| |
| |||||||
Log-Analyse und Auswertung: Windows 10: Malwarebyte findet Trojan.Agent.BHOWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
24.06.2017, 08:57
| #1 |
 |  Windows 10: Malwarebyte findet Trojan.Agent.BHO Liebes Trojaner Board Team, habe Malwarebytes laufen lassen und er findet Trojan.Agent.BHO. Habe dann auf entfernen gedrückt und der Computer hat neu gestartet, es wurde aber weiterhin gefunden. Ich habe jetzt malwarebyte nochmal als Administrator laufen lassen und die gefundenen Dateien in die Quarantäne verschieben und neu starten lassen. Nun findet er keine Bedohungen mehr. Muss ich jetzt noch was machen ? Die Logs habe ich gespeichert und kann sie gerne bei Bedarf hochladen. r. |
|
24.06.2017, 10:06
| #2 |
| /// TB-Ausbilder   | Windows 10: Malwarebyte findet Trojan.Agent.BHO Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Um die Bereinigung möchlichst effektiv und schnell gestalten zu können, bitte ich um Beachtung der folgenden Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Bitte alle Logs von MBAM nachreichen! Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Schritt 2 Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
Bitte poste mit deiner nächsten Antwort
|
|
24.06.2017, 12:49
| #3 |
| | Windows 10: Malwarebyte findet Trojan.Agent.BHO Hallo Matthias,
__________________MBAM nicht als Admin: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 24.06.2017 Suchlaufzeit: 07:08 Protokolldatei: log.txt Administrator: Nein Version: 2.2.1.1043 Malware-Datenbank: v2017.06.24.01 Rootkit-Datenbank: v2017.05.27.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 10 CPU: x64 Dateisystem: NTFS Benutzer: Benutzername Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 286741 Abgelaufene Zeit: 16 Min., 29 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 42 Trojan.Agent.BHO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{31FF080D-12A3-439A-A2EF-4BA95A3148E8}, , [05fc9aa9e4c51d19abcb2c18ad568a76], Trojan.Agent.BHO, HKLM\SOFTWARE\CLASSES\Msie2gr.bho2gr, , [05fc9aa9e4c51d19abcb2c18ad568a76], Trojan.Agent.BHO, HKLM\SOFTWARE\CLASSES\Msie2gr.bho2gr.1, , [05fc9aa9e4c51d19abcb2c18ad568a76], Trojan.Agent.BHO, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Msie2gr.bho2gr, , [05fc9aa9e4c51d19abcb2c18ad568a76], Trojan.Agent.BHO, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Msie2gr.bho2gr.1, , [05fc9aa9e4c51d19abcb2c18ad568a76], Trojan.Agent.BHO, HKLM\SOFTWARE\CLASSES\WOW6432NODE\Msie2gr.bho2gr, , [05fc9aa9e4c51d19abcb2c18ad568a76], Trojan.Agent.BHO, HKLM\SOFTWARE\CLASSES\WOW6432NODE\Msie2gr.bho2gr.1, , [05fc9aa9e4c51d19abcb2c18ad568a76], Trojan.Agent.BHO, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{31FF080D-12A3-439A-A2EF-4BA95A3148E8}, , [05fc9aa9e4c51d19abcb2c18ad568a76], Trojan.Agent.BHO, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4DA2C32A-4195-11D1-A9E1-00403320FCF2}, , [05fc9aa9e4c51d19abcb2c18ad568a76], Trojan.Agent.BHO, HKLM\SOFTWARE\CLASSES\GetRight.Automation, , [05fc9aa9e4c51d19abcb2c18ad568a76], Trojan.Agent.BHO, HKLM\SOFTWARE\WOW6432NODE\CLASSES\GetRight.Automation, , [05fc9aa9e4c51d19abcb2c18ad568a76], Trojan.Agent.BHO, HKLM\SOFTWARE\CLASSES\WOW6432NODE\GetRight.Automation, , [05fc9aa9e4c51d19abcb2c18ad568a76], Trojan.Agent.BHO, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{4DA2C32A-4195-11D1-A9E1-00403320FCF2}, , [05fc9aa9e4c51d19abcb2c18ad568a76], Trojan.Agent.BHO, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{73BA8F12-723E-11D1-A9E2-00403320FCF2}, , [05fc9aa9e4c51d19abcb2c18ad568a76], Trojan.Agent.BHO, HKLM\SOFTWARE\CLASSES\Ie2GetRight.Ie2GetRight.1, , [05fc9aa9e4c51d19abcb2c18ad568a76], Trojan.Agent.BHO, HKLM\SOFTWARE\CLASSES\Ie2GetRight.Ie2GetRight, , [05fc9aa9e4c51d19abcb2c18ad568a76], Trojan.Agent.BHO, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Ie2GetRight.Ie2GetRight, , [05fc9aa9e4c51d19abcb2c18ad568a76], Trojan.Agent.BHO, HKLM\SOFTWARE\CLASSES\WOW6432NODE\Ie2GetRight.Ie2GetRight, , [05fc9aa9e4c51d19abcb2c18ad568a76], Trojan.Agent.BHO, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Ie2GetRight.Ie2GetRight.1, , [05fc9aa9e4c51d19abcb2c18ad568a76], Trojan.Agent.BHO, HKLM\SOFTWARE\CLASSES\WOW6432NODE\Ie2GetRight.Ie2GetRight.1, , [05fc9aa9e4c51d19abcb2c18ad568a76], Trojan.Agent.BHO, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