QUALCOMM Incorporated) R3 RadioHIDMini; C:\WINDOWS\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2015-06-23] (Realtek ) R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [435200 2016-09-03] (Realsil Semiconductor Corporation) R3 SensorsAlsDriver; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [216064 2015-10-30] (Microsoft Corporation) S3 taphss6; C:\WINDOWS\system32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.) R3 usb3Hub; C:\WINDOWS\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) R3 XHCIPort; C:\WINDOWS\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider) ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2017-04-07 18:08 - 2017-04-07 18:08 - 00034720 _____ C:\Users\*****\Downloads\FRST.txt 2017-04-07 17:59 - 2017-04-07 18:08 - 00000000 ____D C:\FRST 2017-04-07 17:58 - 2017-04-07 17:58 - 02424832 _____ (Farbar) C:\Users\*****\Downloads\FRST64.exe 2017-04-06 20:10 - 2017-04-07 17:22 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-04-06 20:09 - 2017-04-06 20:09 - 00001167 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2017-04-06 20:09 - 2017-04-06 20:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2017-04-06 20:09 - 2017-04-06 20:09 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-04-06 20:09 - 2017-04-06 20:09 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2017-04-06 20:09 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2017-04-06 20:09 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2017-04-06 20:09 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2017-04-06 20:08 - 2017-04-06 20:09 - 22851472 _____ (Malwarebytes ) C:\Users\*****\Downloads\mbam-setup-2.2.1.1043.exe 2017-04-03 09:07 - 2017-04-03 09:08 - 143465616 _____ C:\Users\*****\Downloads\Palmbomen II - Memories of Cindy Pt. 1.mp4 2017-04-01 13:44 - 2017-04-01 13:44 - 06541981 _____ C:\Users\*****\Downloads\Rebound by ELI ESCOBAR Song Free Music, Listen Now on Myspac.m4a 2017-04-01 13:10 - 2017-04-01 13:11 - 12726560 _____ C:\Users\*****\Downloads\Degrees of Freedom - August is an Angel.mp4 2017-04-01 13:04 - 2017-04-01 13:04 - 24543902 _____ C:\Users\*****\Downloads\August Is An Angel - Degrees of Freedom - Montreal 1985.mp4 2017-03-31 16:45 - 2017-03-31 16:47 - 81146658 _____ C:\Users\*****\Downloads\Woman mp3s.zip 2017-03-31 16:07 - 2017-03-31 16:07 - 03203236 _____ C:\Users\*****\Downloads\Bestaetgungen GVL_032017.pdf 2017-03-29 08:46 - 2017-03-29 08:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote 2017-03-25 05:23 - 2017-03-25 05:23 - 00000000 ____D C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2017-03-21 18:24 - 2017-04-05 13:50 - 00000000 ____D C:\Users\*****\Desktop\co pop 2017-03-19 22:44 - 2017-03-19 22:44 - 00000279 _____ C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Papierkorb.lnk 2017-03-18 15:01 - 2017-03-29 08:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-03-18 14:52 - 2017-03-18 14:53 - 00000000 ____D C:\Users\*****\Downloads\cool_faac-1.28-2.7 2017-03-16 11:50 - 2017-03-16 11:51 - 00038498 _____ C:\Users\*****\Desktop\Tabs 16.03.17.txt 2017-03-16 10:41 - 2017-03-16 10:41 - 00000000 ____D C:\874bf333a0cc20d98246ae31724cdb72 2017-03-09 13:30 - 2017-03-09 13:40 - 54812245 _____ C:\Users\*****\Downloads\Primal Scream - Come Together.rar ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2017-04-07 18:03 - 2017-01-22 02:25 - 00000000 ____D C:\Users\*****\AppData\Local\CrashDumps 2017-04-07 18:03 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF 2017-04-07 18:01 - 2015-03-30 22:45 - 00000000 ____D C:\Users\*****\Downloads\Neuer Ordner 2017-04-07 17:55 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp 2017-04-07 17:50 - 2016-11-19 16:56 - 00000000 ____D C:\Users\*****\AppData\LocalLow\Mozilla 2017-04-07 17:21 - 2015-10-28 23:58 - 00001290 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-680370811-642922712-648177064-1005UA.job 2017-04-07 17:13 - 2014-09-23 22:06 - 00000000 ____D C:\Users\*****\AppData\Local\Spotify 2017-04-07 17:05 - 2014-09-23 22:05 - 00000000 ____D C:\Users\*****\AppData\Roaming\Spotify 2017-04-07 16:10 - 2014-07-07 13:05 - 00000958 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-680370811-642922712-648177064-1002UA.job 2017-04-07 15:30 - 2015-11-19 22:37 - 00003898 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-680370811-642922712-648177064-1005UA 2017-04-07 15:30 - 2015-11-19 22:37 - 00003630 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-680370811-642922712-648177064-1005Core 2017-04-07 15:29 - 2015-05-13 20:20 - 00003628 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2017-04-07 15:29 - 2015-05-13 20:20 - 00003504 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2017-04-07 15:26 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps 2017-04-07 15:26 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-04-07 15:22 - 2014-10-16 10:45 - 00000000 ____D C:\Users\*****\AppData\Roaming\Dropbox 2017-04-06 21:19 - 2015-09-06 15:31 - 00001616 _____ C:\Users\*****\Desktop\Musik Shops.txt 2017-04-06 20:54 - 2015-11-08 22:32 - 01802588 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-04-06 20:54 - 2015-10-30 20:35 - 00777804 _____ C:\WINDOWS\system32\perfh007.dat 2017-04-06 20:54 - 2015-10-30 20:35 - 00156080 _____ C:\WINDOWS\system32\perfc007.dat 2017-04-06 17:26 - 2017-01-21 22:15 - 00000000 ____D C:\Users\*****\AppData\Roaming\PioneerLog 2017-04-06 17:11 - 2014-10-16 10:47 - 00000000 ___RD C:\Users\*****\Dropbox 2017-04-06 13:10 - 2014-07-07 13:05 - 00000936 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-680370811-642922712-648177064-1002Core.job 2017-04-06 12:02 - 2014-11-08 20:26 - 00000000 ____D C:\Users\*****\Desktop\WDR 2017-04-06 10:21 - 2015-10-28 23:58 - 00001238 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-680370811-642922712-648177064-1005Core.job 2017-04-06 09:28 - 2013-06-04 02:52 - 00000000 ____D C:\ProgramData\WinClon 2017-04-06 09:25 - 2015-11-08 22:34 - 00000000 __SHD C:\Users\*****\IntelGraphicsProfiles 2017-04-05 23:01 - 2015-05-13 20:20 - 00002264 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-04-05 21:40 - 2014-10-15 20:14 - 00000000 ____D C:\Users\*****\AppData\Roaming\Mp3tag 2017-04-05 20:42 - 2017-02-15 22:26 - 00000000 ___SD C:\Users\*****\LANDR Bounces 2017-04-03 20:29 - 2015-08-27 21:57 - 00000000 ____D C:\Users\*****\Desktop\Neue Alben 2017-03-31 16:39 - 2016-04-12 18:32 - 00000000 ____D C:\Users\*****\Desktop\Jakarta Records 2017-03-30 14:35 - 2015-01-01 17:44 - 00000000 ____D C:\Users\*****\Desktop\Tickets & Quittungen 2017-03-30 12:48 - 2015-02-08 22:32 - 00000000 ____D C:\Users\*****\AppData\Roaming\vlc 2017-03-22 14:58 - 2014-09-22 20:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2017-03-22 14:57 - 2015-10-30 08:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM 2017-03-21 10:04 - 2013-06-04 01:53 - 00000000 ____D C:\ProgramData\Package Cache 2017-03-20 21:35 - 2015-10-30 09:24 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files 2017-03-19 12:59 - 2015-06-27 13:00 - 00006879 _____ C:\Users\*****\Desktop\Downloads.txt 2017-03-18 14:56 - 2015-04-03 16:48 - 00000000 ____D C:\Users\*****\Desktop\Abhöre 2017-03-17 17:24 - 2015-10-28 23:58 - 00000000 ____D C:\Users\*****\AppData\Local\Dropbox 2017-03-17 13:46 - 2014-01-23 18:52 - 00000000 ____D C:\WINDOWS\system32\MRT 2017-03-17 13:45 - 2014-01-23 18:52 - 138634176 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-03-17 13:44 - 2014-08-27 11:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2017-03-17 13:44 - 2014-08-27 11:45 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2017-03-17 13:44 - 2014-08-27 11:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2017-03-16 19:18 - 2016-01-03 21:10 - 00000000 ____D C:\Users\*****\AppData\Roaming\AccurateRip 2017-03-16 15:18 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\NDF 2017-03-14 20:48 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed 2017-03-14 20:48 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\Macromed 2017-03-14 20:48 - 2014-09-22 22:06 - 00004440 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2017-03-10 06:42 - 2015-10-30 09:26 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2017-03-10 06:42 - 2015-10-30 09:26 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2017-03-08 19:26 - 2016-10-11 09:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2017-03-08 13:47 - 2014-09-22 20:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2014-09-22 20:23 - 2014-09-22 20:23 - 0000000 _____ () C:\Users\*****\AppData\Roaming\AbsoluteReminder.xml 2016-06-08 16:48 - 2016-06-08 16:48 - 0001522 _____ () C:\Users\*****\AppData\Local\recently-used.xbel 2017-03-15 11:18 - 2017-04-07 17:51 - 0010486 _____ () C:\ProgramData\Coinstaller.log 2015-12-05 14:04 - 2015-12-05 14:04 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2013-06-04 02:56 - 2013-02-19 09:34 - 2064264 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe 2013-06-04 02:56 - 2013-01-12 16:51 - 0003004 _____ () C:\ProgramData\MakeMarkerFile.xml ==================== Bamital & volsnap ====================== (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2017-03-30 14:40 ==================== Ende von FRST.txt ============================ Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 15-03-2017 durchgeführt von ***** (07-04-2017 18:08:33) Gestartet von C:\Users\*****\Downloads Windows 10 Home Version 1511 (X64) (2015-12-05 12:14:10) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-680370811-642922712-648177064-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-680370811-642922712-648177064-503 - Limited - Disabled) Gast (S-1-5-21-680370811-642922712-648177064-501 - Limited - Disabled) ***** (S-1-5-21-680370811-642922712-648177064-1005 - Administrator - Enabled) => C:\Users\***** ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) Ableton Live 9 Trial (HKLM-x32\...\{611B40BC-7070-4946-BCC1-5AADF140DC04}) (Version: 9.0.0.0 - Ableton) Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated) Adobe Audition 3.0 (HKLM-x32\...\Adobe Audition 3.0) (Version: 3.0 - Adobe Systems Incorporated) Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated) Amazon Music (HKU\S-1-5-21-680370811-642922712-648177064-1005\...\Amazon Amazon Music) (Version: 5.0.4.1562 - Amazon Services LLC) Amazon Music (HKU\S-1-5-21-680370811-642922712-648177064-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Amazon Amazon Music) (Version: 5.0.4.1562 - Amazon Services LLC) Amazon Music (HKU\S-1-5-21-680370811-642922712-648177064-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Amazon Amazon Music) (Version: 5.0.4.1562 - Amazon Services LLC) AMD Catalyst Install Manager (HKLM\...\{9043E92C-183C-7633-0237-96CE00F5C909}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.) Apple Application Support (32-Bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.) Apple Application Support (64-Bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.25.172 - Avira Operations GmbH & Co. KG) Avira Connect (HKLM-x32\...\{0b46d918-af4f-4612-8076-5c0ae67cb2aa}) (Version: 1.2.81.41506 - Avira Operations GmbH & Co. KG) Avira Connect (x32 Version: 1.2.81.41506 - Avira Operations GmbH & Co. KG) Hidden Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD) CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform) ChromecastApp (HKU\S-1-5-21-680370811-642922712-648177064-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.) ChromecastApp (HKU\S-1-5-21-680370811-642922712-648177064-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dropbox (HKU\S-1-5-21-680370811-642922712-648177064-1005\...\Dropbox) (Version: 22.4.24 - Dropbox, Inc.) Dropbox (HKU\S-1-5-21-680370811-642922712-648177064-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 22.4.24 - Dropbox, Inc.) Dropbox (HKU\S-1-5-21-680370811-642922712-648177064-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Dropbox) (Version: 22.4.24 - Dropbox, Inc.) DSL Soforthilfe (HKLM-x32\...\DSL Soforthilfe) (Version: 1.1.0.51 - Telefónica Germany GmbH & Co. OHG) ELAN Touchpad driver X64 15.7.9.2_WHQL (HKLM\...\Elantech) (Version: 15.7.9.2 - ELAN Microelectronic Corp.) ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 17.4.19695 - Landesfinanzdirektion Thüringen) E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.) Evernote v. 6.5.4 (HKLM-x32\...\{D47E7D82-0D98-11E7-A6D6-005056951CAD}) (Version: 6.5.4.4720 - Evernote Corp.) Exact Audio Copy 1.1 (HKLM-x32\...\Exact Audio Copy) (Version: 1.1 - Andre Wiethoff) f.lux (HKU\S-1-5-21-680370811-642922712-648177064-1005\...\Flux) (Version: - ) f.lux (HKU\S-1-5-21-680370811-642922712-648177064-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Flux) (Version: - ) f.lux (HKU\S-1-5-21-680370811-642922712-648177064-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Flux) (Version: - ) Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.) Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden Help Desk (HKLM\...\{AEC9D273-E162-4614-83F1-722B8C74B185}) (Version: 1.0.96 - Samsung Electronics CO., LTD.) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1156 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Intel(R) WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{87d45b7e-19da-4dd5-9214-5e0d587c312f}) (Version: 15.6.1 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation) IntelliMemory (HKLM\...\{40320F22-7D70-49DB-9D66-B6FAE5F36B47}) (Version: 1.0.32.0 - Condusiv Technologies) iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.) Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation) Kentucky Route Zero (HKLM\...\Steam App 231200) (Version: - Cardboard Computer) LANDR (HKLM-x32\...\{948e168c-6622-44e2-9a3e-046a147156bc}) (Version: 1.5.1.0 - LANDR Audio) LANDR (x32 Version: 1.5.1.0 - LANDR Audio) Hidden LibreOffice 5.2.4.2 (HKLM-x32\...\{70E9A143-18EB-4FAB-B020-E3854B12202C}) (Version: 5.2.4.2 - The Document Foundation) Livestream Producer (HKLM-x32\...\{D7CA2C8B-6A7C-4D50-B8BD-7FE28868C3E7}) (Version: 1.0.13 - Livestream) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation) Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation) Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50905.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Mozilla Firefox 52.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 52.0.2 (x86 de)) (Version: 52.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.2.6291 - Mozilla) Mozilla Thunderbird 45.8.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.8.0 (x86 de)) (Version: 45.8.0 - Mozilla) Mp3tag v2.78 (HKLM-x32\...\Mp3tag) (Version: v2.78 - Florian Heidenreich) o2 Surfstick (HKLM-x32\...\{AEFF9E60-3E93-41EE-9895-311F7D1C5FFD}) (Version: 1.0.0.2 - ZTE Corporation) OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.16.6 - OBS Project) OEM Application Profile (HKLM-x32\...\{EE55B368-EBDF-98F3-CFE7-7CE4ADBC4553}) (Version: 1.00.0004 - Advanced Micro Devices, Inc.) Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - ) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version: - ) Phone Screen Sharing (HKLM-x32\...\{DF02C515-40B5-45AC-A601-5DC69D03885C}) (Version: 2.0.0.21 - RSUPPORT) Pioneer CDJXDJ Driver (HKLM-x32\...\Pioneer CDJXDJ) (Version: 1.500.000.000 - Pioneer DJ Corporation.) Pioneer MIX 64bit Driver (HKLM\...\Pioneer MIX) (Version: 4.3.0.0020 - Pioneer DJ Corporation.) PowerXpressHybrid (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Pulse Secure (Version: 5.1.60331 - Pulse Secure, LLC) Hidden Pulse Secure 5.1 (HKLM-x32\...\Pulse Secure 5.1) (Version: 5.1.60331 - Pulse Secure, LLC) Pulse Secure Setup Client (HKU\S-1-5-21-680370811-642922712-648177064-1005\...\Juniper_Setup_Client) (Version: 8.1.4.60331 - Pulse Secure, LLC) Pulse Secure Setup Client (HKU\S-1-5-21-680370811-642922712-648177064-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Juniper_Setup_Client) (Version: 8.1.4.60331 - Pulse Secure, LLC) Pulse Secure Setup Client (HKU\S-1-5-21-680370811-642922712-648177064-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Juniper_Setup_Client) (Version: 8.1.4.60331 - Pulse Secure, LLC) Pulse Secure Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Pulse Secure, LLC) Pulse Secure Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Pulse Secure, LLC) PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.) Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31225 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7543 - Realtek Semiconductor Corp.) Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.1.0.3 - Samsung Electronics CO., LTD.) rekordbox 4.3.0 64bit (HKLM\...\Pioneer rekordbox 4.3.0) (Version: 4.3.0.0020 - Pioneer DJ) S Agent (Version: 1.1.58 - Samsung Electronics Co., Ltd.) Hidden Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.2.13021_11 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.5.2.13021_11 - Samsung Electronics Co., Ltd.) Hidden Samsung Settings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.) Samsung Update (HKLM-x32\...\{0BC4AC38-E7C5-4394-A6BD-32CDCE2C8B9D}) (Version: 2.2.36 - Samsung Electronics Co., Ltd.) SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.25.0 - SAMSUNG Electronics Co., Ltd.) Serato DJ (HKLM-x32\...\{752e27a0-7ce7-48a1-8579-a9e1bfd7b4f0}) (Version: 1.9.1.4046 - ) Serato DJ (x32 Version: 1.9.1.4046 - Serato) Hidden SideSync (HKLM-x32\...\{59687468-8CE9-4ABF-9C6A-5C31F0E09F8B}) (Version: 2.0.0 - Samsung Electronics CO., LTD.) Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-680370811-642922712-648177064-1005\...\Spotify) (Version: 1.0.52.725.g943b26a8 - Spotify AB) Spotify (HKU\S-1-5-21-680370811-642922712-648177064-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Spotify) (Version: 1.0.52.725.g943b26a8 - Spotify AB) Spotify (HKU\S-1-5-21-680370811-642922712-648177064-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Spotify) (Version: 1.0.52.725.g943b26a8 - Spotify AB) SRS Premium Sound (HKLM-x32\...\{E44F8A34-529E-4318-A0E1-1893C337A47F}) (Version: 1.00.4700 - DTS, Inc.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) System Requirements Lab Detection (HKLM-x32\...\{FFE05956-090B-4413-A158-B0CFF0682259}) (Version: 6.1.6.0 - Husdawg, LLC) Tomahawk (HKLM-x32\...\Tomahawk) (Version: 0.8.4 - Tomahawk-player.org) Unity Web Player (HKU\S-1-5-21-680370811-642922712-648177064-1005\...\UnityWebPlayer) (Version: 5.2.0f3 - Unity Technologies ApS) Unity Web Player (HKU\S-1-5-21-680370811-642922712-648177064-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\UnityWebPlayer) (Version: 5.2.0f3 - Unity Technologies ApS) Unity Web Player (HKU\S-1-5-21-680370811-642922712-648177064-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\UnityWebPlayer) (Version: 5.2.0f3 - Unity Technologies ApS) User Guide (HKLM-x32\...\{491C3106-0333-4CC0-8085-7F82065FBFA4}) (Version: 1.3.00 - Samsung Electronics CO., LTD.) VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN) Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc) Winamp Essentials Pack (HKLM-x32\...\Winamp Essentials Pack) (Version: v5.58 - Christoph Grether) Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) Windows-Treiberpaket - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (08/23/2013 6.2.8400.4218) (HKLM\...\26BFE384C802803107F583AE1A739E4FEB56134B) (Version: 08/23/2013 6.2.8400.4218 - Samsung Electronics Co. Ltd.) WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH) Wisdom-soft AutoScreenRecorder 3.1 Free (HKLM-x32\...\Wisdom-soft AutoScreenRecorder 3.1 Free) (Version: - Wisdom Software Inc.) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-680370811-642922712-648177064-1005_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-680370811-642922712-648177064-1005_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-680370811-642922712-648177064-1005_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-680370811-642922712-648177064-1005_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-680370811-642922712-648177064-1005_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation) CustomCLSID: HKU\S-1-5-21-680370811-642922712-648177064-1005_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.32.8\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-680370811-642922712-648177064-1005_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-680370811-642922712-648177064-1005_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-680370811-642922712-648177064-1005_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.32.8\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-680370811-642922712-648177064-1005_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-680370811-642922712-648177064-1005_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-680370811-642922712-648177064-1005_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-680370811-642922712-648177064-1005_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-680370811-642922712-648177064-1005_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-680370811-642922712-648177064-1005_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-680370811-642922712-648177064-1005_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-680370811-642922712-648177064-1005_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-680370811-642922712-648177064-1005_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-680370811-642922712-648177064-1005_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-680370811-642922712-648177064-1005_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-680370811-642922712-648177064-1005_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.) ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {09EE975B-6109-4777-8F56-162EE42FB31A} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-680370811-642922712-648177064-1005Core => C:\Users\*****\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.) Task: {144F991F-932B-49F9-BB9D-A4B938ACBA68} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {27BBDC66-C96A-4B26-B757-49B14EBC517C} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-08-28] (Realtek Semiconductor) Task: {30E131EE-2E03-45DC-B962-450076A11EC3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-13] (Google Inc.) Task: {32E585D9-CB35-498A-8EFC-2E2E658241F6} - System32\Tasks\{3F1DAE92-97A5-457B-98B1-403FFC84C462} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=6.21.0.104&LastError=404 Task: {47F435FA-EAA8-43F9-92EF-EE3F4A34800A} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {530F2EBB-2FB2-4C94-80F9-4074BE11DED1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG Task: {54177C0D-5862-4304-B987-1AD7AF6A9623} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe Task: {5B5FA4A8-FF47-49CF-BD03-7E3ABA7DE9F8} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG Task: {5B95929C-2D53-4652-86FB-B8664276011B} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2016-02-24] (Samsung Electronics Co., Ltd.) Task: {626471A4-9E6A-40B4-BDF1-8082117E2BAB} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG Task: {657C683B-C354-4995-9FAD-E6A63231B58F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-680370811-642922712-648177064-1005UA => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2015-11-19] (Google Inc.) Task: {76BE747F-16DA-4E8D-A06E-605EAE78880D} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG Task: {82A501BD-5965-49DC-81D7-0AA63532893F} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-14] (Adobe Systems Incorporated) Task: {85400368-1794-463E-8258-2D1EDF6DD61B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-13] (Google Inc.) Task: {8FAA6FA3-1DA8-41FE-8174-62E71208A013} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2015-06-19] (Samsung Electronics CO., LTD.) Task: {A1033642-680C-4E50-A5BB-B74CE1F5E71A} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-680370811-642922712-648177064-1005UA => C:\Users\*****\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.) Task: {A482930A-3BC5-4675-9EA0-D18648D77705} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG Task: {AA4103FC-7A78-416D-94B7-162F62D0A8FE} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-680370811-642922712-648177064-1002Core => C:\Users\kiosk\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: {ACC3DACB-BCF1-4751-880D-2CE72ACEFC92} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2016-07-05] (SEC) Task: {AF9A16E2-9B2A-4E0E-B009-CBEEE3597583} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG Task: {B134A9E6-1863-4F8F-BF72-35F1BB85092B} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-680370811-642922712-648177064-1002UA => C:\Users\kiosk\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: {B2625808-A19A-425F-B615-08861CC24AA8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.) Task: {B65A0B99-E485-43A7-92C1-A9A06EA4709F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG Task: {C7C0511F-011F-463B-833B-F02A6FD95970} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {CFEA2F61-DFEE-4320-90EC-2ECA1389BB99} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG Task: {DBDC6064-F9F8-459E-A392-7A99FA3EE93F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG Task: {DBEEC956-843B-445B-A0C1-2158B77BDBAC} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe [2010-06-01] () Task: {E87C45A2-B475-409B-A795-7D6C1554605B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated) Task: {E9891AB9-29D9-4C1A-8868-00A890E9DDF9} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG Task: {EE688FA0-ACCF-4C19-84C2-4CEC2E2312F7} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {F64C4AE0-863E-4870-9E8F-1297322E8FAA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-03-17] (Microsoft Corporation) Task: {F6E9B348-A3AC-4B52-AFBC-59E8DBFC88B7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd) Task: {FA846DA5-F2CC-4876-8ADC-0939126BF150} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-680370811-642922712-648177064-1005Core => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2015-11-19] (Google Inc.) Task: {FC311588-D2C8-419F-9117-027969650628} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG Task: {FDF75EFA-569A-4ECA-B93E-19F17C1BC762} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-680370811-642922712-648177064-1005Core.job => C:\Users\*****\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-680370811-642922712-648177064-1005UA.job => C:\Users\*****\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-680370811-642922712-648177064-1002Core.job => C:\Users\kiosk\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-680370811-642922712-648177064-1002UA.job => C:\Users\kiosk\AppData\Local\Facebook\Update\FacebookUpdate.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2016-10-05 19:17 - 2016-10-05 19:17 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2017-01-13 14:56 - 2017-01-13 14:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2015-06-19 15:55 - 2015-06-19 15:55 - 00084800 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe 2016-12-06 09:17 - 2016-10-25 11:42 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-12-06 09:17 - 2016-10-25 11:42 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2015-12-18 09:22 - 2015-12-07 06:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-07-12 22:52 - 2016-07-01 05:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-12-06 09:20 - 2016-10-25 09:01 - 00674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll 2016-12-06 09:17 - 2016-10-25 06:49 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-12-06 09:17 - 2016-10-25 06:44 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-12-06 09:17 - 2016-10-25 06:45 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-12-06 09:17 - 2016-10-25 06:48 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-04-19 08:30 - 2016-04-19 08:30 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2017-03-14 12:33 - 2017-03-14 12:33 - 03879424 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1703.601.0_x64__8wekyb3d8bbwe\Calculator.exe 2015-06-19 15:55 - 2015-06-19 15:55 - 00027968 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll 2015-06-19 15:55 - 2015-06-19 15:55 - 01272128 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll 2015-06-19 15:55 - 2015-06-19 15:55 - 00111936 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll 2015-06-19 15:55 - 2015-06-19 15:55 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll 2015-06-19 15:55 - 2015-06-19 15:55 - 00025920 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsAPI.dll 2015-06-19 15:55 - 2015-06-19 15:55 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll 2015-06-19 15:55 - 2015-06-19 15:55 - 00025920 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll 2015-06-19 15:55 - 2015-06-19 15:55 - 00111936 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll 2015-06-19 15:55 - 2015-06-19 15:55 - 00059712 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll 2015-06-19 15:55 - 2015-06-19 15:55 - 00102720 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll 2017-03-20 11:57 - 2017-03-20 11:57 - 00321208 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll 2016-04-19 08:30 - 2016-04-19 08:30 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2016-04-19 08:30 - 2016-04-19 08:30 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll 2017-03-20 11:57 - 2017-03-20 11:57 - 00148664 _____ () C:\Program Files (x86)\Evernote\Evernote\zlibwapi.dll 2017-03-20 11:57 - 2017-03-20 11:57 - 26137272 _____ () C:\Program Files (x86)\Evernote\Evernote\libcef.dll 2017-03-20 11:57 - 2017-03-20 11:57 - 00212664 _____ () C:\Program Files (x86)\Evernote\Evernote\websockets.dll 2017-03-20 11:10 - 2017-03-20 11:10 - 00740352 _____ () C:\Program Files (x86)\Evernote\Evernote\libglesv2.dll 2017-03-20 11:10 - 2017-03-20 11:10 - 00130048 _____ () C:\Program Files (x86)\Evernote\Evernote\libegl.dll 2017-03-25 05:23 - 2017-03-21 20:06 - 00842560 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll 2015-12-13 04:04 - 2017-02-28 22:49 - 00035792 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd 2015-12-13 04:04 - 2017-02-28 22:49 - 00100296 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\_ctypes.pyd 2015-12-13 04:04 - 2017-02-28 22:49 - 00018888 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\select.pyd 2015-12-13 04:04 - 2017-03-21 20:10 - 00019776 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd 2017-03-25 05:23 - 2017-03-21 20:09 - 00020824 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd 2015-12-13 04:04 - 2017-02-28 22:50 - 00123856 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd 2015-12-13 04:04 - 2017-02-28 22:49 - 00694224 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\unicodedata.pyd 2017-03-25 05:23 - 2017-03-21 20:09 - 01729360 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd 2017-03-25 05:23 - 2017-03-21 20:09 - 00020816 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd 2017-03-25 05:23 - 2017-02-28 22:49 - 00145864 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\pyexpat.pyd 2017-03-25 05:23 - 2017-02-28 22:50 - 00019408 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\faulthandler.pyd 2017-03-25 05:23 - 2017-02-28 22:49 - 00116688 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\pywintypes27.dll 2015-12-13 04:04 - 2017-02-28 22:52 - 00105928 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\win32api.pyd 2016-08-06 04:09 - 2017-03-21 20:10 - 00022864 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd 2017-03-25 05:23 - 2017-03-21 20:09 - 00060736 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd 2017-03-25 05:23 - 2017-03-21 20:09 - 00038712 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\fastpath.pyd 2015-12-13 04:04 - 2017-02-28 22:52 - 00024528 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\win32event.pyd 2017-03-25 05:23 - 2017-02-28 22:49 - 00392656 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\pythoncom27.dll 2017-03-25 05:23 - 2017-02-28 22:52 - 00020936 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\mmapfile.pyd 2015-12-13 04:04 - 2017-02-28 22:52 - 00116176 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\win32security.pyd 2015-12-13 04:04 - 2017-03-21 20:10 - 00392512 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd 2015-12-13 04:04 - 2017-02-28 22:52 - 00124880 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\win32file.pyd 2016-08-06 04:09 - 2017-03-21 20:10 - 00026456 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd 2015-12-13 04:04 - 2017-02-28 22:52 - 00024016 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\win32clipboard.pyd 2015-12-13 04:04 - 2017-02-28 22:52 - 00175560 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\win32gui.pyd 2015-12-13 04:04 - 2017-02-28 22:52 - 00030160 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\win32pipe.pyd 2015-12-13 04:04 - 2017-02-28 22:52 - 00043472 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\win32process.pyd 2015-12-13 04:04 - 2017-02-28 22:52 - 00048592 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\win32service.pyd 2015-12-13 04:04 - 2017-02-28 22:52 - 00057808 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\win32evtlog.pyd 2015-12-13 04:04 - 2017-02-28 22:52 - 00024016 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\win32profile.pyd 2017-03-25 05:23 - 2017-03-21 20:09 - 00246608 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd 2017-03-25 05:23 - 2017-03-21 20:09 - 00027488 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd 2016-08-06 04:09 - 2017-02-28 22:51 - 00241104 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\_jpegtran.pyd 2017-03-25 05:23 - 2017-03-21 20:09 - 00022336 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd 2015-12-13 04:04 - 2017-03-21 20:10 - 00025432 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd 2015-12-13 04:04 - 2017-02-28 22:52 - 00028616 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\win32ts.pyd 2017-03-25 05:23 - 2017-03-21 20:10 - 01826104 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd 2015-12-13 04:04 - 2017-02-28 22:50 - 00083912 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\sip.pyd 2017-03-25 05:23 - 2017-03-21 20:10 - 01972024 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd 2017-03-25 05:23 - 2017-03-21 20:10 - 03928896 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd 2017-03-25 05:23 - 2017-03-21 20:10 - 00531264 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd 2017-02-28 14:23 - 2017-03-21 20:10 - 00053072 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.pyd 2017-03-25 05:23 - 2017-03-21 20:10 - 00133432 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd 2017-03-25 05:23 - 2017-03-21 20:10 - 00224064 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd 2017-03-25 05:23 - 2017-03-21 20:10 - 00207680 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd 2017-01-20 22:23 - 2017-03-21 20:10 - 00022864 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.pyd 2016-04-15 11:06 - 2017-03-21 20:10 - 00069968 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\windisplaytoast.compiled._DisplayToast.pyd 2017-01-20 22:23 - 2017-03-21 20:10 - 00022872 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd 2017-01-20 22:23 - 2017-03-21 20:10 - 00021848 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.pyd 2017-01-20 22:23 - 2017-03-21 20:10 - 00022872 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.pyd 2015-12-13 04:04 - 2017-02-28 22:52 - 00349128 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\winxpgui.pyd 2017-03-25 05:23 - 2017-03-21 20:10 - 00103232 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\PyQt5.QtWinExtras.pyd 2016-02-20 18:11 - 2017-03-21 20:10 - 00023896 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd 2017-03-25 05:23 - 2017-03-21 20:09 - 00025936 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd 2017-03-25 05:23 - 2017-02-28 22:47 - 00036296 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\librsync.dll 2017-03-25 05:23 - 2017-03-21 20:09 - 00033112 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\enterprise_data.compiled._enterprise_data.pyd 2017-03-25 05:23 - 2017-03-11 01:17 - 00293392 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\EnterpriseDataAdapter.dll 2017-03-25 05:23 - 2017-03-21 20:09 - 00084288 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL 2016-07-09 12:05 - 2017-03-21 20:10 - 00030536 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\wind3d11.compiled._wind3d11.pyd 2017-03-25 05:23 - 2017-02-28 22:56 - 00017864 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\libEGL.dll 2017-03-25 05:23 - 2017-02-28 22:56 - 01631184 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\libGLESv2.dll 2017-03-25 05:23 - 2017-03-21 20:10 - 00042816 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd 2017-03-25 05:23 - 2017-03-21 20:10 - 00171336 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd 2017-03-25 05:23 - 2017-03-21 20:10 - 00357688 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd 2015-12-13 04:04 - 2017-02-28 22:52 - 00060880 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\win32print.pyd 2016-08-06 04:09 - 2017-03-21 20:10 - 00026456 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd 2017-03-25 05:23 - 2017-03-21 20:10 - 00546104 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd 2010-05-25 10:40 - 2010-05-25 10:40 - 00016896 _____ () C:\Program Files (x86)\Winamp\Plugins\in_wav.dll 2005-09-14 21:08 - 2005-09-14 21:08 - 00031232 _____ () C:\Program Files (x86)\Winamp\Plugins\in_wav.trb 2009-04-28 22:20 - 2009-04-28 22:20 - 00084480 _____ () C:\Program Files (x86)\Winamp\Plugins\read_file.dll 2010-06-01 17:29 - 2010-06-01 17:29 - 00224768 _____ () C:\Program Files (x86)\Winamp\Plugins\in_wv.dll 2013-12-13 04:47 - 2013-12-13 04:47 - 00333824 _____ () C:\Program Files (x86)\Winamp\Plugins\freeform\wacs\freetype\freetype.wac 2010-06-25 22:03 - 2010-06-25 22:03 - 00077312 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_find_on_disk.dll 2010-06-17 18:59 - 2010-06-17 18:59 - 00084992 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_skinmanager.dll 2010-04-07 12:31 - 2010-04-07 12:31 - 00036864 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_undo.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) ==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-680370811-642922712-648177064-1005\Control Panel\Desktop\\Wallpaper -> HKU\S-1-5-21-680370811-642922712-648177064-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> HKU\S-1-5-21-680370811-642922712-648177064-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher" HKLM\...\StartupApproved\Run32: => "RemoteControl10" HKLM\...\StartupApproved\Run32: => "APSDaemon" HKLM\...\StartupApproved\Run32: => "QuickTime Task" HKLM\...\StartupApproved\Run32: => "PDFPrint" HKLM\...\StartupApproved\Run32: => "CancelAutoPlay_df" HKLM\...\StartupApproved\Run32: => "CheckNDISPortF0acA7" HKLM\...\StartupApproved\Run32: => "DSL Soforthilfe" HKLM\...\StartupApproved\Run32: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0" HKU\S-1-5-21-680370811-642922712-648177064-1005\...\StartupApproved\Run: => "Amazon Music" HKU\S-1-5-21-680370811-642922712-648177064-1005\...\StartupApproved\Run: => "Dropbox Update" HKU\S-1-5-21-680370811-642922712-648177064-1005\...\StartupApproved\Run: => "CCleaner Monitoring" HKU\S-1-5-21-680370811-642922712-648177064-1005\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-680370811-642922712-648177064-1005\...\StartupApproved\Run: => "Google Update" HKU\S-1-5-21-680370811-642922712-648177064-1005\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-680370811-642922712-648177064-1005\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-680370811-642922712-648177064-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Amazon Music" HKU\S-1-5-21-680370811-642922712-648177064-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Dropbox Update" HKU\S-1-5-21-680370811-642922712-648177064-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "CCleaner Monitoring" HKU\S-1-5-21-680370811-642922712-648177064-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-680370811-642922712-648177064-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Google Update" HKU\S-1-5-21-680370811-642922712-648177064-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-680370811-642922712-648177064-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-680370811-642922712-648177064-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\StartupApproved\Run: => "Amazon Music" HKU\S-1-5-21-680370811-642922712-648177064-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\StartupApproved\Run: => "Dropbox Update" HKU\S-1-5-21-680370811-642922712-648177064-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\StartupApproved\Run: => "CCleaner Monitoring" HKU\S-1-5-21-680370811-642922712-648177064-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-680370811-642922712-648177064-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\StartupApproved\Run: => "Google Update" HKU\S-1-5-21-680370811-642922712-648177064-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-680370811-642922712-648177064-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\StartupApproved\Run: => "Skype" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{E8557183-47FC-4D7D-96E8-0F2BFCA250FC}] => (Block) C:\users\*****\downloads\broforce_windows_2015_november_17\windows\broforce_beta.exe FirewallRules: [{64A5660C-048F-4325-98CC-356EAECB60C0}] => (Block) C:\users\*****\downloads\broforce_windows_2015_november_17\windows\broforce_beta.exe FirewallRules: [UDP Query User{09656955-470D-44C4-8D05-42ACDFCC237D}C:\users\*****\downloads\broforce_windows_2015_november_17\windows\broforce_beta.exe] => (Allow) C:\users\*****\downloads\broforce_windows_2015_november_17\windows\broforce_beta.exe FirewallRules: [TCP Query User{17F057EF-4F27-45AC-86AD-F0A85B9F7EF4}C:\users\*****\downloads\broforce_windows_2015_november_17\windows\broforce_beta.exe] => (Allow) C:\users\*****\downloads\broforce_windows_2015_november_17\windows\broforce_beta.exe FirewallRules: [UDP Query User{4B0BE795-39C7-4EA6-BCCF-479C4A67E1D2}C:\program files (x86)\steam\steamapps\common\rainbow six vegas\binaries\r6vegas_launcher.exe] => (Block) C:\program files (x86)\steam\steamapps\common\rainbow six vegas\binaries\r6vegas_launcher.exe FirewallRules: [TCP Query User{D6D1EA87-2DFA-4155-A32A-6528956980BA}C:\program files (x86)\steam\steamapps\common\rainbow six vegas\binaries\r6vegas_launcher.exe] => (Block) C:\program files (x86)\steam\steamapps\common\rainbow six vegas\binaries\r6vegas_launcher.exe FirewallRules: [{85557EB1-C0A4-4BFC-8472-F37877C3A56E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Rainbow Six Vegas\Binaries\runme.exe FirewallRules: [{1AA9E9B7-F83D-4A71-A1EF-D25C7F7C327E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Rainbow Six Vegas\Binaries\runme.exe FirewallRules: [{F71BE0FF-4D4D-4152-AEE5-F222186E9ACF}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe FirewallRules: [{683087AA-90F3-411A-896B-FD2F1FFB7798}] => (Allow) LPort=1900 FirewallRules: [{8CE191E3-A8AE-4CEC-A8F9-2E8E0B1EDAD9}] => (Allow) LPort=2869 FirewallRules: [{2AD55660-0050-467B-B2B1-4A4A61AAEB1D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{5275BAF6-CD64-4E96-94BF-F6CC2E4EC21D}] => (Allow) C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe FirewallRules: [{F2040106-887C-47B9-B968-A370EFD1BB76}] => (Allow) C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe FirewallRules: [{9D61094E-ED39-4A82-8338-40C5C4D3411E}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe FirewallRules: [TCP Query User{B3B6D94E-1612-440C-B1AD-203C5D91D1EA}C:\users\*****\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\*****\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{47914F57-3365-4185-B864-209C1D863A9F}C:\users\*****\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\*****\appdata\roaming\spotify\spotify.exe FirewallRules: [{67329E70-1C8B-4B5B-88FF-B59C21CF3D95}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{A94BFD88-1A38-4F47-8165-C68468B4BF27}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{67B23FA4-C433-4E9D-9DA0-7634583F52F5}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{DA40C1DB-10B2-470C-BA83-4A8A6823E5EE}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{E6B328AC-A306-4527-941E-8B576ECE19C1}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [{21FD4A13-1299-43CD-8562-087988B461ED}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [TCP Query User{AE7EEEDA-6D34-42A3-B3F0-5D92964FA080}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Block) C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe FirewallRules: [UDP Query User{615B7EA6-FDE5-41B6-BFE7-03915413ABDF}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Block) C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe FirewallRules: [{80081036-A4DC-4C1D-BEA9-48A2A7526CE6}] => (Allow) C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{11101408-5229-4E90-B86A-24E8D874F91A}] => (Allow) C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [TCP Query User{6D018BED-C824-426D-9D22-4EDDEEEB2F40}C:\users\*****\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\*****\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{997D201D-4A4D-4903-9071-59AA0EA6DD5A}C:\users\*****\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\*****\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{445DE35E-4A96-4F67-8F21-1AA6D6A37F70}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{334E7DC0-6420-4BC0-867C-5981912BC8C0}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{DB26A79E-1AE3-4125-B8FA-9C4760C6DC33}C:\users\*****\downloads\broforce_beta_windows_2014_december_18\windows\broforce_beta.exe] => (Allow) C:\users\*****\downloads\broforce_beta_windows_2014_december_18\windows\broforce_beta.exe FirewallRules: [UDP Query User{499CE17C-F2A0-487E-B78F-DFE874C63693}C:\users\*****\downloads\broforce_beta_windows_2014_december_18\windows\broforce_beta.exe] => (Allow) C:\users\*****\downloads\broforce_beta_windows_2014_december_18\windows\broforce_beta.exe FirewallRules: [{FE6E2A20-CC5D-4934-8A51-C8311342F2E4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{FF566D8F-D0D5-4C80-B96C-E375F0979334}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{3653484A-4B9F-4EB5-B156-0EA8F71E8D3C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{B87DE84E-4350-4327-BF9C-0334BC26CBD6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{8A78F6C7-2EB4-4276-BE20-D0106CC5B6E4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{68D97DA4-4C62-460F-85F5-12AA5941526E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [TCP Query User{6AECDB0F-724C-4BEE-9EEC-F321698BA642}C:\users\*****\downloads\broforce_beta_windows_2015_march_12\windows\broforce_beta.exe] => (Allow) C:\users\*****\downloads\broforce_beta_windows_2015_march_12\windows\broforce_beta.exe FirewallRules: [UDP Query User{2392465B-23EF-410C-A0B7-A00314E81E68}C:\users\*****\downloads\broforce_beta_windows_2015_march_12\windows\broforce_beta.exe] => (Allow) C:\users\*****\downloads\broforce_beta_windows_2015_march_12\windows\broforce_beta.exe FirewallRules: [{132D1E6E-0485-483B-8D45-601445401DCD}] => (Allow) C:\Program Files (x86)\DSL Soforthilfe\DSL_Soforthilfe.exe FirewallRules: [{1B64EADD-0F51-48DC-9585-4A8C268633A9}] => (Allow) C:\Program Files (x86)\DSL Soforthilfe\DSL_Soforthilfe.exe FirewallRules: [TCP Query User{5104351D-A295-444A-BDD8-410E603EA7F2}C:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{4E1A61B2-AF39-4C5D-8D4B-C7635D959BFF}C:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [TCP Query User{1C027A8C-D72D-4900-8E6F-6656F6A02E62}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe FirewallRules: [UDP Query User{5F488F6F-AA2B-44EE-9060-F8258FE8FDD2}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe FirewallRules: [{91F4CC67-D2E3-4EB8-A3C6-9C972114A45B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{DC315BA3-E388-47C2-A7D8-DC0F0EAAC5DF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{5C990297-98A8-4D55-A333-5AA0E5EF80D2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{81B12B6F-9483-40D0-B68C-F5CD6E285905}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [TCP Query User{8627AFAB-5FB8-419A-9AEA-400C60D2A9F3}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Block) C:\program files (x86)\mediamonkey\mediamonkey.exe FirewallRules: [UDP Query User{E14B0A79-E832-440B-80FF-6834ABC8B75C}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Block) C:\program files (x86)\mediamonkey\mediamonkey.exe FirewallRules: [{CD7AE0A2-54E5-4C2C-83E8-47164140BC28}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{530012D2-5C10-4C53-A932-B26720DC7D89}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{81D51175-7CD0-400D-96A0-DAEA85229A86}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\LISA\JOYFUL\Game.exe FirewallRules: [{A21B162C-9763-4480-BC4C-6405F041E350}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\LISA\JOYFUL\Game.exe FirewallRules: [TCP Query User{0759A45C-5069-4FB3-B21A-C90A2006BCA6}C:\program files (x86)\tomahawk\tomahawk.exe] => (Allow) C:\program files (x86)\tomahawk\tomahawk.exe FirewallRules: [UDP Query User{337C6954-A082-4F21-9674-2A171E788700}C:\program files (x86)\tomahawk\tomahawk.exe] => (Allow) C:\program files (x86)\tomahawk\tomahawk.exe FirewallRules: [TCP Query User{A80EE07E-2F9B-473B-A072-BDDF43646885}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{9524BFE7-48C1-4B8E-84F2-AFEC214DA960}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{B6000533-5C40-4E28-8E6B-C0F36F11DD48}C:\users\*****\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\*****\appdata\local\amazon music\amazon music helper.exe FirewallRules: [UDP Query User{DC1F7B42-A40E-4B11-818E-F7ED78314448}C:\users\*****\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\*****\appdata\local\amazon music\amazon music helper.exe FirewallRules: [{ADCA5ED5-DBE2-400B-80EE-C3FCE7F85337}] => (Block) C:\users\*****\appdata\local\amazon music\amazon music helper.exe FirewallRules: [{6EFA1D01-0415-4F7F-8734-6E1D18A025A0}] => (Block) C:\users\*****\appdata\local\amazon music\amazon music helper.exe FirewallRules: [TCP Query User{30619189-E96F-4404-8229-83082BD153C3}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe FirewallRules: [UDP Query User{3EBBAE9D-95E2-4ABD-A88E-8C01C8F04A81}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe FirewallRules: [{766363C5-E1AB-4E0B-BFB6-AEE9173871EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KentuckyRouteZero\KentuckyRouteZero.exe FirewallRules: [{C2123AA9-4534-4116-9DAA-0F11599767DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KentuckyRouteZero\KentuckyRouteZero.exe FirewallRules: [{1DACA5DA-DC2C-4BFD-B2D6-1EF20BB1CC80}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{31F65E20-3D94-49F5-9DE3-7EB7E02F1A7D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [TCP Query User{48A49328-CD70-41A0-9E13-4A4A76EE0BDA}C:\program files\pioneer\rekordbox 4.2.5\psvnfsd.exe] => (Allow) C:\program files\pioneer\rekordbox 4.2.5\psvnfsd.exe FirewallRules: [UDP Query User{8A2BBF30-12FB-4894-B4AB-3563EB2704FD}C:\program files\pioneer\rekordbox 4.2.5\psvnfsd.exe] => (Allow) C:\program files\pioneer\rekordbox 4.2.5\psvnfsd.exe FirewallRules: [TCP Query User{27C339D4-4CED-44ED-8955-746DC0DA7BD1}C:\program files\pioneer\rekordbox 4.2.5\psvlinksysmgr.exe] => (Allow) C:\program files\pioneer\rekordbox 4.2.5\psvlinksysmgr.exe FirewallRules: [UDP Query User{01425E94-59B5-47D9-B7E9-E856AB4380BE}C:\program files\pioneer\rekordbox 4.2.5\psvlinksysmgr.exe] => (Allow) C:\program files\pioneer\rekordbox 4.2.5\psvlinksysmgr.exe FirewallRules: [TCP Query User{18670B38-665E-4AAF-B575-C60326933202}C:\program files\pioneer\rekordbox 4.2.5\rekordbox.exe] => (Allow) C:\program files\pioneer\rekordbox 4.2.5\rekordbox.exe FirewallRules: [UDP Query User{B85F0B9F-375A-40E4-BEF4-1E9664158FF2}C:\program files\pioneer\rekordbox 4.2.5\rekordbox.exe] => (Allow) C:\program files\pioneer\rekordbox 4.2.5\rekordbox.exe FirewallRules: [{D704F513-4BCD-4F4D-9271-B798D51EA363}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [TCP Query User{A7E1DF20-0B87-48D0-B55F-58E115AD8F20}C:\program files\pioneer\rekordbox 4.3.0\psvnfsd.exe] => (Allow) C:\program files\pioneer\rekordbox 4.3.0\psvnfsd.exe FirewallRules: [UDP Query User{0DB043C3-0DE4-4D88-AA7F-02C3CBC12531}C:\program files\pioneer\rekordbox 4.3.0\psvnfsd.exe] => (Allow) C:\program files\pioneer\rekordbox 4.3.0\psvnfsd.exe FirewallRules: [TCP Query User{4295AD05-CD47-4C87-AE24-3588686C82D4}C:\program files\pioneer\rekordbox 4.3.0\psvlinksysmgr.exe] => (Allow) C:\program files\pioneer\rekordbox 4.3.0\psvlinksysmgr.exe FirewallRules: [UDP Query User{F8C446B4-D10B-4E61-8E15-02B55AC4FE66}C:\program files\pioneer\rekordbox 4.3.0\psvlinksysmgr.exe] => (Allow) C:\program files\pioneer\rekordbox 4.3.0\psvlinksysmgr.exe FirewallRules: [TCP Query User{C3A3701F-355C-4E1E-A7D9-3B59AA5CB08C}C:\program files\pioneer\rekordbox 4.3.0\rekordbox.exe] => (Allow) C:\program files\pioneer\rekordbox 4.3.0\rekordbox.exe FirewallRules: [UDP Query User{9B3F315A-632F-4DC9-8D4B-0B405DF5686B}C:\program files\pioneer\rekordbox 4.3.0\rekordbox.exe] => (Allow) C:\program files\pioneer\rekordbox 4.3.0\rekordbox.exe FirewallRules: [{9B7EC849-9716-446E-A388-694A4FDE0B3B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Wiederherstellungspunkte ========================= ==================== Fehlerhafte Geräte im Gerätemanager ============= ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (04/07/2017 06:03:15 PM) (Source: Windows Search Service) (EventID: 1019) (User: ) Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-680370811-642922712-648177064-1005}/">. Error: (04/07/2017 05:54:47 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll. System Error: Zugriff verweigert . Error: (04/07/2017 05:43:32 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NP730U3E-X04DE) Description: Bei der Aktivierung der App „Microsoft.BingFoodAndDrink_8wekyb3d8bbwe!AppexFoodAndDrink“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (04/07/2017 04:25:39 PM) (Source: System Restore) (EventID: 8211) (User: ) Description: Der geplante Wiederherstellungspunkt konnte nicht erstellt werden. Zusätzliche Informationen: (0x8004231f). Error: (04/07/2017 04:25:39 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\WINDOWS\system32\srtasks.exe ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Fehler = 0x8004231f). Error: (04/07/2017 04:25:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll. System Error: Zugriff verweigert . Error: (04/07/2017 04:24:42 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode. Error: (04/07/2017 03:55:14 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NP730U3E-X04DE) Description: Bei der Aktivierung der App „Microsoft.BingFoodAndDrink_8wekyb3d8bbwe!AppexFoodAndDrink“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (04/07/2017 03:18:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NP730U3E-X04DE) Description: Bei der Aktivierung der App „Microsoft.BingFoodAndDrink_8wekyb3d8bbwe!AppexFoodAndDrink“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (04/07/2017 03:18:31 PM) (Source: ATIeRecord) (EventID: 16391) (User: ) Description: ATI EEU maximum number of session has been surpassed Systemfehler: ============= Error: (04/07/2017 06:03:19 PM) (Source: volsnap) (EventID: 36) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error: (04/07/2017 05:55:43 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070005 fehlgeschlagen: Kumulatives Update für Windows 10 Version 1511 für x64-basierte Systeme (KB4013198) Error: (04/07/2017 03:27:00 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x87af000d fehlgeschlagen: Microsoft People Error: (04/07/2017 03:21:33 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT) Description: Der Server "{784E29F4-5EBE-4279-9948-1E8FE941646D}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (04/07/2017 03:18:56 PM) (Source: bowser) (EventID: 8016) (User: ) Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "O2" zum Namen "NP730U3E-X04DE" auf Transport "NetBT_Tcpip_{739BAFAD-F725-464B-B239-CFCC34AB7A50}". Das Datagramm steht in den Daten. Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist. Error: (04/06/2017 08:56:26 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT) Description: Der Server "{784E29F4-5EBE-4279-9948-1E8FE941646D}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (04/06/2017 07:36:00 PM) (Source: volsnap) (EventID: 36) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error: (04/06/2017 06:52:02 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070070 fehlgeschlagen: Kumulatives Update für Windows 10 Version 1511 für x64-basierte Systeme (KB4013198) Error: (04/06/2017 03:20:11 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT) Description: Der Server "{784E29F4-5EBE-4279-9948-1E8FE941646D}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (04/06/2017 09:28:47 AM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT) Description: Der Server "{784E29F4-5EBE-4279-9948-1E8FE941646D}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. CodeIntegrity: =================================== Date: 2017-03-18 12:26:34.502 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2017-02-23 08:44:16.021 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2017-01-19 14:34:34.880 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2017-01-12 13:26:59.659 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2017-01-12 03:06:50.651 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2017-01-11 23:29:53.423 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-12-17 07:15:06.800 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-12-16 12:15:06.345 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-12-15 08:52:13.271 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-12-06 19:26:25.636 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM) i7-3537U CPU @ 2.00GHz Prozentuale Nutzung des RAM: 72% Installierter physikalischer RAM: 3980.51 MB Verfügbarer physikalischer RAM: 1083.4 MB Summe virtueller Speicher: 5789.79 MB Verfügbarer virtueller Speicher: 1285.76 MB ==================== Laufwerke ================================ Drive c: () (Fixed) (Total:212.82 GB) (Free:0.92 GB) NTFS Drive d: () (Removable) (Total:14.73 GB) (Free:14.73 GB) FAT32 ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (Size: 238.5 GB) (Disk ID: 1933A963) Partition: GPT. ======================================================== Disk: 1 (Size: 14.7 GB) (Disk ID: 8F2DAC46) Partition 1: (Not Active) - (Size=14.7 GB) - (Type=0B) ==================== Ende von Addition.txt ============================ |
08.04.2017, 15:58 | #2 |
/// TB-Ausbilder | Windows 10: USB-Stick Ordner als VerknüpfungenMein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Um die Bereinigung möchlichst effektiv und schnell gestalten zu können, bitte ich um Beachtung der folgenden Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags: So funktioniert es: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Schritt 1 Download & Anleitung
Schritt 2
Bitte poste mit deiner nächsten Antwort
|
08.04.2017, 23:39 | #3 |
| Update Hey lieber Matthias,
__________________danke für deine schnelle Rückmeldung! Ich hatte heute Vormittag etwas Zeit, habe mich durchs Forum gelesen und einige Schritte und Scans durchgeführt, die bei allen ähnlichen Fällen gleich waren. Das Problem scheint behoben zu sein, allerdings bin ich mir nicht sicher, hier brauche ich deinen Rat als Experte. Hier zuerst mein Vorgehen im Überblick, einige Scanner haben nichts gefunden, für die übrigen hänge ich dir die Logs an: 1) Panda USB Vaccine: Rechner und USB-Stick vaccinated. 2) Malwarebytes Anti Malware: Kein Fund. 3) adwCleaner: Ein Fund, gelöscht, Log folgt. 4) JRT: Kein Fund. 5) ESET: Mehrere Funde, alle gelöscht, Log folgt. Brauchst du zu diesem Zeitpunkt noch ein FRST-Log? Vielen lieben Dank Simon adwCleaner Code:
ATTFilter # AdwCleaner v6.045 - Bericht erstellt am 08/04/2017 um 13:59:03 # Aktualisiert am 28/03/2017 von Malwarebytes # Datenbank : 2017-04-06.1 [Server] # Betriebssystem : Windows 10 Home (X64) # Benutzername : ***** - NP730U3E-X04DE # Gestartet von : C:\Users\*****\Desktop\Kampf gegen den Virus\AdwCleaner_6.045.exe # Modus: Löschen # Unterstützung : https://www.malwarebytes.com/support ***** [ Dienste ] ***** ***** [ Ordner ] ***** ***** [ Dateien ] ***** [-] Datei gelöscht: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zy2zji0a.default\invalidprefs.js ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Verknüpfungen ] ***** ***** [ Aufgabenplanung ] ***** ***** [ Registrierungsdatenbank ] ***** ***** [ Browser ] ***** ************************* :: "Tracing" Schlüssel gelöscht :: Winsock Einstellungen zurückgesetzt :: Proxy Einstellungen zurückgesetzt :: Internet Explorer Richtlinien gelöscht :: Chrome Richtlinien gelöscht ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [1092 Bytes] - [08/04/2017 13:59:03] C:\AdwCleaner\AdwCleaner[S0].txt - [1462 Bytes] - [08/04/2017 13:58:17] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1238 Bytes] ########## Code:
ATTFilter C:\Users\*****\AppData\Local\Temp\SysinfY2X.db VBS/Agent.NJS Wurm Gesäubert durch Löschen D:\Manuel.doc VBS/Agent.NJS Wurm Gesäubert durch Löschen D:\Neuer Ordner.lnk LNK/Agent.DO Trojaner Gesäubert durch Löschen D:\System Volume Information.lnk LNK/Agent.DO Trojaner Gesäubert durch Löschen D:\PIONEER.lnk LNK/Agent.DO Trojaner Gesäubert durch Löschen D:\AUTORUN.INF.lnk LNK/Agent.DO Trojaner Gesäubert durch Löschen D:\AUTORUN_.INF.lnk LNK/Agent.DO Trojaner Gesäubert durch Löschen |
09.04.2017, 10:35 | #4 |
/// TB-Ausbilder | Windows 10: USB-Stick Ordner als Verknüpfungen Servus, bitte versteh mich nicht falsch: Du kannst an deinem PC von mir aus machen, was du willst. Von mir aus kannst du eigenmächtig 100 verschiedene Programme drüberjagen. Aber ich frage mich schon, wieso du überhaupt ein Thema eröffnest und um Hilfe gebeten hast, wenn du sowieso das machst, was du für richtig hältst? Die Beachtung meiner Hinwweise (insbesondere 2. und 4.) scheint dich nicht sonderlich zu interessieren. Daher vermute ich, dass wir auch nicht länger unsere Zeit hier in diesem Thema verschwenden sollten, oder? |
10.04.2017, 10:58 | #5 |
| Windows 10: USB-Stick Ordner als Verknüpfungen Hey Matthias, entschuldige bitte. Ich war ungeduldig, hatte Angst, dass sich das Problem verschlimmert, und hab voreilig gehandelt, ohne deine Antwort abzuwarten. Und, das hab ich in meiner ersten Rückmeldung nicht deutlich genug formuliert: Ich bin sehr dankbar, dass du mir direkt am Wochenende geantwortet hast. Da ich die Regeln gebrochen hab, kann ich absolut verstehen, wenn du das Thema an dieser Stelle schließen willst. Eine weiterführende Frage bleibt bei mir offen: Avira ist mein Standard-Virenschutz, der läuft immer mit. Auf deren Website finden sich Infos zu beiden Schädlingen, die meinen Rechner diesmal erwischt hatten, die sind ja auch schon was älter. Allerdings hat der Scanner weder im Hintergrund noch auf konkreten Suchbefehl hin angeschlagen. Ist das normal? Liebe Grüße & nochmals danke Simon |
10.04.2017, 19:27 | #6 | |
/// TB-Ausbilder | Windows 10: USB-Stick Ordner als Verknüpfungen Servus, Zitat:
Ein letzter Versuch meinerseits:
|
12.04.2017, 21:45 | #7 |