{73BA8F12-723E-11D1-A9E2-00403320FCF2}, , [05fc9aa9e4c51d19abcb2c18ad568a76], Trojan.Agent.BHO, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{77BA8F12-723E-11D1-A9E2-00403320FCF2}, , [05fc9aa9e4c51d19abcb2c18ad568a76], Trojan.Agent.BHO, HKLM\SOFTWARE\CLASSES\GRDownloadManager.GRDownloadManager.1, , [05fc9aa9e4c51d19abcb2c18ad568a76], Trojan.Agent.BHO, HKLM\SOFTWARE\CLASSES\GRDownloadManager.GRDownloadManager, , [05fc9aa9e4c51d19abcb2c18ad568a76], Trojan.Agent.BHO, HKLM\SOFTWARE\WOW6432NODE\CLASSES\GRDownloadManager.GRDownloadManager, , [05fc9aa9e4c51d19abcb2c18ad568a76], Trojan.Agent.BHO, HKLM\SOFTWARE\CLASSES\WOW6432NODE\GRDownloadManager.GRDownloadManager, , [05fc9aa9e4c51d19abcb2c18ad568a76], Trojan.Agent.BHO, HKLM\SOFTWARE\WOW6432NODE\CLASSES\GRDownloadManager.GRDownloadManager.1, , [05fc9aa9e4c51d19abcb2c18ad568a76], Trojan.Agent.BHO, HKLM\SOFTWARE\CLASSES\WOW6432NODE\GRDownloadManager.GRDownloadManager.1, , [05fc9aa9e4c51d19abcb2c18ad568a76], Trojan.Agent.BHO, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{77BA8F12-723E-11D1-A9E2-00403320FCF2}, , [05fc9aa9e4c51d19abcb2c18ad568a76], Trojan.Agent.BHO, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{31FF080D-12A3-439A-A2EF-4BA95A3148E8}, , [05fc9aa9e4c51d19abcb2c18ad568a76], Trojan.Agent.BHO, HKLM\SOFTWARE\CLASSES\TYPELIB\{73BA8F02-723E-11D1-A9E2-00403320FCF2}, , [05fc9aa9e4c51d19abcb2c18ad568a76], Trojan.Agent.BHO, HKLM\SOFTWARE\CLASSES\INTERFACE\{73BA8F11-723E-11D1-A9E2-00403320FCF2}, , [05fc9aa9e4c51d19abcb2c18ad568a76], Trojan.Agent.BHO, HKLM\SOFTWARE\CLASSES\INTERFACE\{77BA8F11-723E-11D1-A9E2-00403320FCF2}, , [05fc9aa9e4c51d19abcb2c18ad568a76], Trojan.Agent.BHO, HKLM\SOFTWARE\CLASSES\INTERFACE\{A2A4B797-1DBB-48B2-A4CA-B758CA997A6F}, , [05fc9aa9e4c51d19abcb2c18ad568a76], Trojan.Agent.BHO, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{73BA8F11-723E-11D1-A9E2-00403320FCF2}, , [05fc9aa9e4c51d19abcb2c18ad568a76], Trojan.Agent.BHO, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{77BA8F11-723E-11D1-A9E2-00403320FCF2}, , [05fc9aa9e4c51d19abcb2c18ad568a76], Trojan.Agent.BHO, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A2A4B797-1DBB-48B2-A4CA-B758CA997A6F}, , [05fc9aa9e4c51d19abcb2c18ad568a76], Trojan.Agent.BHO, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{73BA8F11-723E-11D1-A9E2-00403320FCF2}, , [05fc9aa9e4c51d19abcb2c18ad568a76], Trojan.Agent.BHO, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{77BA8F11-723E-11D1-A9E2-00403320FCF2}, , [05fc9aa9e4c51d19abcb2c18ad568a76], Trojan.Agent.BHO, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A2A4B797-1DBB-48B2-A4CA-B758CA997A6F}, , [05fc9aa9e4c51d19abcb2c18ad568a76], Trojan.Agent.BHO, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{73BA8F02-723E-11D1-A9E2-00403320FCF2}, , [05fc9aa9e4c51d19abcb2c18ad568a76], Trojan.Agent.BHO, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{73BA8F02-723E-11D1-A9E2-00403320FCF2}, , [05fc9aa9e4c51d19abcb2c18ad568a76], Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 1 Trojan.Agent.BHO, C:\Program Files (x86)\GetRight\xx2gr.dll, , [05fc9aa9e4c51d19abcb2c18ad568a76], Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 24.06.2017 Suchlaufzeit: 09:37 Protokolldatei: log1.txt Administrator: Ja Version: 2.2.1.1043 Malware-Datenbank: v2017.06.24.02 Rootkit-Datenbank: v2017.05.27.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 10 CPU: x64 Dateisystem: NTFS Benutzer: Terra_Nova Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 390900 Abgelaufene Zeit: 14 Min., 3 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 0 (keine bösartigen Elemente erkannt) Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 21-06-2017 01
durchgeführt von Terra_Nova (Administrator) auf TERRA_NOVA-PC (24-06-2017 13:15:45)
Gestartet von C:\Users\Benutzername\Desktop
Geladene Profile: Benutzernamea & Benutzername & (Verfügbare Profile: Benutzernamen & DefaultAppPool)
Platform: Windows 10 Home Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Sirrix AG) C:\Program Files (x86)\Sirrix AG\BitBox\bin\BitBoxService.exe
() C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
() C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
() C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(STRATO) C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 11\ouservice\StarMoneyOnlineUpdate.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(AO Kaspersky Lab) C:\Users\xxx\Desktop\tdsskiller.exe
(AO Kaspersky Lab) C:\Users\Terra_Nova\AppData\Local\Temp\{82998EBD-E922-40AF-97D2-CB63445F4248}\{D3C4B757-3AC7-4D10-9618-06D7AFFA65E5}.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12445288 2012-01-16] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1794888 2015-06-29] (NVIDIA Corporation)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [567088 2016-10-14] ()
HKLM-x32\...\Run: [NWEReboot] => [X]
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [918008 2017-06-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [97512 2017-05-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [421768 2016-04-25] (Acronis International GmbH)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7382232 2016-10-14] ()
HKU\S-1-5-21-1972467013-2157606943-3240702937-1000\...\Run: [VoipGain] => C:\Program Files (x86)\VoipGain.com\VoipGain\voipgain.exe [23054936 2014-12-13] (VoipGain)
HKU\S-1-5-21-1972467013-2157606943-3240702937-1000\...\Run: [VoipConnect] => C:\Program Files (x86)\VoipConnect.com\VoipConnect\voipconnect.exe [36547168 2016-04-10] (VoipConnect)
HKU\S-1-5-21-1972467013-2157606943-3240702937-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9773272 2017-05-19] (Piriform Ltd)
HKU\S-1-5-21-1972467013-2157606943-3240702937-1000\...\RunOnce: [Uninstall C:\Users\Terra_Nova\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Terra_Nova\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [VoipGain] => C:\Program Files (x86)\VoipGain.com\VoipGain\voipgain.exe [23054936 2014-12-13] (VoipGain)
HKU\S-1-5-21-1972467013-2157606943-3240702937-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [VoipConnect] => C:\Program Files (x86)\VoipConnect.com\VoipConnect\voipconnect.exe [36547168 2016-04-10] (VoipConnect)
HKU\S-1-5-21-1972467013-2157606943-3240702937-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9773272 2017-05-19] (Piriform Ltd)
HKU\S-1-5-21-1972467013-2157606943-3240702937-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall C:\Users\Terra_Nova\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Terra_Nova\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\...\Run: [OV2_Monitor] => C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 2\OV2Monitor.exe [231784 2013-01-10] (OLYMPUS IMAGING CORP.)
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\...\RunOnce: [Uninstall C:\Users\xxx\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\xxx\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\...\RunOnce: [Uninstall C:\Users\xxxAppData\Local\Microsoft\OneDrive\17.3.5892.0626_1] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\xxx\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\...\MountPoints2: {1d46483e-4cf7-11e7-8dfb-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\...\MountPoints2: {2574d6c8-2350-11e7-8dea-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\...\MountPoints2: {2574d762-2350-11e7-8dea-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\...\MountPoints2: {2574d79c-2350-11e7-8dea-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\...\MountPoints2: {4ee8ad62-31ce-11e7-8def-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\...\MountPoints2: {5fb1e021-71b2-11e6-8dbe-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\...\MountPoints2: {a1772a20-e3e2-11e6-8dde-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\...\MountPoints2: {b095eec6-7028-11e6-8dbd-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\...\MountPoints2: {b095ef46-7028-11e6-8dbd-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\...\MountPoints2: {b095ef58-7028-11e6-8dbd-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\...\MountPoints2: {dedb0a57-e5f6-11e6-8ddf-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\...\MountPoints2: {e04e85cf-0ae9-11e7-8de8-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\...\MountPoints2: {e84323e1-3bf2-11e7-8df7-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\...\MountPoints2: {e8432568-3bf2-11e7-8df7-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [OV2_Monitor] => C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 2\OV2Monitor.exe [231784 2013-01-10] (OLYMPUS IMAGING CORP.)