| Windows 10: USB-Stick Ordner als Verknüpfungen Hey Matthias, danke dir für dein Feedback und den erneuten Anlauf Hier das erste Log, das zweite kommt in einer separaten Antwort, weil zu lang. FRST Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017 durchgeführt von ***** (Administrator) auf NP730U3E-X04DE (12-04-2017 22:35:49) Gestartet von C:\Users\*****\Desktop\Kampf gegen den Virus Geladene Profile: ***** (Verfügbare Profile: *****) Platform: Windows 10 Home Version 1511 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Pulse Secure, LLC) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Pulse Secure, LLC) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Flux Software LLC) C:\Users\*****\AppData\Local\FluxSoftware\Flux\flux.exe (Spotify Ltd) C:\Users\*****\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Pulse Secure, LLC) C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\S Agent\CommonAgent.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_148.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_148.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\Evernote.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe (Spotify Ltd) C:\Users\*****\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) C:\Users\*****\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) C:\Users\*****\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) C:\Users\*****\AppData\Roaming\Spotify\Spotify.exe (Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe ==================== Registry (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242200 2016-11-11] (ELAN Microelectronics Corp.) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040296 2015-08-28] (Realtek Semiconductor) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310640 2013-03-07] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [909744 2017-03-22] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67896 2017-03-16] (Apple Inc.) HKLM-x32\...\Run: [CheckNDISPortF0acA7] => C:\Program Files (x86)\Hostless Modem\o2 Surfstick\CheckNDISPort_df.exe [419072 2013-05-10] () HKLM-x32\...\Run: [CancelAutoPlay_df] => C:\Program Files (x86)\Hostless Modem\o2 Surfstick\CancelAutoPlay_df.exe [446720 2013-05-10] () HKLM-x32\...\Run: [DSL Soforthilfe] => C:\Program Files (x86)\DSL Soforthilfe\DSL_Soforthilfe.exe [20585888 2013-11-21] () HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [63432 2017-03-09] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [210432 2016-07-05] (Geek Software GmbH) HKLM-x32\...\Run: [PulseSecure] => C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe [2826584 2015-07-28] (Pulse Secure, LLC) HKU\S-1-5-21-680370811-642922712-648177064-1005\...\Run: [Amazon Music] => C:\Users\*****\AppData\Local\Amazon Music\Amazon Music Helper.exe [3464680 2016-11-16] () HKU\S-1-5-21-680370811-642922712-648177064-1005\...\Run: [Dropbox Update] => C:\Users\*****\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.) HKU\S-1-5-21-680370811-642922712-648177064-1005\...\Run: [Google Update] => C:\Users\*****\AppData\Local\Google\Update\1.3.33.3\GoogleUpdateCore.exe [599632 2017-04-12] (Google Inc.) HKU\S-1-5-21-680370811-642922712-648177064-1005\...\Run: [f.lux] => C:\Users\*****\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC) HKU\S-1-5-21-680370811-642922712-648177064-1005\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29494400 2016-07-13] (Skype Technologies S.A.) HKU\S-1-5-21-680370811-642922712-648177064-1005\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-19] (Valve Corporation) HKU\S-1-5-21-680370811-642922712-648177064-1005\...\Run: [Spotify Web Helper] => C:\Users\*****\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-04-03] (Spotify Ltd) HKU\S-1-5-21-680370811-642922712-648177064-1005\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd) HKU\S-1-5-21-680370811-642922712-648177064-1005\...\MountPoints2: {5ee60eeb-ec88-11e5-bf55-b4b676c88fd8} - "D:\AutoRun.exe" ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll [2017-04-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll [2017-04-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll [2017-04-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll [2017-04-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll [2017-04-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll [2017-04-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll [2017-04-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll [2017-04-06] (Dropbox, Inc.) Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2014-11-09] ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{739bafad-f725-464b-b239-cfcc34ab7a50}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{b47d9a86-7cdb-48fe-955f-fae754c6dd05}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-680370811-642922712-648177064-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung13.msn.com HKU\S-1-5-21-680370811-642922712-648177064-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-19] (Oracle Corporation) BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2017-03-20] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-19] (Oracle Corporation) DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab FireFox: ======== FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zy2zji0a.default [2017-04-12] FF Homepage: Mozilla\Firefox\Profiles\zy2zji0a.default -> hxxps://www.maschinenring.de/wetter.html#/mrWetter=ewogICJsb2NhdGlvbiI6ICI1MDY3NCBLw7ZsbiAoREUpIgp9/ FF Session Restore: Mozilla\Firefox\Profiles\zy2zji0a.default -> ist aktiviert. FF Extension: (OneTab) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zy2zji0a.default\Extensions\extension@one-tab.com.xpi [2017-01-24] FF Extension: (ZenMate Security, Privacy & Unblock VPN) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zy2zji0a.default\Extensions\firefox@zenmate.com.xpi [2016-09-29] FF Extension: (HTTPS Everywhere) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zy2zji0a.default\Extensions\https-everywhere-eff@eff.org.xpi [2017-04-07] FF Extension: (Pocket) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zy2zji0a.default\Extensions\isreaditlater@ideashower.com [2015-06-02] FF Extension: (Privacy Badger) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zy2zji0a.default\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2017-03-29] FF Extension: (Google Analytics Opt-out Add-on (by Google)) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zy2zji0a.default\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2017-03-31] FF Extension: (WOT) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zy2zji0a.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-11] FF Extension: (Video DownloadHelper) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zy2zji0a.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-12-31] FF Extension: (SoundCloud Downloader - Technowise) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zy2zji0a.default\Extensions\{c8d3bc80-0810-4d21-a2c2-be5f2b2832ac}.xpi [2016-06-23] FF Extension: (Adblock Plus) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zy2zji0a.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24] FF Extension: (DownThemAll!) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zy2zji0a.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-11-04] FF Extension: (Disable Prefetch) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zy2zji0a.default\features\{15417ee8-7328-4a2d-9322-3acee87b9d52}\disable-prefetch@mozilla.org.xpi [2017-04-04] FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zy2zji0a.default\searchplugins\dudende-suche.xml [2014-09-22] FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zy2zji0a.default\searchplugins\youtube.xml [2014-10-25] FF Extension: (Site Deployment Checker) - C:\Program Files (x86)\Mozilla Firefox\browser\features\deployment-checker@mozilla.org.xpi [2017-03-29] [ist nicht signiert] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-11] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-11] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-19] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-19] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-680370811-642922712-648177064-1005: @tools.google.com/Google Update;version=3 -> C:\Users\*****\AppData\Local\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-12] (Google Inc.) FF Plugin HKU\S-1-5-21-680370811-642922712-648177064-1005: @tools.google.com/Google Update;version=9 -> C:\Users\*****\AppData\Local\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-12] (Google Inc.) FF Plugin HKU\S-1-5-21-680370811-642922712-648177064-1005: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\*****\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-28] (Unity Technologies ApS) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default [2017-04-12] CHR Extension: (Google Slides) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-13] CHR Extension: (Google Docs) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-13] CHR Extension: (Google Drive) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-14] CHR Extension: (YouTube) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-22] CHR Extension: (Google Cast) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-03-29] CHR Extension: (Adblock Plus) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-29] CHR Extension: (Google Search) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-14] CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2017-03-18] CHR Extension: (Google Sheets) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-13] CHR Extension: (Avira Browser Safety) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-09-29] CHR Extension: (Google Docs Offline) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-29] CHR Extension: (FirstDraftNewsCheck) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\japockpeaaanknlkhagilkgcledilbfk [2017-02-21] CHR Extension: (RevEye Reverse Image Search) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\keaaclcjhehbbapnphnmpiklalfhelgf [2016-04-21] CHR Extension: (Chrome Web Store Payments) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-11] CHR Extension: (Gmail) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-13] CHR Extension: (Chrome Media Router) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-10] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [1115552 2017-03-22] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [487432 2017-03-22] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [487432 2017-03-22] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1519136 2017-03-22] (Avira Operations GmbH & Co. KG) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-17] (Apple Inc.) R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [349560 2017-03-09] (Avira Operations GmbH & Co. KG) R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593664 2015-06-19] (Samsung Electronics CO., LTD.) R2 ETDService; C:\Program Files\Elantech\ETDService.exe [129752 2016-11-11] (ELAN Microelectronics Corp.) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation) R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [330136 2015-11-08] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation) R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-07-06] (Intel Corporation) R2 JuniperAccessService; C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe [162136 2015-07-28] (Pulse Secure, LLC) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1136608 2016-03-10] (Malwarebytes) S2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3289448 2016-05-11] (Samsung Electronics Co., Ltd.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24856 2017-03-04] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ====================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [36096 2013-05-21] (Advanced Micro Devices, Inc.) R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [161824 2017-03-03] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [163976 2017-03-03] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2017-03-03] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2017-03-03] (Avira Operations GmbH & Co. KG) R3 ETDSMBus; C:\WINDOWS\system32\DRIVERS\ETDSMBus.sys [41024 2015-09-23] (ELAN Microelectronic Corp.) R1 jnprns; C:\WINDOWS\system32\DRIVERS\jnprns.sys [507192 2015-07-28] (Juniper Networks) S4 jnprTdi_814_60331; C:\WINDOWS\system32\Drivers\jnprTdi_814_60331.sys [108344 2015-07-28] (Pulse Secure, LLC) S3 jnprva; C:\WINDOWS\System32\drivers\jnprva.sys [30072 2015-07-28] (Juniper Networks, Inc.) R3 JnprVaMgr; C:\WINDOWS\System32\drivers\jnprvamgr.sys [45352 2015-07-28] (Juniper Networks, Inc.) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2017-04-12] (Malwarebytes) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation) R3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew01.sys [3343872 2015-10-30] (Intel Corporation) S3 NvnUsbAudio; C:\WINDOWS\system32\DRIVERS\nvnusbaudio.sys [53552 2013-04-30] (Novation DMS Ltd.) R0 PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation) S3 qcusbser; C:\WINDOWS\system32\DRIVERS\qcusbser.sys [252448 2015-09-25] (QUALCOMM Incorporated) R3 RadioHIDMini; C:\WINDOWS\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2015-06-23] (Realtek ) R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [435200 2016-09-03] (Realsil Semiconductor Corporation) R3 SensorsAlsDriver; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [216064 2015-10-30] (Microsoft Corporation) S3 taphss6; C:\WINDOWS\system32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.) R3 usb3Hub; C:\WINDOWS\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) R3 XHCIPort; C:\WINDOWS\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider) ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2017-04-11 12:10 - 2017-04-11 12:10 - 59110966 _____ C:\Users\*****\Downloads\Denk ich an Deutschland in der Nacht (Trailer).mp4 2017-04-10 18:55 - 2017-04-10 18:56 - 00000000 ____D C:\WINDOWS\Panther 2017-04-09 00:12 - 2017-03-04 09:39 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll 2017-04-09 00:12 - 2017-03-04 09:39 - 00602256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll 2017-04-09 00:12 - 2017-03-04 09:29 - 00535088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll 2017-04-09 00:12 - 2017-03-04 09:12 - 00987488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll 2017-04-09 00:12 - 2017-03-04 08:43 - 00306832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll 2017-04-09 00:12 - 2017-03-04 08:41 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2017-04-09 00:12 - 2017-03-04 08:41 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll 2017-04-09 00:12 - 2017-03-04 08:41 - 00980352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll 2017-04-09 00:12 - 2017-03-04 08:41 - 00895080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll 2017-04-09 00:12 - 2017-03-04 08:41 - 00701384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll 2017-04-09 00:12 - 2017-03-04 08:40 - 01349640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll 2017-04-09 00:12 - 2017-03-04 08:40 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll 2017-04-09 00:12 - 2017-03-04 08:40 - 00713824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll 2017-04-09 00:12 - 2017-03-04 08:34 - 01824272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll 2017-04-09 00:12 - 2017-03-04 08:33 - 02942536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2017-04-09 00:12 - 2017-03-04 08:33 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 2017-04-09 00:12 - 2017-03-04 08:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2017-04-09 00:12 - 2017-03-04 08:29 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2017-04-09 00:12 - 2017-03-04 08:29 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2017-04-09 00:12 - 2017-03-04 08:29 - 04075184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2017-04-09 00:12 - 2017-03-04 08:29 - 00836752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll 2017-04-09 00:12 - 2017-03-04 08:29 - 00569752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll 2017-04-09 00:12 - 2017-03-04 08:25 - 00268040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll 2017-04-09 00:12 - 2017-03-04 07:58 - 02186864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll 2017-04-09 00:12 - 2017-03-04 07:27 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll 2017-04-09 00:12 - 2017-03-04 07:19 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll 2017-04-09 00:12 - 2017-03-04 07:16 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll 2017-04-09 00:12 - 2017-03-04 07:16 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll 2017-04-09 00:12 - 2017-03-04 07:06 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll 2017-04-09 00:12 - 2017-03-04 07:06 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll 2017-04-09 00:12 - 2017-03-04 07:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll 2017-04-09 00:12 - 2017-03-04 07:03 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll 2017-04-09 00:12 - 2017-03-04 06:57 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp 2017-04-09 00:12 - 2017-03-04 06:56 - 00205312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oemlicense.dll 2017-04-09 00:12 - 2017-03-04 06:51 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll 2017-04-09 00:12 - 2017-03-04 06:47 - 00260096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll 2017-04-09 00:12 - 2017-03-04 06:45 - 00395776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll 2017-04-09 00:12 - 2017-03-04 06:45 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe 2017-04-09 00:12 - 2017-03-04 06:45 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll 2017-04-09 00:12 - 2017-03-04 06:42 - 00541184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe 2017-04-09 00:12 - 2017-03-04 06:42 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll 2017-04-09 00:12 - 2017-03-04 06:37 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll 2017-04-09 00:12 - 2017-03-04 06:36 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2017-04-09 00:12 - 2017-03-04 06:33 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll 2017-04-09 00:12 - 2017-03-04 06:33 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll 2017-04-09 00:12 - 2017-03-04 06:33 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mbsmsapi.dll 2017-04-09 00:12 - 2017-03-04 06:33 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll 2017-04-09 00:12 - 2017-03-04 06:33 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Geolocation.dll 2017-04-09 00:12 - 2017-03-04 06:32 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll 2017-04-09 00:12 - 2017-03-04 06:32 - 00153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSSync.dll 2017-04-09 00:12 - 2017-03-04 06:31 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll 2017-04-09 00:12 - 2017-03-04 06:31 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll 2017-04-09 00:12 - 2017-03-04 06:30 - 00501760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2017-04-09 00:12 - 2017-03-04 06:29 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll 2017-04-09 00:12 - 2017-03-04 06:29 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll 2017-04-09 00:12 - 2017-03-04 06:28 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll 2017-04-09 00:12 - 2017-03-04 06:27 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll 2017-04-09 00:12 - 2017-03-04 06:26 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll 2017-04-09 00:12 - 2017-03-04 06:25 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll 2017-04-09 00:12 - 2017-03-04 06:25 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2017-04-09 00:12 - 2017-03-04 06:24 - 02578432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll 2017-04-09 00:12 - 2017-03-04 06:24 - 00885248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2017-04-09 00:12 - 2017-03-04 06:24 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll 2017-04-09 00:12 - 2017-03-04 06:23 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll 2017-04-09 00:12 - 2017-03-04 06:22 - 03695104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll 2017-04-09 00:12 - 2017-03-04 06:22 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll 2017-04-09 00:12 - 2017-03-04 06:21 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll 2017-04-09 00:12 - 2017-03-04 06:21 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licensingdiag.exe 2017-04-09 00:12 - 2017-03-04 06:19 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll 2017-04-09 00:12 - 2017-03-04 06:18 - 00778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll 2017-04-09 00:12 - 2017-03-04 06:14 - 00581632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll 2017-04-09 00:12 - 2017-03-04 06:08 - 01185280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationFramework.dll 2017-04-09 00:12 - 2017-03-04 06:07 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll 2017-04-09 00:12 - 2017-03-04 06:07 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll 2017-04-09 00:12 - 2017-03-04 06:07 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll 2017-04-09 00:12 - 2017-03-04 06:00 - 01501184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2017-04-09 00:12 - 2017-03-04 05:59 - 01626112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2017-04-09 00:12 - 2017-03-04 05:57 - 02878976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2017-04-09 00:12 - 2017-03-04 05:57 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll 2017-04-09 00:12 - 2017-03-04 05:55 - 01860096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll 2017-04-09 00:12 - 2017-03-04 05:54 - 06296064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll 2017-04-09 00:12 - 2017-03-04 05:54 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll 2017-04-09 00:12 - 2017-03-04 05:52 - 02000896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll 2017-04-09 00:12 - 2017-03-04 05:52 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll 2017-04-09 00:12 - 2017-03-04 05:51 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2017-04-09 00:12 - 2017-03-04 05:51 - 09921024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2017-04-09 00:12 - 2017-03-04 05:44 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll 2017-04-09 00:12 - 2017-03-04 05:41 - 04404736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll 2017-04-09 00:12 - 2017-03-04 05:38 - 02519552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll 2017-04-09 00:12 - 2017-03-04 05:36 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll 2017-04-09 00:12 - 2017-03-04 05:35 - 05326336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2017-04-09 00:12 - 2017-03-04 05:35 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll 2017-04-09 00:12 - 2017-03-04 05:33 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll 2017-04-09 00:12 - 2017-03-04 05:31 - 02155008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2017-04-09 00:12 - 2017-03-04 05:31 - 02062336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2017-04-09 00:12 - 2017-03-04 05:31 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll 2017-04-09 00:12 - 2017-03-04 05:30 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll 2017-04-09 00:12 - 2017-03-04 05:29 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll 2017-04-09 00:12 - 2017-03-04 05:03 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll 2017-04-09 00:11 - 2017-03-04 10:01 - 00994760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll 2017-04-09 00:11 - 2017-03-04 09:54 - 00989528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2017-04-09 00:11 - 2017-03-04 09:27 - 00922432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll 2017-04-09 00:11 - 2017-03-04 09:18 - 01554152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll 2017-04-09 00:11 - 2017-03-04 09:18 - 01552104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll 2017-04-09 00:11 - 2017-03-04 09:12 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2017-04-09 00:11 - 2017-03-04 09:07 - 01040792 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll 2017-04-09 00:11 - 2017-03-04 09:06 - 06536248 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe 2017-04-09 00:11 - 2017-03-04 08:00 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll 2017-04-09 00:11 - 2017-03-04 07:59 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll 2017-04-09 00:11 - 2017-03-04 07:57 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll 2017-04-09 00:11 - 2017-03-04 07:55 - 01370224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll 2017-04-09 00:11 - 2017-03-04 07:41 - 02448752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll 2017-04-09 00:11 - 2017-03-04 07:41 - 00882208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll 2017-04-09 00:11 - 2017-03-04 07:40 - 00473616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll 2017-04-09 00:11 - 2017-03-04 07:40 - 00467440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll 2017-04-09 00:11 - 2017-03-04 07:37 - 00351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll 2017-04-09 00:11 - 2017-03-04 07:35 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2017-04-09 00:11 - 2017-03-04 07:19 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll 2017-04-09 00:11 - 2017-03-04 07:15 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stdole2.tlb 2017-04-09 00:11 - 2017-03-04 07:11 - 00556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll 2017-04-09 00:11 - 2017-03-04 07:10 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys 2017-04-09 00:11 - 2017-03-04 07:06 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll 2017-04-09 00:11 - 2017-03-04 07:06 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallButtons.dll 2017-04-09 00:11 - 2017-03-04 07:04 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll 2017-04-09 00:11 - 2017-03-04 07:00 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sscore.dll 2017-04-09 00:11 - 2017-03-04 06:57 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe 2017-04-09 00:11 - 2017-03-04 06:57 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2017-04-09 00:11 - 2017-03-04 06:57 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\feclient.dll 2017-04-09 00:11 - 2017-03-04 06:55 - 00302080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe 2017-04-09 00:11 - 2017-03-04 06:55 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys 2017-04-09 00:11 - 2017-03-04 06:53 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll 2017-04-09 00:11 - 2017-03-04 06:49 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\icm32.dll 2017-04-09 00:11 - 2017-03-04 06:49 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll 2017-04-09 00:11 - 2017-03-04 06:48 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apds.dll 2017-04-09 00:11 - 2017-03-04 06:46 - 00113664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupugc.exe 2017-04-09 00:11 - 2017-03-04 06:41 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll 2017-04-09 00:11 - 2017-03-04 06:26 - 01497088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe 2017-04-09 00:11 - 2017-03-04 06:26 - 01467904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2017-04-09 00:11 - 2017-03-04 06:24 - 00760320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe 2017-04-09 00:11 - 2017-03-04 06:23 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2017-04-09 00:11 - 2017-03-04 06:15 - 01986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll 2017-04-09 00:11 - 2017-03-04 06:13 - 00246784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qwave.dll 2017-04-09 00:11 - 2017-03-04 06:05 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Proximity.dll 2017-04-09 00:11 - 2017-03-04 06:03 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rshx32.dll 2017-04-09 00:11 - 2017-03-04 06:01 - 00724480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanpref.dll 2017-04-09 00:11 - 2017-03-04 05:58 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL 2017-04-09 00:11 - 2017-03-04 05:57 - 04412928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll 2017-04-09 00:11 - 2017-03-04 05:31 - 02911744 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll 2017-04-09 00:11 - 2017-03-04 05:20 - 00381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe 2017-04-09 00:11 - 2017-03-04 05:19 - 01487872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll 2017-04-09 00:10 - 2017-03-04 10:13 - 01997832 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2017-04-09 00:10 - 2017-03-04 10:13 - 00800080 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2017-04-09 00:10 - 2017-03-04 09:56 - 01637216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll 2017-04-09 00:10 - 2017-03-04 09:49 - 03449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll 2017-04-09 00:10 - 2017-03-04 09:48 - 01297760 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll 2017-04-09 00:10 - 2017-03-04 09:19 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll 2017-04-09 00:10 - 2017-03-04 09:19 - 00586208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll 2017-04-09 00:10 - 2017-03-04 09:19 - 00498952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll 2017-04-09 00:10 - 2017-03-04 09:18 - 02544264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2017-04-09 00:10 - 2017-03-04 09:18 - 01152328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll 2017-04-09 00:10 - 2017-03-04 09:18 - 01092464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll 2017-04-09 00:10 - 2017-03-04 09:18 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll 2017-04-09 00:10 - 2017-03-04 09:18 - 01017032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll 2017-04-09 00:10 - 2017-03-04 09:18 - 00858952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll 2017-04-09 00:10 - 2017-03-04 09:18 - 00819648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll 2017-04-09 00:10 - 2017-03-04 09:12 - 03695152 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2017-04-09 00:10 - 2017-03-04 09:08 - 22560744 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2017-04-09 00:10 - 2017-03-04 09:08 - 06605544 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2017-04-09 00:10 - 2017-03-04 08:29 - 00216416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2017-04-09 00:10 - 2017-03-04 08:27 - 00431456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys 2017-04-09 00:10 - 2017-03-04 08:24 - 00420704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys 2017-04-09 00:10 - 2017-03-04 08:17 - 00315232 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll 2017-04-09 00:10 - 2017-03-04 08:17 - 00038240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 2017-04-09 00:10 - 2017-03-04 08:16 - 00388896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll 2017-04-09 00:10 - 2017-03-04 08:09 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll 2017-04-09 00:10 - 2017-03-04 08:09 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2017-04-09 00:10 - 2017-03-04 08:03 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll 2017-04-09 00:10 - 2017-03-04 08:01 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll 2017-04-09 00:10 - 2017-03-04 07:59 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll 2017-04-09 00:10 - 2017-03-04 07:59 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\stdole2.tlb 2017-04-09 00:10 - 2017-03-04 07:58 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll 2017-04-09 00:10 - 2017-03-04 07:57 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpreference.exe 2017-04-09 00:10 - 2017-03-04 07:52 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll 2017-04-09 00:10 - 2017-03-04 07:49 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll 2017-04-09 00:10 - 2017-03-04 07:49 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll 2017-04-09 00:10 - 2017-03-04 07:47 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll 2017-04-09 00:10 - 2017-03-04 07:44 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll 2017-04-09 00:10 - 2017-03-04 07:41 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll 2017-04-09 00:10 - 2017-03-04 07:39 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp 2017-04-09 00:10 - 2017-03-04 07:34 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll 2017-04-09 00:10 - 2017-03-04 07:33 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\LegacyNetUXHost.exe 2017-04-09 00:10 - 2017-03-04 07:31 - 00185856 _____ C:\WINDOWS\system32\ism32k.dll 2017-04-09 00:10 - 2017-03-04 07:29 - 00248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\icm32.dll 2017-04-09 00:10 - 2017-03-04 07:29 - 00216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll 2017-04-09 00:10 - 2017-03-04 07:29 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2017-04-09 00:10 - 2017-03-04 07:27 - 00531968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys 2017-04-09 00:10 - 2017-03-04 07:27 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll 2017-04-09 00:10 - 2017-03-04 07:26 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll 2017-04-09 00:10 - 2017-03-04 07:25 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll 2017-04-09 00:10 - 2017-03-04 07:25 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll 2017-04-09 00:10 - 2017-03-04 07:25 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll 2017-04-09 00:10 - 2017-03-04 07:23 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll 2017-04-09 00:10 - 2017-03-04 07:23 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll 2017-04-09 00:10 - 2017-03-04 07:22 - 00450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll 2017-04-09 00:10 - 2017-03-04 07:20 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll 2017-04-09 00:10 - 2017-03-04 07:19 - 00510464 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll 2017-04-09 00:10 - 2017-03-04 07:19 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll 2017-04-09 00:10 - 2017-03-04 07:19 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll 2017-04-09 00:10 - 2017-03-04 07:17 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll 2017-04-09 00:10 - 2017-03-04 07:17 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll 2017-04-09 00:10 - 2017-03-04 07:16 - 00619520 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll 2017-04-09 00:10 - 2017-03-04 07:16 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.OneCore.dll 2017-04-09 00:10 - 2017-03-04 07:15 - 00695296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys 2017-04-09 00:10 - 2017-03-04 07:13 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2017-04-09 00:10 - 2017-03-04 07:11 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll 2017-04-09 00:10 - 2017-03-04 07:09 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll 2017-04-09 00:10 - 2017-03-04 07:09 - 00351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll 2017-04-09 00:10 - 2017-03-04 07:08 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll 2017-04-09 00:10 - 2017-03-04 07:08 - 00941568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll 2017-04-09 00:10 - 2017-03-04 07:08 - 00852992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll 2017-04-09 00:10 - 2017-03-04 07:08 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmIndexer.dll 2017-04-09 00:10 - 2017-03-04 07:08 - 00674304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mbsmsapi.dll 2017-04-09 00:10 - 2017-03-04 07:08 - 00472064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll 2017-04-09 00:10 - 2017-03-04 07:08 - 00183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSSync.dll 2017-04-09 00:10 - 2017-03-04 07:05 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2017-04-09 00:10 - 2017-03-04 07:05 - 00538112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Desktop.dll 2017-04-09 00:10 - 2017-03-04 07:04 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll 2017-04-09 00:10 - 2017-03-04 07:03 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2017-04-09 00:10 - 2017-03-04 07:03 - 01001472 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll 2017-04-09 00:10 - 2017-03-04 07:03 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll 2017-04-09 00:10 - 2017-03-04 07:03 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll 2017-04-09 00:10 - 2017-03-04 07:02 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll 2017-04-09 00:10 - 2017-03-04 07:02 - 00817152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.Search.dll 2017-04-09 00:10 - 2017-03-04 07:00 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll 2017-04-09 00:10 - 2017-03-04 07:00 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll 2017-04-09 00:10 - 2017-03-04 07:00 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll 2017-04-09 00:10 - 2017-03-04 07:00 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll 2017-04-09 00:10 - 2017-03-04 06:59 - 01847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe 2017-04-09 00:10 - 2017-03-04 06:59 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2017-04-09 00:10 - 2017-03-04 06:58 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2017-04-09 00:10 - 2017-03-04 06:58 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingMonitor.dll 2017-04-09 00:10 - 2017-03-04 06:56 - 00961536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll 2017-04-09 00:10 - 2017-03-04 06:55 - 01319424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll 2017-04-09 00:10 - 2017-03-04 06:54 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll 2017-04-09 00:10 - 2017-03-04 06:54 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys 2017-04-09 00:10 - 2017-03-04 06:53 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll 2017-04-09 00:10 - 2017-03-04 06:49 - 00175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll 2017-04-09 00:10 - 2017-03-04 06:49 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2017-04-09 00:10 - 2017-03-04 06:48 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll 2017-04-09 00:10 - 2017-03-04 06:41 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\qwave.dll 2017-04-09 00:10 - 2017-03-04 06:35 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll 2017-04-09 00:10 - 2017-03-04 06:33 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll 2017-04-09 00:10 - 2017-03-04 06:32 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll 2017-04-09 00:10 - 2017-03-04 06:31 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll 2017-04-09 00:10 - 2017-03-04 06:30 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2017-04-09 00:10 - 2017-03-04 06:29 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2017-04-09 00:10 - 2017-03-04 06:25 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2017-04-09 00:10 - 2017-03-04 06:25 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanpref.dll 2017-04-09 00:10 - 2017-03-04 06:24 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2017-04-09 00:10 - 2017-03-04 06:24 - 01729024 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2017-04-09 00:10 - 2017-03-04 06:24 - 01097728 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll 2017-04-09 00:10 - 2017-03-04 06:24 - 00931328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL 2017-04-09 00:10 - 2017-03-04 06:19 - 03404800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2017-04-09 00:10 - 2017-03-04 06:18 - 07977984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll 2017-04-09 00:10 - 2017-03-04 06:13 - 02843136 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll 2017-04-09 00:10 - 2017-03-04 06:11 - 02444800 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll 2017-04-09 00:10 - 2017-03-04 06:04 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll 2017-04-09 00:10 - 2017-03-04 06:00 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll 2017-04-09 00:10 - 2017-03-04 05:59 - 00882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll 2017-04-09 00:10 - 2017-03-04 05:52 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL 2017-04-09 00:10 - 2017-03-04 05:50 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2017-04-09 00:10 - 2017-03-04 05:48 - 04895744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2017-04-09 00:10 - 2017-03-04 05:43 - 22375424 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2017-04-09 00:10 - 2017-03-04 05:39 - 18672128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2017-04-09 00:10 - 2017-03-04 05:37 - 03664384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2017-04-09 00:10 - 2017-03-04 05:36 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2017-04-09 00:10 - 2017-03-04 05:36 - 12134912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2017-04-09 00:10 - 2017-03-04 05:36 - 03428352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2017-04-09 00:10 - 2017-03-04 05:36 - 01385472 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll 2017-04-09 00:10 - 2017-03-04 05:34 - 06312448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll 2017-04-09 00:10 - 2017-03-04 05:34 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2017-04-09 00:10 - 2017-03-04 05:31 - 13392384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2017-04-09 00:10 - 2017-03-04 05:28 - 14258688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll 2017-04-09 00:10 - 2017-03-04 05:26 - 12590080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll 2017-04-09 00:10 - 2017-03-04 05:21 - 05671424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2017-04-09 00:10 - 2017-03-04 05:19 - 07855616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2017-04-09 00:10 - 2017-01-24 04:22 - 00447095 _____ C:\WINDOWS\system32\ApnDatabase.xml 2017-04-09 00:09 - 2017-03-04 10:15 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2017-04-09 00:09 - 2017-03-04 10:15 - 00875480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2017-04-09 00:09 - 2017-03-04 10:13 - 07467872 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2017-04-09 00:09 - 2017-03-04 10:13 - 01098648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll 2017-04-09 00:09 - 2017-03-04 10:12 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll 2017-04-09 00:09 - 2017-03-04 10:10 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll 2017-04-09 00:09 - 2017-03-04 10:09 - 00610632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2017-04-09 00:09 - 2017-03-04 10:04 - 00687496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll 2017-04-09 00:09 - 2017-03-04 09:55 - 01038176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll 2017-04-09 00:09 - 2017-03-04 09:20 - 00118112 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll 2017-04-09 00:09 - 2017-03-04 09:12 - 02607336 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll 2017-04-09 00:09 - 2017-03-04 09:09 - 00730352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll 2017-04-09 00:09 - 2017-03-04 09:09 - 00230752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll 2017-04-09 00:09 - 2017-03-04 09:08 - 04516800 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2017-04-09 00:09 - 2017-03-04 09:08 - 00725776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll 2017-04-09 00:09 - 2017-03-04 09:08 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2017-04-09 00:09 - 2017-03-04 09:07 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2017-04-09 00:09 - 2017-03-04 09:06 - 00742192 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll 2017-04-09 00:09 - 2017-03-04 09:06 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll 2017-04-09 00:09 - 2017-03-04 09:04 - 01128104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe 2017-04-09 00:09 - 2017-03-04 09:04 - 00625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll 2017-04-09 00:09 - 2017-03-04 09:03 - 00341944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll 2017-04-09 00:09 - 2017-03-04 08:32 - 02773096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll 2017-04-09 00:09 - 2017-03-04 08:32 - 01987424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2017-04-09 00:09 - 2017-03-04 08:31 - 01594416 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll 2017-04-09 00:09 - 2017-03-04 08:17 - 01617760 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2017-04-09 00:09 - 2017-03-04 08:17 - 01294688 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2017-04-09 00:09 - 2017-03-04 08:17 - 00655200 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2017-04-09 00:09 - 2017-03-04 08:17 - 00565088 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2017-04-09 00:09 - 2017-03-04 08:17 - 00343904 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2017-04-09 00:09 - 2017-03-04 08:17 - 00242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2017-04-09 00:09 - 2017-03-04 08:17 - 00142176 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2017-04-09 00:09 - 2017-03-04 08:17 - 00086368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2017-04-09 00:09 - 2017-03-04 08:16 - 02831488 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll 2017-04-09 00:09 - 2017-03-04 08:16 - 01062992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll 2017-04-09 00:09 - 2017-03-04 08:15 - 00549088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll 2017-04-09 00:09 - 2017-03-04 08:15 - 00521192 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll 2017-04-09 00:09 - 2017-03-04 07:50 