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall C:\Users\xxx\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\xxx\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall C:\Users\XXXppData\Local\Microsoft\OneDrive\17.3.5892.0626_1] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\xxx\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {1d46483e-4cf7-11e7-8dfb-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {2574d6c8-2350-11e7-8dea-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {2574d762-2350-11e7-8dea-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {2574d79c-2350-11e7-8dea-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4ee8ad62-31ce-11e7-8def-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {5fb1e021-71b2-11e6-8dbe-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {a1772a20-e3e2-11e6-8dde-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b095eec6-7028-11e6-8dbd-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b095ef46-7028-11e6-8dbd-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b095ef58-7028-11e6-8dbd-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {dedb0a57-e5f6-11e6-8ddf-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {e04e85cf-0ae9-11e7-8de8-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {e84323e1-3bf2-11e7-8df7-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {e8432568-3bf2-11e7-8df7-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2016-03-18] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2016-03-18] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2016-03-18] (Acronis)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{e7690fc1-1796-4cb4-b365-595a25d2511c}: [DhcpNameServer] 192.168.178.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-27] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-27] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
FireFox:
========
FF ProfilePath: C:\Users\Benuternamea\AppData\Roaming\Mozilla\Firefox\Profiles\ypuqh6j4.default-1484483457845 [2017-06-05]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru => nicht gefunden
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-17] ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\system32\npDeployJava1.dll [2013-03-24] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [Keine Datei]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-17] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2013-07-03] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2013-07-03] (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-27] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-27] (Adobe Systems Inc.)
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1244408 2016-10-14] ()
R2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [4463592 2016-11-20] ()
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [1128432 2017-06-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [490968 2017-06-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [490968 2017-06-16] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1524216 2017-06-16] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [374352 2017-05-22] (Avira Operations GmbH & Co. KG)
R2 BitBoxService; C:\Program Files (x86)\Sirrix AG\BitBox\bin\BitBoxService.exe [738304 2016-06-20] (Sirrix AG) [Datei ist nicht signiert]
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2017-04-11] () [Datei ist nicht signiert]
R2 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4884064 2015-08-11] (Acronis)
R2 StarMoney 10 OnlineUpdate; C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe [701760 2016-11-25] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 StarMoney 11 OnlineUpdate; C:\Program Files (x86)\StarMoney 11\ouservice\StarMoneyOnlineUpdate.exe [701040 2017-02-21] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 STRATO HiDrive Service; C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe [32768 2011-11-15] (STRATO) [Datei ist nicht signiert]
R2 syncagentsrv; C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [9698296 2016-04-16] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-28] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-28] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [31992 2015-06-03] (Advanced Micro Devices, Inc.)
R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [60920 2017-06-16] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [167504 2017-06-16] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [164824 2017-06-16] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2017-03-02] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2017-03-02] (Avira Operations GmbH & Co. KG)
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2017-04-11] (Huawei Technologies Co., Ltd.)
R0 file_tracker; C:\WINDOWS\System32\DRIVERS\file_tracker.sys [366432 2016-11-20] (Acronis International GmbH)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2017-04-11] (Huawei Technologies Co., Ltd.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
R0 tib; C:\WINDOWS\System32\DRIVERS\tib.sys [1267552 2016-11-20] (Acronis International GmbH)
R2 tib_mounter; C:\WINDOWS\system32\DRIVERS\tib_mounter.sys [193376 2016-11-20] (Acronis International GmbH)
S3 tnd; C:\WINDOWS\system32\DRIVERS\tnd.sys [601432 2016-11-20] (Acronis International GmbH)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [182480 2016-04-29] (Oracle Corporation)
R2 virtual_file; C:\WINDOWS\System32\DRIVERS\virtual_file.sys [279392 2016-09-22] (Acronis International GmbH)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U3 idsvc; kein ImagePath
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-06-24 13:08 - 2017-06-24 13:08 - 00263448 ____N (Kaspersky Lab, Yury Parshin) C:\WINDOWS\system32\Drivers\36757912.sys
2017-06-24 13:07 - 2017-06-24 13:09 - 00078200 _____ C:\TDSSKiller.3.1.0.15_24.06.2017_13.07.55_log.txt