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll 2017-04-09 00:09 - 2017-03-04 07:49 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\NcdAutoSetup.dll 2017-04-09 00:09 - 2017-03-04 07:48 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scfilter.sys 2017-04-09 00:09 - 2017-03-04 07:45 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll 2017-04-09 00:09 - 2017-03-04 07:42 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll 2017-04-09 00:09 - 2017-03-04 07:40 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll 2017-04-09 00:09 - 2017-03-04 07:39 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabbtnEx.dll 2017-04-09 00:09 - 2017-03-04 07:38 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\oemlicense.dll 2017-04-09 00:09 - 2017-03-04 07:38 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\feclient.dll 2017-04-09 00:09 - 2017-03-04 07:36 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe 2017-04-09 00:09 - 2017-03-04 07:31 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll 2017-04-09 00:09 - 2017-03-04 07:29 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll 2017-04-09 00:09 - 2017-03-04 07:28 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\apds.dll 2017-04-09 00:09 - 2017-03-04 07:28 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll 2017-04-09 00:09 - 2017-03-04 07:28 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll 2017-04-09 00:09 - 2017-03-04 07:26 - 00642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2017-04-09 00:09 - 2017-03-04 07:26 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll 2017-04-09 00:09 - 2017-03-04 07:26 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe 2017-04-09 00:09 - 2017-03-04 07:25 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinFax.dll 2017-04-09 00:09 - 2017-03-04 07:24 - 00431104 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe 2017-04-09 00:09 - 2017-03-04 07:24 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll 2017-04-09 00:09 - 2017-03-04 07:22 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\APHostService.dll 2017-04-09 00:09 - 2017-03-04 07:21 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll 2017-04-09 00:09 - 2017-03-04 07:21 - 00370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack_win.dll 2017-04-09 00:09 - 2017-03-04 07:20 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe 2017-04-09 00:09 - 2017-03-04 07:16 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll 2017-04-09 00:09 - 2017-03-04 07:15 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll 2017-04-09 00:09 - 2017-03-04 07:14 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll 2017-04-09 00:09 - 2017-03-04 07:13 - 00602112 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll 2017-04-09 00:09 - 2017-03-04 07:11 - 00492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll 2017-04-09 00:09 - 2017-03-04 07:10 - 00509440 _____ (Microsoft Corporation) C:\WINDOWS\system32\energy.dll 2017-04-09 00:09 - 2017-03-04 07:09 - 00791552 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll 2017-04-09 00:09 - 2017-03-04 07:08 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll 2017-04-09 00:09 - 2017-03-04 07:07 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll 2017-04-09 00:09 - 2017-03-04 07:07 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll 2017-04-09 00:09 - 2017-03-04 07:07 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll 2017-04-09 00:09 - 2017-03-04 07:07 - 00480768 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll 2017-04-09 00:09 - 2017-03-04 07:06 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll 2017-04-09 00:09 - 2017-03-04 07:05 - 00602624 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2017-04-09 00:09 - 2017-03-04 07:05 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll 2017-04-09 00:09 - 2017-03-04 07:03 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl 2017-04-09 00:09 - 2017-03-04 07:02 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2017-04-09 00:09 - 2017-03-04 07:02 - 01159168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplicationFrame.dll 2017-04-09 00:09 - 2017-03-04 07:02 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2017-04-09 00:09 - 2017-03-04 07:02 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll 2017-04-09 00:09 - 2017-03-04 07:02 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll 2017-04-09 00:09 - 2017-03-04 07:02 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2017-04-09 00:09 - 2017-03-04 06:59 - 01900544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll 2017-04-09 00:09 - 2017-03-04 06:58 - 01717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2017-04-09 00:09 - 2017-03-04 06:58 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll 2017-04-09 00:09 - 2017-03-04 06:57 - 02731008 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll 2017-04-09 00:09 - 2017-03-04 06:57 - 01040896 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2017-04-09 00:09 - 2017-03-04 06:56 - 01648128 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll 2017-04-09 00:09 - 2017-03-04 06:55 - 01661952 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll 2017-04-09 00:09 - 2017-03-04 06:53 - 04456448 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll 2017-04-09 00:09 - 2017-03-04 06:53 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll 2017-04-09 00:09 - 2017-03-04 06:52 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\licensingdiag.exe 2017-04-09 00:09 - 2017-03-04 06:50 - 02054144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll 2017-04-09 00:09 - 2017-03-04 06:47 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll 2017-04-09 00:09 - 2017-03-04 06:47 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll 2017-04-09 00:09 - 2017-03-04 06:46 - 00283136 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll 2017-04-09 00:09 - 2017-03-04 06:46 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinFax.dll 2017-04-09 00:09 - 2017-03-04 06:42 - 02436096 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll 2017-04-09 00:09 - 2017-03-04 06:41 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll 2017-04-09 00:09 - 2017-03-04 06:39 - 01297408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorDataService.exe 2017-04-09 00:09 - 2017-03-04 06:35 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2017-04-09 00:09 - 2017-03-04 06:34 - 02610176 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll 2017-04-09 00:09 - 2017-03-04 06:31 - 01755648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll 2017-04-09 00:09 - 2017-03-04 06:31 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll 2017-04-09 00:09 - 2017-03-04 06:30 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Proximity.dll 2017-04-09 00:09 - 2017-03-04 06:27 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll 2017-04-09 00:09 - 2017-03-04 06:27 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll 2017-04-09 00:09 - 2017-03-04 06:27 - 00126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rshx32.dll 2017-04-09 00:09 - 2017-03-04 06:24 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2017-04-09 00:09 - 2017-03-04 06:22 - 00995328 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe 2017-04-09 00:09 - 2017-03-04 06:20 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2017-04-09 00:09 - 2017-03-04 06:19 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll 2017-04-09 00:09 - 2017-03-04 06:18 - 04826624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll 2017-04-09 00:09 - 2017-03-04 06:12 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2017-04-09 00:09 - 2017-03-04 06:10 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll 2017-04-09 00:09 - 2017-03-04 06:08 - 03585536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll 2017-04-09 00:09 - 2017-03-04 06:08 - 00984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll 2017-04-09 00:09 - 2017-03-04 06:08 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabSvc.dll 2017-04-09 00:09 - 2017-03-04 06:03 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll 2017-04-09 00:09 - 2017-03-04 06:03 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Tabbtn.dll 2017-04-09 00:09 - 2017-03-04 05:58 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2017-04-09 00:09 - 2017-03-04 05:56 - 02563584 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll 2017-04-09 00:09 - 2017-03-04 05:55 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll 2017-04-09 00:09 - 2017-03-04 05:52 - 01797120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll 2017-04-09 00:09 - 2017-03-04 05:43 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2017-04-09 00:09 - 2017-03-04 05:42 - 00651776 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserLanguagesCpl.dll 2017-04-09 00:09 - 2017-03-04 05:41 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2017-04-09 00:09 - 2017-03-04 05:35 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2017-04-09 00:09 - 2017-03-04 05:34 - 00636928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll 2017-04-09 00:09 - 2017-03-04 05:33 - 24603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2017-04-09 00:09 - 2017-03-04 05:31 - 06976512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2017-04-09 00:09 - 2017-03-04 05:31 - 03994112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2017-04-09 00:09 - 2017-03-04 05:13 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll 2017-04-08 16:06 - 2017-04-08 16:06 - 00000000 ____D C:\Users\*****\Downloads\Komonovari64 2017-04-08 14:09 - 2017-04-08 14:09 - 00000000 ____D C:\Program Files (x86)\ESET 2017-04-08 14:04 - 2017-04-08 14:04 - 00000556 _____ C:\Users\*****\Desktop\JRT.txt 2017-04-08 13:55 - 2017-04-08 14:01 - 00000000 ____D C:\AdwCleaner 2017-04-08 11:40 - 2017-04-08 11:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2017-04-08 11:40 - 2017-04-08 11:40 - 00000000 ____D C:\Program Files\iTunes 2017-04-08 11:40 - 2017-04-08 11:40 - 00000000 ____D C:\Program Files\iPod 2017-04-08 11:36 - 2017-04-08 11:36 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple 2017-04-08 11:36 - 2017-04-08 11:36 - 00000000 ____D C:\Program Files (x86)\Apple Software Update 2017-04-08 01:22 - 2017-04-08 01:22 - 00000000 ____D C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2017-04-07 18:15 - 2017-04-09 09:33 - 00000000 ____D C:\Users\*****\Desktop\Kampf gegen den Virus 2017-04-07 17:59 - 2017-04-12 22:35 - 00000000 ____D C:\FRST 2017-04-06 20:10 - 2017-04-12 22:15 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-04-06 20:09 - 2017-04-06 20:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2017-04-06 20:09 - 2017-04-06 20:09 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-04-06 20:09 - 2017-04-06 20:09 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2017-04-06 20:09 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2017-04-06 20:09 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2017-04-06 20:09 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2017-04-03 09:07 - 2017-04-03 09:08 - 143465616 _____ C:\Users\*****\Downloads\Palmbomen II - Memories of Cindy Pt. 1.mp4 2017-04-01 13:44 - 2017-04-01 13:44 - 06541981 _____ C:\Users\*****\Downloads\Rebound by ELI ESCOBAR Song Free Music, Listen Now on Myspac.m4a 2017-04-01 13:10 - 2017-04-01 13:11 - 12726560 _____ C:\Users\*****\Downloads\Degrees of Freedom - August is an Angel.mp4 2017-04-01 13:04 - 2017-04-01 13:04 - 24543902 _____ C:\Users\*****\Downloads\August Is An Angel - Degrees of Freedom - Montreal 1985.mp4 2017-03-31 16:45 - 2017-03-31 16:47 - 81146658 _____ C:\Users\*****\Downloads\Woman mp3s.zip 2017-03-31 16:07 - 2017-03-31 16:07 - 03203236 _____ C:\Users\*****\Downloads\Bestaetgungen GVL_032017.pdf 2017-03-29 08:46 - 2017-03-29 08:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote 2017-03-21 18:24 - 2017-04-12 18:16 - 00000000 ____D C:\Users\*****\Desktop\co pop 2017-03-19 22:44 - 2017-03-19 22:44 - 00000279 _____ C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Papierkorb.lnk 2017-03-18 15:01 - 2017-04-08 11:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-03-18 14:52 - 2017-03-18 14:53 - 00000000 ____D C:\Users\*****\Downloads\cool_faac-1.28-2.7 2017-03-16 11:50 - 2017-03-16 11:51 - 00038498 _____ C:\Users\*****\Desktop\Tabs 16.03.17.txt 2017-03-16 10:41 - 2017-03-16 10:41 - 00000000 ____D C:\874bf333a0cc20d98246ae31724cdb72 ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2017-04-12 22:32 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp 2017-04-12 22:21 - 2015-10-28 23:58 - 00001290 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-680370811-642922712-648177064-1005UA.job 2017-04-12 22:10 - 2014-07-07 13:05 - 00000958 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-680370811-642922712-648177064-1002UA.job 2017-04-12 21:47 - 2014-09-23 22:06 - 00000000 ____D C:\Users\*****\AppData\Local\Spotify 2017-04-12 21:47 - 2014-09-23 22:05 - 00000000 ____D C:\Users\*****\AppData\Roaming\Spotify 2017-04-12 21:46 - 2015-11-08 22:32 - 01802588 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-04-12 21:46 - 2015-10-30 20:35 - 00777804 _____ C:\WINDOWS\system32\perfh007.dat 2017-04-12 21:46 - 2015-10-30 20:35 - 00156080 _____ C:\WINDOWS\system32\perfc007.dat 2017-04-12 21:46 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF 2017-04-12 21:44 - 2013-06-04 02:52 - 00000000 ____D C:\ProgramData\WinClon 2017-04-12 21:41 - 2016-11-19 16:56 - 00000000 ____D C:\Users\*****\AppData\LocalLow\Mozilla 2017-04-12 21:40 - 2015-12-05 14:11 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-04-12 21:40 - 2015-11-08 22:34 - 00000000 __SHD C:\Users\*****\IntelGraphicsProfiles 2017-04-12 18:19 - 2015-10-30 08:28 - 03932160 ___SH C:\WINDOWS\system32\config\BBI 2017-04-12 13:10 - 2014-07-07 13:05 - 00000936 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-680370811-642922712-648177064-1002Core.job 2017-04-12 11:15 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-04-12 11:09 - 2015-11-19 22:37 - 00003898 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-680370811-642922712-648177064-1005UA 2017-04-12 11:09 - 2015-11-19 22:37 - 00003630 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-680370811-642922712-648177064-1005Core 2017-04-12 10:54 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps 2017-04-11 19:01 - 2015-05-13 20:20 - 00003628 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2017-04-11 19:01 - 2015-05-13 20:20 - 00003504 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2017-04-11 10:48 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed 2017-04-11 10:48 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\Macromed 2017-04-11 10:48 - 2014-09-22 22:06 - 00004440 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2017-04-11 10:21 - 2015-10-28 23:58 - 00001238 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-680370811-642922712-648177064-1005Core.job 2017-04-10 20:37 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache 2017-04-10 19:09 - 2014-10-15 20:14 - 00000000 ____D C:\Users\*****\AppData\Roaming\Mp3tag 2017-04-09 10:25 - 2017-01-21 22:15 - 00000000 ____D C:\Users\*****\AppData\Roaming\PioneerLog 2017-04-09 10:10 - 2017-01-22 02:25 - 00000000 ____D C:\Users\*****\AppData\Local\CrashDumps 2017-04-09 09:44 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser 2017-04-09 09:32 - 2015-09-10 07:37 - 00000000 __RHD C:\Users\Public\AccountPictures 2017-04-09 09:20 - 2015-12-05 14:03 - 00342624 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-04-09 01:20 - 2015-10-30 09:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2017-04-09 01:20 - 2015-10-30 09:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow 2017-04-09 01:20 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2017-04-09 01:20 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\oobe 2017-04-09 01:20 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\Provisioning 2017-04-09 01:20 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files\Windows Photo Viewer 2017-04-09 01:20 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files\Windows Defender 2017-04-09 01:20 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2017-04-09 01:20 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2017-04-09 01:20 - 2015-10-30 08:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism 2017-04-08 15:48 - 2015-04-03 16:48 - 00000000 ____D C:\Users\*****\Desktop\Abhöre 2017-04-08 13:58 - 2017-01-02 19:38 - 00000008 __RSH C:\ProgramData\ntuser.pol 2017-04-08 11:40 - 2015-02-16 12:34 - 00000000 ____D C:\Program Files\Common Files\Apple 2017-04-08 11:36 - 2014-09-22 20:45 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk 2017-04-08 11:29 - 2016-10-11 09:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2017-04-08 11:29 - 2014-09-22 20:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-04-08 11:29 - 2014-08-27 11:45 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2017-04-08 11:29 - 2014-08-27 11:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2017-04-08 01:22 - 2014-10-16 10:45 - 00000000 ____D C:\Users\*****\AppData\Roaming\Dropbox 2017-04-07 21:24 - 2015-08-27 21:57 - 00000000 ____D C:\Users\*****\Desktop\Neue Alben 2017-04-07 20:22 - 2014-10-16 10:47 - 00000000 ___RD C:\Users\*****\Dropbox 2017-04-07 18:01 - 2015-03-30 22:45 - 00000000 ____D C:\Users\*****\Downloads\Neuer Ordner 2017-04-06 21:19 - 2015-09-06 15:31 - 00001616 _____ C:\Users\*****\Desktop\Musik Shops.txt 2017-04-06 12:02 - 2014-11-08 20:26 - 00000000 ____D C:\Users\*****\Desktop\WDR 2017-04-05 23:01 - 2015-05-13 20:20 - 00002264 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-04-05 20:42 - 2017-02-15 22:26 - 00000000 ___SD C:\Users\*****\LANDR Bounces 2017-03-31 16:39 - 2016-04-12 18:32 - 00000000 ____D C:\Users\*****\Desktop\Jakarta Records 2017-03-30 14:35 - 2015-01-01 17:44 - 00000000 ____D C:\Users\*****\Desktop\Tickets & Quittungen 2017-03-30 12:48 - 2015-02-08 22:32 - 00000000 ____D C:\Users\*****\AppData\Roaming\vlc 2017-03-22 14:58 - 2014-09-22 20:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2017-03-22 14:57 - 2015-10-30 08:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM 2017-03-21 10:04 - 2013-06-04 01:53 - 00000000 ____D C:\ProgramData\Package Cache 2017-03-20 21:35 - 2015-10-30 09:24 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files 2017-03-19 12:59 - 2015-06-27 13:00 - 00006879 _____ C:\Users\*****\Desktop\Downloads.txt 2017-03-17 17:24 - 2015-10-28 23:58 - 00000000 ____D C:\Users\*****\AppData\Local\Dropbox 2017-03-17 13:46 - 2014-01-23 18:52 - 00000000 ____D C:\WINDOWS\system32\MRT 2017-03-17 13:45 - 2014-01-23 18:52 - 138634176 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-03-17 13:44 - 2014-08-27 11:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2017-03-16 19:18 - 2016-01-03 21:10 - 00000000 ____D C:\Users\*****\AppData\Roaming\AccurateRip 2017-03-16 15:18 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\NDF ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2014-09-22 20:23 - 2014-09-22 20:23 - 0000000 _____ () C:\Users\*****\AppData\Roaming\AbsoluteReminder.xml 2016-06-08 16:48 - 2016-06-08 16:48 - 0001522 _____ () C:\Users\*****\AppData\Local\recently-used.xbel 2017-03-15 11:18 - 2017-04-12 21:45 - 0014896 _____ () C:\ProgramData\Coinstaller.log 2015-12-05 14:04 - 2015-12-05 14:04 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2013-06-04 02:56 - 2013-02-19 09:34 - 2064264 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe 2013-06-04 02:56 - 2013-01-12 16:51 - 0003004 _____ () C:\ProgramData\MakeMarkerFile.xml ==================== Bamital & volsnap ====================== (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2017-04-10 10:46 ==================== Ende von FRST.txt ============================ |
12.04.2017, 21:46 | #8 |