2017-06-24 13:06 - 2017-06-24 13:06 - 04922400 _____ (AO Kaspersky Lab) C:\Users\xxx\Downloads\tdsskiller.exe
2017-06-24 13:06 - 2017-06-24 13:06 - 04922400 _____ (AO Kaspersky Lab) C:\Users\xxx\Desktop\tdsskiller.exe
2017-06-24 13:01 - 2017-06-24 13:16 - 00026668 _____ C:\Users\xx\Desktop\FRST.txt
2017-06-24 13:00 - 2017-06-24 13:15 - 00000000 ____D C:\FRST
2017-06-24 12:59 - 2017-06-24 12:59 - 02439680 _____ (Farbar) C:\Users\xxx\Desktop\FRST64.exe
2017-06-23 13:15 - 2017-06-23 13:15 - 01008793 _____ C:\Users\xxx\Downloads\aktuell.pdf
2017-06-17 09:54 - 2017-06-17 09:54 - 01886221 _____ C:\Users\xxx\Downloads\xx.pdf
2017-06-17 09:52 - 2017-06-17 09:52 - 01886221 _____ C:\Users\xxx\Downloads\xxx.pdf
2017-06-17 09:14 - 2017-06-17 09:14 - 00130539 _____ C:\Users\xxx\Downloads\xxx.pdf
2017-06-17 09:11 - 2017-06-17 09:11 - 00308118 _____ C:\Users\xxx\Downloads\xxx.pdf
2017-06-16 07:04 - 2017-06-16 07:03 - 00060920 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avdevprot.sys
2017-06-15 15:03 - 2017-06-15 15:03 - 00517064 _____ C:\Users\xxx\Downloads\xxx.pdf
2017-06-15 13:53 - 2017-06-15 13:53 - 00047023 _____ C:\Users\xxx\Downloads\xxx.pdf
2017-06-15 01:10 - 2017-06-15 01:10 - 00000000 ____D C:\WINDOWS\Panther
2017-06-14 20:47 - 2017-06-14 20:47 - 00000000 ___SD C:\WINDOWS\UpdateAssistantV2
2017-06-14 20:31 - 2017-06-14 20:32 - 1281774100 _____ C:\Users\xxx\Downloads\Tatort_17.06.11_20-15_ard_90_TVOON_DE.mpg.HD.avi
2017-06-14 19:26 - 2017-06-03 11:22 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcorehc.dll
2017-06-14 19:25 - 2017-06-03 12:11 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-06-14 19:25 - 2017-06-03 11:58 - 00340832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-06-14 19:25 - 2017-06-03 11:55 - 00780640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-06-14 19:25 - 2017-06-03 11:52 - 00607072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2017-06-14 19:25 - 2017-06-03 11:52 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2017-06-14 19:25 - 2017-06-03 11:49 - 20967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-14 19:25 - 2017-06-03 11:39 - 05686272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-14 19:25 - 2017-06-03 11:33 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-14 19:25 - 2017-06-03 11:31 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2017-06-14 19:25 - 2017-06-03 11:28 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-06-14 19:25 - 2017-06-03 11:26 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBrokerUI.dll
2017-06-14 19:25 - 2017-06-03 11:23 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-14 19:25 - 2017-06-03 11:22 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2017-06-14 19:25 - 2017-06-03 11:22 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpipcfg.dll
2017-06-14 19:25 - 2017-06-03 11:20 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-06-14 19:25 - 2017-06-03 11:19 - 01164288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-06-14 19:25 - 2017-06-03 11:16 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2017-06-14 19:25 - 2017-06-03 11:15 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-14 19:25 - 2017-06-03 11:12 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdProxy.dll
2017-06-14 19:25 - 2017-06-03 11:08 - 12187648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-14 19:25 - 2017-06-03 11:08 - 02643968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-14 19:25 - 2017-06-03 11:08 - 01221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2017-06-14 19:25 - 2017-06-03 11:06 - 03664384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-14 19:25 - 2017-06-03 11:05 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-06-14 19:25 - 2017-06-03 11:04 - 06042624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-14 19:25 - 2017-06-03 11:04 - 00773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-14 19:25 - 2017-06-03 11:03 - 01988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-14 19:25 - 2017-06-03 11:02 - 02997760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-14 19:25 - 2017-03-04 08:22 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-06-14 19:25 - 2017-03-04 08:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2017-06-14 19:25 - 2017-03-04 08:16 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2017-06-14 19:25 - 2016-09-07 06:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2017-06-14 19:24 - 2017-06-03 12:50 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-14 19:24 - 2017-06-03 12:50 - 00192856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-06-14 19:24 - 2017-06-03 12:06 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-14 19:24 - 2017-06-03 11:52 - 01021784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-06-14 19:24 - 2017-06-03 11:44 - 01412640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-14 19:24 - 2017-06-03 11:44 - 00545944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-14 19:24 - 2017-06-03 11:32 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-06-14 19:24 - 2017-06-03 11:31 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-14 19:24 - 2017-06-03 11:28 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2017-06-14 19:24 - 2017-06-03 11:26 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-06-14 19:24 - 2017-06-03 11:15 - 19414016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-14 19:24 - 2017-06-03 11:15 - 18364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-14 19:24 - 2017-06-03 11:05 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hnetcfg.dll
2017-06-14 19:24 - 2017-06-03 11:04 - 02006528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-14 19:24 - 2017-06-03 10:40 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-14 19:15 - 2017-06-03 11:14 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-06-14 19:15 - 2017-06-03 10:52 - 03403264 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-14 19:15 - 2017-06-03 10:50 - 02538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-14 19:15 - 2017-06-03 10:49 - 00903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-14 19:14 - 2017-06-03 12:11 - 00128864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-14 19:14 - 2017-06-03 11:59 - 00118112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-14 19:14 - 2017-06-03 11:53 - 00404824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-06-14 19:14 - 2017-06-03 11:50 - 00857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-06-14 19:14 - 2017-06-03 11:49 - 00509280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-06-14 19:14 - 2017-06-03 11:45 - 22220864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-14 19:14 - 2017-06-03 11:44 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-06-14 19:14 - 2017-06-03 11:39 - 02532192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-14 19:14 - 2017-06-03 11:16 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-14 19:14 - 2017-06-03 11:15 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-14 19:14 - 2017-06-03 11:14 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-14 19:14 - 2017-06-03 11:14 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-14 19:14 - 2017-06-03 11:11 - 00353792 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-06-14 19:14 - 2017-06-03 11:10 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-06-14 19:14 - 2017-06-03 11:10 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBrokerUI.dll
2017-06-14 19:14 - 2017-06-03 11:08 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-06-14 19:14 - 2017-06-03 11:07 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-14 19:14 - 2017-06-03 11:03 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-06-14 19:14 - 2017-06-03 10:53 - 08125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-14 19:14 - 2017-06-03 10:52 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-06-14 19:14 - 2017-06-03 10:50 - 04744704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-14 19:14 - 2017-06-03 10:49 - 03615744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-14 19:14 - 2017-06-03 10:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-14 19:14 - 2017-06-03 10:49 - 02318848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-06-14 19:14 - 2017-06-03 10:49 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-14 19:14 - 2017-06-03 10:48 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-06-14 19:14 - 2017-06-03 10:46 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-14 19:13 - 2017-06-03 12:14 - 00136024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-06-14 19:13 - 2017-06-03 12:09 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-06-14 19:13 - 2017-06-03 12:08 - 07783256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-14 19:13 - 2017-06-03 11:59 - 01181024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-06-14 19:13 - 2017-06-03 11:51 - 02187104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-14 19:13 - 2017-06-03 11:51 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-06-14 19:13 - 2017-06-03 11:49 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-06-14 19:13 - 2017-06-03 11:48 - 00857952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2017-06-14 19:13 - 2017-06-03 11:48 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2017-06-14 19:13 - 2017-06-03 11:18 - 22569984 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-14 19:13 - 2017-06-03 11:16 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-06-14 19:13 - 2017-06-03 11:09 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2017-06-14 19:13 - 2017-06-03 11:09 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcorehc.dll
2017-06-14 19:13 - 2017-06-03 11:09 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2017-06-14 19:13 - 2017-06-03 11:08 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-14 19:13 - 2017-06-03 11:07 - 00456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-06-14 19:13 - 2017-06-03 11:00 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-14 19:13 - 2017-06-03 10:56 - 13091840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-14 19:13 - 2017-06-03 10:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2017-06-14 19:13 - 2017-06-03 10:51 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2017-06-14 19:13 - 2017-06-03 10:48 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-06-14 19:13 - 2017-06-03 10:48 - 01131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-14 19:13 - 2017-06-03 10:48 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-14 19:13 - 2017-05-25 07:56 - 00038752 _____ (Microsoft Corporation) C:\WINDOWS\system32\OOBEUpdater.exe
2017-06-14 19:13 - 2017-03-04 08:16 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2017-06-14 19:12 - 2017-06-03 12:14 - 01564512 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-06-14 19:12 - 2017-06-03 12:14 - 00629088 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-06-14 19:12 - 2017-06-03 12:14 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-14 19:12 - 2017-06-03 12:14 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-06-14 19:12 - 2017-06-03 12:14 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-06-14 19:12 - 2017-06-03 12:14 - 00096608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-06-14 19:12 - 2017-06-03 12:14 - 00034648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-06-14 19:12 - 2017-06-03 12:01 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-14 19:12 - 2017-06-03 11:48 - 01112416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2017-06-14 19:12 - 2017-06-03 11:40 - 01566552 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-14 19:12 - 2017-06-03 11:40 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-14 19:12 - 2017-06-03 11:22 - 07217152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-14 19:12 - 2017-06-03 11:14 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-14 19:12 - 2017-06-03 11:10 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-06-14 19:12 - 2017-06-03 11:07 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\HNetCfgClient.dll