| Windows 10: USB-Stick Ordner als Verknüpfungen Hier nun das zweite: Addition Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 15-03-2017 durchgeführt von ***** (12-04-2017 22:36:30) Gestartet von C:\Users\*****\Desktop\Kampf gegen den Virus Windows 10 Home Version 1511 (X64) (2015-12-05 12:14:10) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-680370811-642922712-648177064-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-680370811-642922712-648177064-503 - Limited - Disabled) Gast (S-1-5-21-680370811-642922712-648177064-501 - Limited - Disabled) ***** (S-1-5-21-680370811-642922712-648177064-1005 - Administrator - Enabled) => C:\Users\***** ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) Ableton Live 9 Trial (HKLM-x32\...\{611B40BC-7070-4946-BCC1-5AADF140DC04}) (Version: 9.0.0.0 - Ableton) Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated) Adobe Audition 3.0 (HKLM-x32\...\Adobe Audition 3.0) (Version: 3.0 - Adobe Systems Incorporated) Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated) Amazon Music (HKU\S-1-5-21-680370811-642922712-648177064-1005\...\Amazon Amazon Music) (Version: 5.0.4.1562 - Amazon Services LLC) AMD Catalyst Install Manager (HKLM\...\{9043E92C-183C-7633-0237-96CE00F5C909}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.) Apple Application Support (32-Bit) (HKLM-x32\...\{05E07D23-91E9-4E70-A4CC-EF505088F967}) (Version: 5.4.1 - Apple Inc.) Apple Application Support (64-Bit) (HKLM\...\{741291DA-2B34-4D44-8FB6-58EDE21261D8}) (Version: 5.4.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{DB18F1C0-846F-46F5-A074-5B97C8AF5C8E}) (Version: 10.3.1.2 - Apple Inc.) Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.) Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.25.172 - Avira Operations GmbH & Co. KG) Avira Connect (HKLM-x32\...\{0b46d918-af4f-4612-8076-5c0ae67cb2aa}) (Version: 1.2.81.41506 - Avira Operations GmbH & Co. KG) Avira Connect (x32 Version: 1.2.81.41506 - Avira Operations GmbH & Co. KG) Hidden Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD) CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dropbox (HKU\S-1-5-21-680370811-642922712-648177064-1005\...\Dropbox) (Version: 23.4.18 - Dropbox, Inc.) DSL Soforthilfe (HKLM-x32\...\DSL Soforthilfe) (Version: 1.1.0.51 - Telefónica Germany GmbH & Co. OHG) ELAN Touchpad driver X64 15.7.9.2_WHQL (HKLM\...\Elantech) (Version: 15.7.9.2 - ELAN Microelectronic Corp.) ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 17.4.19695 - Landesfinanzdirektion Thüringen) E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Evernote v. 6.5.4 (HKLM-x32\...\{D47E7D82-0D98-11E7-A6D6-005056951CAD}) (Version: 6.5.4.4720 - Evernote Corp.) Exact Audio Copy 1.1 (HKLM-x32\...\Exact Audio Copy) (Version: 1.1 - Andre Wiethoff) f.lux (HKU\S-1-5-21-680370811-642922712-648177064-1005\...\Flux) (Version: - ) Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.) Google Update Helper (x32 Version: 1.3.33.3 - Google Inc.) Hidden Help Desk (HKLM\...\{AEC9D273-E162-4614-83F1-722B8C74B185}) (Version: 1.0.96 - Samsung Electronics CO., LTD.) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1156 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Intel(R) WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{87d45b7e-19da-4dd5-9214-5e0d587c312f}) (Version: 15.6.1 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation) IntelliMemory (HKLM\...\{40320F22-7D70-49DB-9D66-B6FAE5F36B47}) (Version: 1.0.32.0 - Condusiv Technologies) iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.) Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation) Kentucky Route Zero (HKLM\...\Steam App 231200) (Version: - Cardboard Computer) LANDR (HKLM-x32\...\{948e168c-6622-44e2-9a3e-046a147156bc}) (Version: 1.5.1.0 - LANDR Audio) LANDR (x32 Version: 1.5.1.0 - LANDR Audio) Hidden LibreOffice 5.2.4.2 (HKLM-x32\...\{70E9A143-18EB-4FAB-B020-E3854B12202C}) (Version: 5.2.4.2 - The Document Foundation) Livestream Producer (HKLM-x32\...\{D7CA2C8B-6A7C-4D50-B8BD-7FE28868C3E7}) (Version: 1.0.13 - Livestream) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation) Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation) Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50905.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Mozilla Firefox 52.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 52.0.2 (x86 de)) (Version: 52.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.2.6291 - Mozilla) Mozilla Thunderbird 45.8.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.8.0 (x86 de)) (Version: 45.8.0 - Mozilla) Mp3tag v2.78 (HKLM-x32\...\Mp3tag) (Version: v2.78 - Florian Heidenreich) o2 Surfstick (HKLM-x32\...\{AEFF9E60-3E93-41EE-9895-311F7D1C5FFD}) (Version: 1.0.0.2 - ZTE Corporation) OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.16.6 - OBS Project) OEM Application Profile (HKLM-x32\...\{EE55B368-EBDF-98F3-CFE7-7CE4ADBC4553}) (Version: 1.00.0004 - Advanced Micro Devices, Inc.) Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - ) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version: - ) Phone Screen Sharing (HKLM-x32\...\{DF02C515-40B5-45AC-A601-5DC69D03885C}) (Version: 2.0.0.21 - RSUPPORT) Pioneer CDJXDJ Driver (HKLM-x32\...\Pioneer CDJXDJ) (Version: 1.500.000.000 - Pioneer DJ Corporation.) Pioneer MIX 64bit Driver (HKLM\...\Pioneer MIX) (Version: 4.3.0.0020 - Pioneer DJ Corporation.) PowerXpressHybrid (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Pulse Secure (Version: 5.1.60331 - Pulse Secure, LLC) Hidden Pulse Secure 5.1 (HKLM-x32\...\Pulse Secure 5.1) (Version: 5.1.60331 - Pulse Secure, LLC) Pulse Secure Setup Client (HKU\S-1-5-21-680370811-642922712-648177064-1005\...\Juniper_Setup_Client) (Version: 8.1.4.60331 - Pulse Secure, LLC) Pulse Secure Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Pulse Secure, LLC) Pulse Secure Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Pulse Secure, LLC) PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.) Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31225 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7543 - Realtek Semiconductor Corp.) Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.1.0.3 - Samsung Electronics CO., LTD.) rekordbox 4.3.0 64bit (HKLM\...\Pioneer rekordbox 4.3.0) (Version: 4.3.0.0020 - Pioneer DJ) S Agent (Version: 1.1.58 - Samsung Electronics Co., Ltd.) Hidden Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.2.13021_11 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.5.2.13021_11 - Samsung Electronics Co., Ltd.) Hidden Samsung Settings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.) Samsung Update (HKLM-x32\...\{0BC4AC38-E7C5-4394-A6BD-32CDCE2C8B9D}) (Version: 2.2.36 - Samsung Electronics Co., Ltd.) SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.25.0 - SAMSUNG Electronics Co., Ltd.) Serato DJ (HKLM-x32\...\{752e27a0-7ce7-48a1-8579-a9e1bfd7b4f0}) (Version: 1.9.1.4046 - ) Serato DJ (x32 Version: 1.9.1.4046 - Serato) Hidden SideSync (HKLM-x32\...\{59687468-8CE9-4ABF-9C6A-5C31F0E09F8B}) (Version: 2.0.0 - Samsung Electronics CO., LTD.) Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-680370811-642922712-648177064-1005\...\Spotify) (Version: 1.0.52.725.g943b26a8 - Spotify AB) SRS Premium Sound (HKLM-x32\...\{E44F8A34-529E-4318-A0E1-1893C337A47F}) (Version: 1.00.4700 - DTS, Inc.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) System Requirements Lab Detection (HKLM-x32\...\{FFE05956-090B-4413-A158-B0CFF0682259}) (Version: 6.1.6.0 - Husdawg, LLC) Tomahawk (HKLM-x32\...\Tomahawk) (Version: 0.8.4 - Tomahawk-player.org) Unity Web Player (HKU\S-1-5-21-680370811-642922712-648177064-1005\...\UnityWebPlayer) (Version: 5.2.0f3 - Unity Technologies ApS) User Guide (HKLM-x32\...\{491C3106-0333-4CC0-8085-7F82065FBFA4}) (Version: 1.3.00 - Samsung Electronics CO., LTD.) VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN) Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc) Winamp Essentials Pack (HKLM-x32\...\Winamp Essentials Pack) (Version: v5.58 - Christoph Grether) Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) Windows-Treiberpaket - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (08/23/2013 6.2.8400.4218) (HKLM\...\26BFE384C802803107F583AE1A739E4FEB56134B) (Version: 08/23/2013 6.2.8400.4218 - Samsung Electronics Co. Ltd.) WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH) Wisdom-soft AutoScreenRecorder 3.1 Free (HKLM-x32\...\Wisdom-soft AutoScreenRecorder 3.1 Free) (Version: - Wisdom Software Inc.) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-680370811-642922712-648177064-1005_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-680370811-642922712-648177064-1005_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-680370811-642922712-648177064-1005_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-680370811-642922712-648177064-1005_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-680370811-642922712-648177064-1005_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation) CustomCLSID: HKU\S-1-5-21-680370811-642922712-648177064-1005_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-680370811-642922712-648177064-1005_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.32.8\psuser_64.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-680370811-642922712-648177064-1005_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-680370811-642922712-648177064-1005_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-680370811-642922712-648177064-1005_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-680370811-642922712-648177064-1005_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-680370811-642922712-648177064-1005_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-680370811-642922712-648177064-1005_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-680370811-642922712-648177064-1005_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-680370811-642922712-648177064-1005_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-680370811-642922712-648177064-1005_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-680370811-642922712-648177064-1005_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-680370811-642922712-648177064-1005_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-680370811-642922712-648177064-1005_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-680370811-642922712-648177064-1005_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-680370811-642922712-648177064-1005_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-680370811-642922712-648177064-1005_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.) ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {09EE975B-6109-4777-8F56-162EE42FB31A} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-680370811-642922712-648177064-1005Core => C:\Users\*****\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.) Task: {144F991F-932B-49F9-BB9D-A4B938ACBA68} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {27BBDC66-C96A-4B26-B757-49B14EBC517C} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-08-28] (Realtek Semiconductor) Task: {30E131EE-2E03-45DC-B962-450076A11EC3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-13] (Google Inc.) Task: {32E585D9-CB35-498A-8EFC-2E2E658241F6} - System32\Tasks\{3F1DAE92-97A5-457B-98B1-403FFC84C462} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=6.21.0.104&LastError=404 Task: {47F435FA-EAA8-43F9-92EF-EE3F4A34800A} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {530F2EBB-2FB2-4C94-80F9-4074BE11DED1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG Task: {54177C0D-5862-4304-B987-1AD7AF6A9623} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe Task: {5B5FA4A8-FF47-49CF-BD03-7E3ABA7DE9F8} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG Task: {5B95929C-2D53-4652-86FB-B8664276011B} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2016-02-24] (Samsung Electronics Co., Ltd.) Task: {626471A4-9E6A-40B4-BDF1-8082117E2BAB} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG Task: {657C683B-C354-4995-9FAD-E6A63231B58F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-680370811-642922712-648177064-1005UA => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2015-11-19] (Google Inc.) Task: {6E7A39BE-4BEF-4B83-9C4D-02ADDD179A38} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.) Task: {76BE747F-16DA-4E8D-A06E-605EAE78880D} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG Task: {82A501BD-5965-49DC-81D7-0AA63532893F} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-11] (Adobe Systems Incorporated) Task: {85400368-1794-463E-8258-2D1EDF6DD61B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-13] (Google Inc.) Task: {8FAA6FA3-1DA8-41FE-8174-62E71208A013} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2015-06-19] (Samsung Electronics CO., LTD.) Task: {A1033642-680C-4E50-A5BB-B74CE1F5E71A} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-680370811-642922712-648177064-1005UA => C:\Users\*****\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.) Task: {A482930A-3BC5-4675-9EA0-D18648D77705} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG Task: {AA4103FC-7A78-416D-94B7-162F62D0A8FE} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-680370811-642922712-648177064-1002Core => C:\Users\kiosk\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: {ACC3DACB-BCF1-4751-880D-2CE72ACEFC92} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2016-07-05] (SEC) Task: {AF9A16E2-9B2A-4E0E-B009-CBEEE3597583} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG Task: {B134A9E6-1863-4F8F-BF72-35F1BB85092B} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-680370811-642922712-648177064-1002UA => C:\Users\kiosk\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: {B65A0B99-E485-43A7-92C1-A9A06EA4709F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG Task: {C7C0511F-011F-463B-833B-F02A6FD95970} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {CFEA2F61-DFEE-4320-90EC-2ECA1389BB99} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG Task: {DBDC6064-F9F8-459E-A392-7A99FA3EE93F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG Task: {DBEEC956-843B-445B-A0C1-2158B77BDBAC} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe [2010-06-01] () Task: {E87C45A2-B475-409B-A795-7D6C1554605B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated) Task: {E9891AB9-29D9-4C1A-8868-00A890E9DDF9} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG Task: {EE688FA0-ACCF-4C19-84C2-4CEC2E2312F7} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {F64C4AE0-863E-4870-9E8F-1297322E8FAA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-03-17] (Microsoft Corporation) Task: {F6E9B348-A3AC-4B52-AFBC-59E8DBFC88B7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd) Task: {FA846DA5-F2CC-4876-8ADC-0939126BF150} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-680370811-642922712-648177064-1005Core => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2015-11-19] (Google Inc.) Task: {FC311588-D2C8-419F-9117-027969650628} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG Task: {FDF75EFA-569A-4ECA-B93E-19F17C1BC762} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-680370811-642922712-648177064-1005Core.job => C:\Users\*****\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-680370811-642922712-648177064-1005UA.job => C:\Users\*****\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-680370811-642922712-648177064-1002Core.job => C:\Users\kiosk\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-680370811-642922712-648177064-1002UA.job => C:\Users\kiosk\AppData\Local\Facebook\Update\FacebookUpdate.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2017-04-09 00:10 - 2017-03-04 07:31 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-10-05 19:17 - 2016-10-05 19:17 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2017-03-16 16:08 - 2017-03-16 16:08 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2015-06-19 15:55 - 2015-06-19 15:55 - 00084800 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe 2017-04-09 00:09 - 2017-03-04 10:12 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2017-04-09 00:09 - 2017-03-04 10:12 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-04-19 08:30 - 2016-04-19 08:30 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2015-12-18 09:22 - 2015-12-07 06:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-07-12 22:52 - 2016-07-01 05:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-12-06 09:20 - 2016-10-25 09:01 - 00674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll 2017-04-09 00:10 - 2017-03-04 05:19 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-04-09 00:10 - 2017-03-04 05:14 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-04-09 00:10 - 2017-03-04 05:15 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2017-04-09 00:10 - 2017-03-04 05:17 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2015-06-19 15:55 - 2015-06-19 15:55 - 00027968 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll 2015-06-19 15:55 - 2015-06-19 15:55 - 01272128 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll 2015-06-19 15:55 - 2015-06-19 15:55 - 00111936 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll 2015-06-19 15:55 - 2015-06-19 15:55 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll 2015-06-19 15:55 - 2015-06-19 15:55 - 00025920 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsAPI.dll 2015-06-19 15:55 - 2015-06-19 15:55 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll 2016-04-19 08:30 - 2016-04-19 08:30 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2016-04-19 08:30 - 2016-04-19 08:30 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll 2015-06-19 15:55 - 2015-06-19 15:55 - 00025920 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll 2015-06-19 15:55 - 2015-06-19 15:55 - 00111936 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll 2015-06-19 15:55 - 2015-06-19 15:55 - 00059712 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll 2015-06-19 15:55 - 2015-06-19 15:55 - 00102720 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll 2017-03-20 11:57 - 2017-03-20 11:57 - 00321208 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll 2017-03-20 11:57 - 2017-03-20 11:57 - 00148664 _____ () C:\Program Files (x86)\Evernote\Evernote\zlibwapi.dll 2017-03-20 11:57 - 2017-03-20 11:57 - 26137272 _____ () C:\Program Files (x86)\Evernote\Evernote\libcef.dll 2017-03-20 11:57 - 2017-03-20 11:57 - 00212664 _____ () C:\Program Files (x86)\Evernote\Evernote\websockets.dll 2017-03-20 11:10 - 2017-03-20 11:10 - 00740352 _____ () C:\Program Files (x86)\Evernote\Evernote\libglesv2.dll 2017-03-20 11:10 - 2017-03-20 11:10 - 00130048 _____ () C:\Program Files (x86)\Evernote\Evernote\libegl.dll 2015-03-13 01:00 - 2017-04-03 19:32 - 67725936 _____ () C:\Users\*****\AppData\Roaming\Spotify\libcef.dll 2015-03-13 01:00 - 2017-04-03 19:32 - 01929840 _____ () C:\Users\*****\AppData\Roaming\Spotify\libglesv2.dll 2015-03-13 01:00 - 2017-04-03 19:32 - 00087152 _____ () C:\Users\*****\AppData\Roaming\Spotify\libegl.dll 2010-05-25 10:40 - 2010-05-25 10:40 - 00016896 _____ () C:\Program Files (x86)\Winamp\Plugins\in_wav.dll 2005-09-14 21:08 - 2005-09-14 21:08 - 00031232 _____ () C:\Program Files (x86)\Winamp\Plugins\in_wav.trb 2009-04-28 22:20 - 2009-04-28 22:20 - 00084480 _____ () C:\Program Files (x86)\Winamp\Plugins\read_file.dll 2010-06-01 17:29 - 2010-06-01 17:29 - 00224768 _____ () C:\Program Files (x86)\Winamp\Plugins\in_wv.dll 2013-12-13 04:47 - 2013-12-13 04:47 - 00333824 _____ () C:\Program Files (x86)\Winamp\Plugins\freeform\wacs\freetype\freetype.wac 2010-06-25 22:03 - 2010-06-25 22:03 - 00077312 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_find_on_disk.dll 2010-06-17 18:59 - 2010-06-17 18:59 - 00084992 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_skinmanager.dll 2010-04-07 12:31 - 2010-04-07 12:31 - 00036864 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_undo.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) ==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-680370811-642922712-648177064-1005\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher" HKLM\...\StartupApproved\Run32: => "RemoteControl10" HKLM\...\StartupApproved\Run32: => "APSDaemon" HKLM\...\StartupApproved\Run32: => "QuickTime Task" HKLM\...\StartupApproved\Run32: => "PDFPrint" HKLM\...\StartupApproved\Run32: => "CancelAutoPlay_df" HKLM\...\StartupApproved\Run32: => "CheckNDISPortF0acA7" HKLM\...\StartupApproved\Run32: => "DSL Soforthilfe" HKLM\...\StartupApproved\Run32: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0" HKU\S-1-5-21-680370811-642922712-648177064-1005\...\StartupApproved\Run: => "Amazon Music" HKU\S-1-5-21-680370811-642922712-648177064-1005\...\StartupApproved\Run: => "Dropbox Update" HKU\S-1-5-21-680370811-642922712-648177064-1005\...\StartupApproved\Run: => "CCleaner Monitoring" HKU\S-1-5-21-680370811-642922712-648177064-1005\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-680370811-642922712-648177064-1005\...\StartupApproved\Run: => "Google Update" HKU\S-1-5-21-680370811-642922712-648177064-1005\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-680370811-642922712-648177064-1005\...