2017-06-14 19:12 - 2017-06-03 11:06 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2017-06-14 19:12 - 2017-06-03 11:01 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-06-14 19:12 - 2017-06-03 10:52 - 00975872 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-14 19:12 - 2017-06-03 10:52 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2017-06-14 19:12 - 2017-06-03 10:51 - 01418240 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-06-14 19:12 - 2017-06-03 10:49 - 02475520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-14 19:12 - 2017-06-03 10:49 - 01845248 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-14 19:12 - 2017-06-03 10:49 - 00351744 _____ (Microsoft Corporation) C:\WINDOWS\system32\hnetcfg.dll
2017-06-14 19:12 - 2017-06-03 08:08 - 00080078 _____ C:\WINDOWS\system32\normidna.nls
2017-06-14 19:11 - 2017-06-03 12:16 - 00279904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-06-14 19:11 - 2017-06-03 12:14 - 01214816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-06-14 19:11 - 2017-06-03 12:14 - 00544096 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-06-14 19:11 - 2017-06-03 12:14 - 00334176 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-06-14 19:11 - 2017-06-03 12:14 - 00233824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-06-14 19:11 - 2017-06-03 11:59 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-14 19:11 - 2017-06-03 11:54 - 00187232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-06-14 19:11 - 2017-06-03 11:50 - 00381792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-06-14 19:11 - 2017-06-03 11:48 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-06-14 19:11 - 2017-06-03 11:48 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-06-14 19:11 - 2017-06-03 11:39 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-06-14 19:11 - 2017-06-03 11:15 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-14 19:11 - 2017-06-03 11:08 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-06-14 19:11 - 2017-06-03 10:58 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2017-06-14 19:05 - 2017-06-14 19:06 - 1167375480 _____ C:\Users\xxx\Downloads\xxx.mpg.HD.avi
2017-06-11 17:04 - 2017-06-14 19:47 - 00011672 _____ C:\Users\xxx\Desktop\Unbenannt 1.odt
2017-06-11 16:07 - 2017-06-11 16:08 - 00095582 _____ C:\Users\xxx\Downloads\xxx.pdf
2017-06-11 13:49 - 2017-06-11 13:49 - 00165740 _____ C:\Users\Vxxx\Downloads\FILELOAD
2017-06-10 12:49 - 2017-06-10 12:49 - 00001064 _____ C:\Users\Public\Desktop\HiSuite.lnk
2017-06-10 12:49 - 2017-06-10 12:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiSuite
2017-06-10 12:48 - 2017-06-10 12:49 - 00000000 ____D C:\Program Files (x86)\HiSuite
2017-06-10 12:48 - 2017-04-11 04:17 - 00287232 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\hw_quusbnet.sys
2017-06-10 12:48 - 2017-04-11 04:17 - 00226560 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\hw_quusbmdm.sys
2017-06-10 12:48 - 2017-04-11 04:17 - 00127360 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\hw_cdcacm.sys
2017-06-10 12:48 - 2017-04-11 04:17 - 00116864 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\hw_usbdev.sys
2017-06-09 17:25 - 2017-06-09 17:26 - 00766472 _____ C:\Users\xxx\Downloads\Moerderische Nachbarn.epub
2017-05-31 18:01 - 2017-05-31 18:01 - 00000000 ____D C:\Users\xxx\Desktop\IMG_20170521_194740
2017-05-31 18:00 - 2017-05-31 18:00 - 00000000 ____D C:\Users\xxx\AppData\Roaming\WinRAR
2017-05-31 18:00 - 2017-05-31 18:00 - 00000000 ____D C:\Users\xxx\AppData\Roaming\WinRAR
2017-05-31 17:59 - 2017-05-31 18:17 - 00000000 ____D C:\Program Files\WinRAR
2017-05-27 15:24 - 2017-05-27 15:24 - 01509200 _____ C:\Users\xxx\Downloads\Por-andar-vestida-de-hombre--Julio-Csar-Gonzlez-Pags.pdf
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-06-24 12:55 - 2016-11-18 20:01 - 00000000 ____D C:\Users\Benutzername\AppData\LocalLow\Mozilla
2017-06-24 12:55 - 2016-08-06 14:05 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-06-24 10:11 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-06-24 10:03 - 2015-09-27 18:33 - 00000000 ____D C:\Users\Terra_Nova\AppData\Local\Packages
2017-06-24 10:02 - 2016-08-06 14:08 - 00000000 ____D C:\ProgramData\Package Cache
2017-06-24 10:02 - 2016-02-13 19:30 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-24 09:37 - 2016-05-31 17:13 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-06-24 09:33 - 2016-08-31 18:35 - 00000000 ____D C:\ProgramData\NVIDIA
2017-06-24 09:33 - 2016-08-06 14:41 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-24 09:33 - 2016-07-16 13:47 - 00000000 ___RD C:\WINDOWS\PrintDialog
2017-06-24 09:32 - 2016-07-16 08:04 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-06-24 09:30 - 2012-11-18 10:16 - 00000000 ____D C:\Program Files (x86)\GetRight
2017-06-24 07:06 - 2017-01-27 21:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-06-24 07:06 - 2012-11-24 09:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-06-23 13:13 - 2016-07-16 13:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-23 01:19 - 2017-03-18 14:09 - 00000000 ____D C:\Program Files (x86)\StarMoney 11
2017-06-22 17:54 - 2015-05-12 17:44 - 00000000 ____D C:\Program Files (x86)\StarMoney 10
2017-06-18 18:54 - 2016-08-06 14:15 - 02400870 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-18 18:54 - 2016-07-17 00:51 - 00954776 _____ C:\WINDOWS\system32\perfh007.dat
2017-06-18 18:54 - 2016-07-17 00:51 - 00230828 _____ C:\WINDOWS\system32\perfc007.dat
2017-06-18 13:35 - 2016-08-06 14:53 - 00000000 ____D C:\WINDOWS\system32\msmq
2017-06-18 13:33 - 2016-07-16 13:45 - 00000000 ____D C:\WINDOWS\INF