\StartupApproved\Run: => "Skype" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{E8557183-47FC-4D7D-96E8-0F2BFCA250FC}] => (Block) C:\users\*****\downloads\broforce_windows_2015_november_17\windows\broforce_beta.exe FirewallRules: [{64A5660C-048F-4325-98CC-356EAECB60C0}] => (Block) C:\users\*****\downloads\broforce_windows_2015_november_17\windows\broforce_beta.exe FirewallRules: [UDP Query User{09656955-470D-44C4-8D05-42ACDFCC237D}C:\users\*****\downloads\broforce_windows_2015_november_17\windows\broforce_beta.exe] => (Allow) C:\users\*****\downloads\broforce_windows_2015_november_17\windows\broforce_beta.exe FirewallRules: [TCP Query User{17F057EF-4F27-45AC-86AD-F0A85B9F7EF4}C:\users\*****\downloads\broforce_windows_2015_november_17\windows\broforce_beta.exe] => (Allow) C:\users\*****\downloads\broforce_windows_2015_november_17\windows\broforce_beta.exe FirewallRules: [UDP Query User{4B0BE795-39C7-4EA6-BCCF-479C4A67E1D2}C:\program files (x86)\steam\steamapps\common\rainbow six vegas\binaries\r6vegas_launcher.exe] => (Block) C:\program files (x86)\steam\steamapps\common\rainbow six vegas\binaries\r6vegas_launcher.exe FirewallRules: [TCP Query User{D6D1EA87-2DFA-4155-A32A-6528956980BA}C:\program files (x86)\steam\steamapps\common\rainbow six vegas\binaries\r6vegas_launcher.exe] => (Block) C:\program files (x86)\steam\steamapps\common\rainbow six vegas\binaries\r6vegas_launcher.exe FirewallRules: [{85557EB1-C0A4-4BFC-8472-F37877C3A56E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Rainbow Six Vegas\Binaries\runme.exe FirewallRules: [{1AA9E9B7-F83D-4A71-A1EF-D25C7F7C327E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Rainbow Six Vegas\Binaries\runme.exe FirewallRules: [{F71BE0FF-4D4D-4152-AEE5-F222186E9ACF}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe FirewallRules: [{683087AA-90F3-411A-896B-FD2F1FFB7798}] => (Allow) LPort=1900 FirewallRules: [{8CE191E3-A8AE-4CEC-A8F9-2E8E0B1EDAD9}] => (Allow) LPort=2869 FirewallRules: [{2AD55660-0050-467B-B2B1-4A4A61AAEB1D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{5275BAF6-CD64-4E96-94BF-F6CC2E4EC21D}] => (Allow) C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe FirewallRules: [{F2040106-887C-47B9-B968-A370EFD1BB76}] => (Allow) C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe FirewallRules: [{9D61094E-ED39-4A82-8338-40C5C4D3411E}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe FirewallRules: [TCP Query User{B3B6D94E-1612-440C-B1AD-203C5D91D1EA}C:\users\*****\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\*****\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{47914F57-3365-4185-B864-209C1D863A9F}C:\users\*****\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\*****\appdata\roaming\spotify\spotify.exe FirewallRules: [{67329E70-1C8B-4B5B-88FF-B59C21CF3D95}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{A94BFD88-1A38-4F47-8165-C68468B4BF27}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{67B23FA4-C433-4E9D-9DA0-7634583F52F5}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{DA40C1DB-10B2-470C-BA83-4A8A6823E5EE}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{E6B328AC-A306-4527-941E-8B576ECE19C1}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [{21FD4A13-1299-43CD-8562-087988B461ED}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [TCP Query User{AE7EEEDA-6D34-42A3-B3F0-5D92964FA080}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Block) C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe FirewallRules: [UDP Query User{615B7EA6-FDE5-41B6-BFE7-03915413ABDF}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Block) C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe FirewallRules: [{80081036-A4DC-4C1D-BEA9-48A2A7526CE6}] => (Allow) C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{11101408-5229-4E90-B86A-24E8D874F91A}] => (Allow) C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [TCP Query User{6D018BED-C824-426D-9D22-4EDDEEEB2F40}C:\users\*****\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\*****\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{997D201D-4A4D-4903-9071-59AA0EA6DD5A}C:\users\*****\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\*****\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{445DE35E-4A96-4F67-8F21-1AA6D6A37F70}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{334E7DC0-6420-4BC0-867C-5981912BC8C0}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{DB26A79E-1AE3-4125-B8FA-9C4760C6DC33}C:\users\*****\downloads\broforce_beta_windows_2014_december_18\windows\broforce_beta.exe] => (Allow) C:\users\*****\downloads\broforce_beta_windows_2014_december_18\windows\broforce_beta.exe FirewallRules: [UDP Query User{499CE17C-F2A0-487E-B78F-DFE874C63693}C:\users\*****\downloads\broforce_beta_windows_2014_december_18\windows\broforce_beta.exe] => (Allow) C:\users\*****\downloads\broforce_beta_windows_2014_december_18\windows\broforce_beta.exe FirewallRules: [{FE6E2A20-CC5D-4934-8A51-C8311342F2E4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{FF566D8F-D0D5-4C80-B96C-E375F0979334}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{3653484A-4B9F-4EB5-B156-0EA8F71E8D3C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{B87DE84E-4350-4327-BF9C-0334BC26CBD6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{8A78F6C7-2EB4-4276-BE20-D0106CC5B6E4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{68D97DA4-4C62-460F-85F5-12AA5941526E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [TCP Query User{6AECDB0F-724C-4BEE-9EEC-F321698BA642}C:\users\*****\downloads\broforce_beta_windows_2015_march_12\windows\broforce_beta.exe] => (Allow) C:\users\*****\downloads\broforce_beta_windows_2015_march_12\windows\broforce_beta.exe FirewallRules: [UDP Query User{2392465B-23EF-410C-A0B7-A00314E81E68}C:\users\*****\downloads\broforce_beta_windows_2015_march_12\windows\broforce_beta.exe] => (Allow) C:\users\*****\downloads\broforce_beta_windows_2015_march_12\windows\broforce_beta.exe FirewallRules: [{132D1E6E-0485-483B-8D45-601445401DCD}] => (Allow) C:\Program Files (x86)\DSL Soforthilfe\DSL_Soforthilfe.exe FirewallRules: [{1B64EADD-0F51-48DC-9585-4A8C268633A9}] => (Allow) C:\Program Files (x86)\DSL Soforthilfe\DSL_Soforthilfe.exe FirewallRules: [TCP Query User{5104351D-A295-444A-BDD8-410E603EA7F2}C:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{4E1A61B2-AF39-4C5D-8D4B-C7635D959BFF}C:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [TCP Query User{1C027A8C-D72D-4900-8E6F-6656F6A02E62}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe FirewallRules: [UDP Query User{5F488F6F-AA2B-44EE-9060-F8258FE8FDD2}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe FirewallRules: [{91F4CC67-D2E3-4EB8-A3C6-9C972114A45B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{DC315BA3-E388-47C2-A7D8-DC0F0EAAC5DF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{5C990297-98A8-4D55-A333-5AA0E5EF80D2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{81B12B6F-9483-40D0-B68C-F5CD6E285905}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [TCP Query User{8627AFAB-5FB8-419A-9AEA-400C60D2A9F3}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Block) C:\program files (x86)\mediamonkey\mediamonkey.exe FirewallRules: [UDP Query User{E14B0A79-E832-440B-80FF-6834ABC8B75C}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Block) C:\program files (x86)\mediamonkey\mediamonkey.exe FirewallRules: [{CD7AE0A2-54E5-4C2C-83E8-47164140BC28}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{530012D2-5C10-4C53-A932-B26720DC7D89}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{81D51175-7CD0-400D-96A0-DAEA85229A86}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\LISA\JOYFUL\Game.exe FirewallRules: [{A21B162C-9763-4480-BC4C-6405F041E350}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\LISA\JOYFUL\Game.exe FirewallRules: [TCP Query User{0759A45C-5069-4FB3-B21A-C90A2006BCA6}C:\program files (x86)\tomahawk\tomahawk.exe] => (Allow) C:\program files (x86)\tomahawk\tomahawk.exe FirewallRules: [UDP Query User{337C6954-A082-4F21-9674-2A171E788700}C:\program files (x86)\tomahawk\tomahawk.exe] => (Allow) C:\program files (x86)\tomahawk\tomahawk.exe FirewallRules: [TCP Query User{A80EE07E-2F9B-473B-A072-BDDF43646885}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{9524BFE7-48C1-4B8E-84F2-AFEC214DA960}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{B6000533-5C40-4E28-8E6B-C0F36F11DD48}C:\users\*****\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\*****\appdata\local\amazon music\amazon music helper.exe FirewallRules: [UDP Query User{DC1F7B42-A40E-4B11-818E-F7ED78314448}C:\users\*****\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\*****\appdata\local\amazon music\amazon music helper.exe FirewallRules: [{ADCA5ED5-DBE2-400B-80EE-C3FCE7F85337}] => (Block) C:\users\*****\appdata\local\amazon music\amazon music helper.exe FirewallRules: [{6EFA1D01-0415-4F7F-8734-6E1D18A025A0}] => (Block) C:\users\*****\appdata\local\amazon music\amazon music helper.exe FirewallRules: [TCP Query User{30619189-E96F-4404-8229-83082BD153C3}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe FirewallRules: [UDP Query User{3EBBAE9D-95E2-4ABD-A88E-8C01C8F04A81}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe FirewallRules: [{766363C5-E1AB-4E0B-BFB6-AEE9173871EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KentuckyRouteZero\KentuckyRouteZero.exe FirewallRules: [{C2123AA9-4534-4116-9DAA-0F11599767DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KentuckyRouteZero\KentuckyRouteZero.exe FirewallRules: [{1DACA5DA-DC2C-4BFD-B2D6-1EF20BB1CC80}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{31F65E20-3D94-49F5-9DE3-7EB7E02F1A7D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [TCP Query User{48A49328-CD70-41A0-9E13-4A4A76EE0BDA}C:\program files\pioneer\rekordbox 4.2.5\psvnfsd.exe] => (Allow) C:\program files\pioneer\rekordbox 4.2.5\psvnfsd.exe FirewallRules: [UDP Query User{8A2BBF30-12FB-4894-B4AB-3563EB2704FD}C:\program files\pioneer\rekordbox 4.2.5\psvnfsd.exe] => (Allow) C:\program files\pioneer\rekordbox 4.2.5\psvnfsd.exe FirewallRules: [TCP Query User{27C339D4-4CED-44ED-8955-746DC0DA7BD1}C:\program files\pioneer\rekordbox 4.2.5\psvlinksysmgr.exe] => (Allow) C:\program files\pioneer\rekordbox 4.2.5\psvlinksysmgr.exe FirewallRules: [UDP Query User{01425E94-59B5-47D9-B7E9-E856AB4380BE}C:\program files\pioneer\rekordbox 4.2.5\psvlinksysmgr.exe] => (Allow) C:\program files\pioneer\rekordbox 4.2.5\psvlinksysmgr.exe FirewallRules: [TCP Query User{18670B38-665E-4AAF-B575-C60326933202}C:\program files\pioneer\rekordbox 4.2.5\rekordbox.exe] => (Allow) C:\program files\pioneer\rekordbox 4.2.5\rekordbox.exe FirewallRules: [UDP Query User{B85F0B9F-375A-40E4-BEF4-1E9664158FF2}C:\program files\pioneer\rekordbox 4.2.5\rekordbox.exe] => (Allow) C:\program files\pioneer\rekordbox 4.2.5\rekordbox.exe FirewallRules: [TCP Query User{A7E1DF20-0B87-48D0-B55F-58E115AD8F20}C:\program files\pioneer\rekordbox 4.3.0\psvnfsd.exe] => (Allow) C:\program files\pioneer\rekordbox 4.3.0\psvnfsd.exe FirewallRules: [UDP Query User{0DB043C3-0DE4-4D88-AA7F-02C3CBC12531}C:\program files\pioneer\rekordbox 4.3.0\psvnfsd.exe] => (Allow) C:\program files\pioneer\rekordbox 4.3.0\psvnfsd.exe FirewallRules: [TCP Query User{4295AD05-CD47-4C87-AE24-3588686C82D4}C:\program files\pioneer\rekordbox 4.3.0\psvlinksysmgr.exe] => (Allow) C:\program files\pioneer\rekordbox 4.3.0\psvlinksysmgr.exe FirewallRules: [UDP Query User{F8C446B4-D10B-4E61-8E15-02B55AC4FE66}C:\program files\pioneer\rekordbox 4.3.0\psvlinksysmgr.exe] => (Allow) C:\program files\pioneer\rekordbox 4.3.0\psvlinksysmgr.exe FirewallRules: [TCP Query User{C3A3701F-355C-4E1E-A7D9-3B59AA5CB08C}C:\program files\pioneer\rekordbox 4.3.0\rekordbox.exe] => (Allow) C:\program files\pioneer\rekordbox 4.3.0\rekordbox.exe FirewallRules: [UDP Query User{9B3F315A-632F-4DC9-8D4B-0B405DF5686B}C:\program files\pioneer\rekordbox 4.3.0\rekordbox.exe] => (Allow) C:\program files\pioneer\rekordbox 4.3.0\rekordbox.exe FirewallRules: [{9B7EC849-9716-446E-A388-694A4FDE0B3B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{FD0F67B9-CC7D-4818-A1B8-A8982183AD12}] => (Allow) C:\Program Files\iTunes\iTunes.exe ==================== Wiederherstellungspunkte ========================= ==================== Fehlerhafte Geräte im Gerätemanager ============= ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (04/12/2017 09:55:37 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NP730U3E-X04DE) Description: Bei der Aktivierung der App „Microsoft.BingFoodAndDrink_8wekyb3d8bbwe!AppexFoodAndDrink“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (04/12/2017 09:40:34 PM) (Source: ATIeRecord) (EventID: 16396) (User: ) Description: ATI EEU PnP start/stop failed Error: (04/12/2017 06:18:59 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: EasySettingsCmdServer.exe, Version: 0.0.0.0, Zeitstempel: 0x5583ba20 Name des fehlerhaften Moduls: ntdll.dll, Version: 10.0.10586.672, Zeitstempel: 0x580efaf8 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003c95a ID des fehlerhaften Prozesses: 0x28d4 Startzeit der fehlerhaften Anwendung: 0x01d2b3a87c2f6f41 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll Berichtskennung: fafd6dba-94f8-4ff3-8856-f83289329758 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (04/12/2017 06:18:55 PM) (Source: ATIeRecord) (EventID: 16396) (User: ) Description: ATI EEU PnP start/stop failed Error: (04/12/2017 05:49:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NP730U3E-X04DE) Description: Bei der Aktivierung der App „Microsoft.BingFoodAndDrink_8wekyb3d8bbwe!AppexFoodAndDrink“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (04/12/2017 05:15:08 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NP730U3E-X04DE) Description: Bei der Aktivierung der App „Microsoft.BingFoodAndDrink_8wekyb3d8bbwe!AppexFoodAndDrink“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (04/12/2017 05:14:59 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Local Hostname NP730U3E-X04DE.local already in use; will try NP730U3E-X04DE-2.local instead Error: (04/12/2017 05:14:59 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 16 NP730U3E-X04DE.local. AAAA FE80:0000:0000:0000:E8D6:3D31:99AA:4308 Error: (04/12/2017 05:14:59 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Received from FE80:0000:0000:0000:E8D6:3D31:99AA:4308:5353 4 NP730U3E-X04DE.local. Addr 192.168.3.75 Error: (04/12/2017 05:14:55 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1141 Systemfehler: ============= Error: (04/12/2017 10:11:20 PM) (Source: DCOM) (EventID: 10016) (User: NP730U3E-X04DE) Description: Durch die Berechtigungseinstellungen für "Computerstandard" wird dem Benutzer "NP730U3E-X04DE\*****" (SID: S-1-5-21-680370811-642922712-648177064-1005) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} und der APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} im Anwendungscontainer "Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. Error: (04/12/2017 10:11:20 PM) (Source: DCOM) (EventID: 10016) (User: NP730U3E-X04DE) Description: Durch die Berechtigungseinstellungen für "Computerstandard" wird dem Benutzer "NP730U3E-X04DE\*****" (SID: S-1-5-21-680370811-642922712-648177064-1005) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} und der APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} im Anwendungscontainer "Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. Error: (04/12/2017 09:44:01 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT) Description: Der Server "{784E29F4-5EBE-4279-9948-1E8FE941646D}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (04/12/2017 09:40:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "SWUpdateService" wurde aufgrund folgenden Fehlers nicht gestartet: Das System kann die angegebene Datei nicht finden. Error: (04/12/2017 06:18:59 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT) Description: Der Server "{7006698D-2974-4091-A424-85DD0B909E23}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (04/12/2017 06:18:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Benutzerdatenzugriff_6cdb0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (04/12/2017 06:18:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Benutzerdatenspeicher _6cdb0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (04/12/2017 06:18:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Kontaktdaten_6cdb0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (04/12/2017 06:18:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Synchronisierungshost_6cdb0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (04/12/2017 06:17:44 PM) (Source: DCOM) (EventID: 10016) (User: NP730U3E-X04DE) Description: Durch die Berechtigungseinstellungen für "Computerstandard" wird dem Benutzer "NP730U3E-X04DE\*****" (SID: S-1-5-21-680370811-642922712-648177064-1005) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} und der APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} im Anwendungscontainer "Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. CodeIntegrity: =================================== Date: 2017-04-10 10:20:59.408 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2017-04-09 09:21:14.363 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2017-03-18 12:26:34.502 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2017-02-23 08:44:16.021 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2017-01-19 14:34:34.880 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2017-01-12 13:26:59.659 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2017-01-12 03:06:50.651 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2017-01-11 23:29:53.423 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-12-17 07:15:06.800 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-12-16 12:15:06.345 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM) i7-3537U CPU @ 2.00GHz Prozentuale Nutzung des RAM: 76% Installierter physikalischer RAM: 3980.51 MB Verfügbarer physikalischer RAM: 940.01 MB Summe virtueller Speicher: 6027.88 MB Verfügbarer virtueller Speicher: 1611.24 MB ==================== Laufwerke ================================ Drive c: () (Fixed) (Total:212.82 GB) (Free:1.61 GB) NTFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (Size: 238.5 GB) (Disk ID: 1933A963) Partition: GPT. ==================== Ende von Addition.txt ============================ |
13.04.2017, 13:30 | #9 |
/// TB-Ausbilder | Windows 10: USB-Stick Ordner als Verknüpfungen Servus, Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
|
14.04.2017, 23:48 | #10 |
| Windows 10: USB-Stick Ordner als Verknüpfungen Hier kommt das HitmanPro Log! Der Scanner hat FRST als verdächtig eingestuft, ansonsten nichts gefunden. Code:
ATTFilter HitmanPro 3.7.18.284 www.hitmanpro.com Computer name . . . . : NP730U3E-X04DE Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : NP730U3E-X04DE\***** UAC . . . . . . . . . : Enabled License . . . . . . . : Free Scan date . . . . . . : 2017-04-15 00:42:25 Scan mode . . . . . . : Normal Scan duration . . . . : 2m 7s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 1 Objects scanned . . . : 2.440.934 Files scanned . . . . : 97.927 Remnants scanned . . : 748.938 files / 1.594.069 keys Suspicious files ____________________________________________________________ C:\Users\*****\Desktop\Kampf gegen den Virus\FRST64.exe Size . . . . . . . : 2.424.832 bytes Age . . . . . . . : 7.3 days (2017-04-07 17:58:41) Entropy . . . . . : 7.6 SHA-256 . . . . . : 3A3DCD0D3C9C1FE10C45AF795DC9452DA192246BB67D896AB7F16151A53C1B5F Needs elevation . : Yes Fuzzy . . . . . . : 23.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. |
15.04.2017, 10:50 | #11 |
/// TB-Ausbilder | Windows 10: USB-Stick Ordner als Verknüpfungen Servus, ich würde den Stick noch formatieren, dann wars das. Dann wären wir durch! Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst... Vielleicht möchtest du das Forum mit einer kleinen Spende unterstützen. Hinweise: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Cleanup Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte deinen Rechner anschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst du diese bedenkenlos löschen. Virenscanner + Firewall Vorab sei erwähnt, dass man niemals die Schutzwirkung eines Virenscanners überbewerten darf! Kein Antivirusprogramm erkennt 100% der Schadsoftware. Sofern du noch unentschieden bist, verwende MAXIMAL EIN EINZIGES der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:
Microsoft Security Essentials (MSE) / Windows Defender (WD) ist ab Windows 8 fest eingebaut, wenn du also Windows 8, 8.1 oder 10 und dich für MSE/WD entschieden hast, brauchst du nicht extra MSE/WD zu installieren. Bei Windows 7 muss es aber manuell installiert oder über die Windows Updates als optionales Update bezogen werden. Selbstverständlich ist ein legales/aktiviertes Windows Voraussetzung dafür. Verwende immer nur reine Virenscanner (keine Produkte mit "Suite", "Internet Security", "Endpoint" oder "Total Security" in Namen, denn diese bringen kontraproduktive Firewalls mit - die Windows-Firewall ist alles was benötigt wird) Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware , AdwCleaner und mit dem ESET Online Scanner scannen. Diese Programme sind alle kostenlos und stören nicht den Betrieb deines Antivirenprogramms. Absicherungen Beim Betriebsystem Windows ist es wichtig, die automatischen Updates zu aktivieren. Auch sicherheitsrelevante Software sollte immer in aktueller Version vorliegen. Das zeitnahe Einspielen von Updates ist erforderlich, damit Sicherheitslücken geschlossen werden. Sicherheitslücken werden beispielsweise dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Besonders aufpassen bzgl. der Aktualität musst du insbesondere bei folgender Software - sofern diese überhaupt benötigt wird:
Optionale Browsererweiterungen
Grundsätzliches
Lesestoff: Backup-/Image-Tools Damit man sinnvolle Backups hat, muss man regelmäßig (z. B. wöchentlich) ein Image auf eine separate externe Festplatte erstellen. Diese externe Festplatte wird nur dann angeschlossen, wenn man das Backup erstellen will (oder etwas wiederherstellen muss), ansonsten bleibt sie aus Sicherheitsgründen sicher im Schrank verwahrt - allein schon aus dem Grund, die Backups vor "Verschlüsselungstrojanern" zu schützen. Du solltest dich für eines der folgenden Programmen entscheiden und damit regelmäßig deine Daten sichern. Optioin 1 - Drivesnapshot Drive Snapshot - Disk Image Backup for Windows NT/2000/XP/2003/X64 Download (32-Bit) => http://www.drivesnapshot.de/download/snapshot.exe Download (64-Bit) => http://www.drivesnapshot.de/download/snapshot64.exe Screenshots: http://www.drivesnapshot.de/images/startup.png http://www.drivesnapshot.de/images/save3.png Option 2 - Seagate DiscWizard Seagate DiscWizard - Download - Filepony Screenshots: http://filepony.de/screenshot/seagate_discwizard5.jpg http://filepony.de/screenshot/seagate_discwizard4.png http://filepony.de/screenshot/seagate_discwizard3.jpg Option 3 - Acronis TrueImage WD Edition Acronis True Image WD Edition - Download - Filepony Screenshots: http://filepony.de/screenshot/acroni...d_edition1.jpg http://filepony.de/screenshot/acroni...d_edition2.jpg |
15.04.2017, 16:37 | #12 |
| Windows 10: USB-Stick Ordner als Verknüpfungen Wunderbar, das sind ja tolle Nachrichten Den Stick hab ich formatiert und DelFix durchlaufen lassen! Vielen lieben Dank für deine Hilfe, Matthias, und auch für deine Sicherheits-Tipps zum Abschluss, die kann ich gut gebrauchen! |
16.04.2017, 11:11 | #13 |
/// TB-Ausbilder | Windows 10: USB-Stick Ordner als Verknüpfungen Ich bin froh, dass wir helfen konnten In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest: Lob, Kritik und Wünsche Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank! Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen. |
Themen zu Windows 10: USB-Stick Ordner als Verknüpfungen |
andere, anderen, anleitung, befinden, bereits, geholfen, gen, google analytics, gültig, jahre, laptop, leitung, lieben, malware, ordner, problem, rechner, schrauber, seitdem, sticks, thread, troja, usb-stick mit verknüpfung, verknüpfungen, vermutlich, weiterhelfen, windows, windowsapps |