2017-06-17 10:39 - 2014-07-04 22:51 - 00000000 ____D C:\Users\xxx\AppData\Roaming\vlc
2017-06-16 07:06 - 2012-10-16 14:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-06-16 07:03 - 2016-10-10 18:33 - 00038048 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avusbflt.sys
2017-06-16 07:03 - 2013-03-28 20:12 - 00167504 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2017-06-16 07:03 - 2013-03-28 20:12 - 00164824 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2017-06-15 15:24 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\rescache
2017-06-15 01:11 - 2016-08-06 14:16 - 00000000 ____D C:\Users\xxx
2017-06-15 01:09 - 2016-08-06 14:05 - 00260872 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-15 01:09 - 2012-05-10 17:52 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-06-15 01:09 - 2012-05-10 17:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-06-14 20:47 - 2016-07-16 13:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-06-14 20:47 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-14 20:47 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-06-14 20:04 - 2013-10-11 16:52 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-14 19:56 - 2012-05-10 17:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-06-14 19:56 - 2012-04-03 18:28 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-14 19:55 - 2016-07-16 13:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-10 20:25 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-06-10 12:49 - 2016-09-03 10:06 - 00000000 ____D C:\Users\Terra_Nova\AppData\Local\Hisuite
2017-06-05 11:51 - 2017-01-15 14:30 - 00000000 ____D C:\Users\Terra_Nova\AppData\LocalLow\Mozilla
2017-06-05 11:51 - 2016-08-06 14:16 - 00000000 ____D C:\Users\DefaultAppPool
2017-06-05 11:51 - 2012-04-06 13:50 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-06-05 11:39 - 2015-11-14 13:54 - 00000000 ____D C:\Users\xxx\Downloads\Bücher
2017-06-05 11:31 - 2016-10-09 13:44 - 00000000 ___RD C:\Users\xxx\Downloads\Kurzfilme
2017-06-04 13:37 - 2017-01-01 14:19 - 00000000 ____D C:\Users\xxx\Documents\korAccount
2017-06-04 13:37 - 2016-04-29 16:53 - 00000000 ____D C:\Users\xxx\AppData\Local\ElevatedDiagnostics
2017-06-04 13:37 - 2012-04-01 14:57 - 00000000 ____D C:\Users\xxx\AppData\Roaming\korAccount
2017-06-03 08:36 - 2016-07-16 13:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-03 08:36 - 2016-07-16 13:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-02 21:42 - 2014-08-01 22:52 - 00001143 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-06-02 21:40 - 2016-08-06 14:16 - 00000000 ____D C:\Users\Terra_Nova
2017-05-31 18:08 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\registration
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-06-16 16:38
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 21-06-2017 01
durchgeführt von Benuternamea (24-06-2017 13:16:31)
Gestartet von C:\Users\Benutzername\Desktop
Windows 10 Home Version 1607 (X64) (2016-08-06 13:34:27)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-1972467013-2157606943-3240702937-500 - Administrator - Disabled)
BitBox (S-1-5-21-1972467013-2157606943-3240702937-1004 - Limited - Enabled)
DefaultAccount (S-1-5-21-1972467013-2157606943-3240702937-503 - Limited - Disabled)
Gast (S-1-5-21-1972467013-2157606943-3240702937-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1972467013-2157606943-3240702937-1002 - Limited - Enabled)
Terra_Nova (S-1-5-21-1972467013-2157606943-3240702937-1000 - Administrator - Enabled) => C:\Users\Terra_Nova
xxx y (S-1-5-21-1972467013-2157606943-3240702937-1003 - Limited - Enabled) => C:\Users\xxx
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acronis True Image (HKLM-x32\...\{E5F28743-0DB5-42C1-8B70-5986D88C0BE0}Visible) (Version: 19.0.6581 - Acronis)
Acronis True Image (x32 Version: 19.0.6581 - Acronis) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2540 - Adobe Systems Incorporated)
Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0.3 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Reader X (10.1.15) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.15 - Adobe Systems Incorporated)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.10.1.0 - Asmedia Technology)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.27.34 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{b9b31169-be62-4b82-9e65-d47c99299ba1}) (Version: 1.2.88.24864 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.88.24864 - Avira Operations GmbH & Co. KG) Hidden
Biet-O-Matic v2.14.8 (HKLM-x32\...\Biet-O-Matic v2.14.8) (Version: 2.14.8 - BOM Development Team)
Bitcoin (HKU\S-1-5-21-1972467013-2157606943-3240702937-1000\...\Bitcoin) (Version: 0.8.6 - Bitcoin project)
Bitcoin (HKU\S-1-5-21-1972467013-2157606943-3240702937-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Bitcoin) (Version: 0.8.6 - Bitcoin project)
Browser in the Box (HKLM-x32\...\BitBox) (Version: 4.3.2-r211 - Sirrix AG)
calibre 64bit (HKLM\...\{CDAEDA67-2C58-43F6-832A-D9C4D84347BA}) (Version: 2.53.0 - Kovid Goyal)
Canon iP7200 series Benutzerregistrierung (HKLM-x32\...\Canon iP7200 series Benutzerregistrierung) (Version: - Canon Inc.)
Canon iP7200 series On-screen Manual (HKLM-x32\...\Canon iP7200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon iP7200 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP7200_series) (Version: - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.30 - Piriform)
CloudReading (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.0.27.1025 - Foxit Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Data Lifeguard Diagnostic for Windows (HKLM-x32\...\{E40CE517-0D42-4198-96B4-C8232B257EB5}) (Version: 1.13 - Western Digital Corporation)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
ffdshow [rev 3154] [2009-12-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.1.1031 - Foxit Corporation)
GetRight 5.2d (HKLM-x32\...\GetRight_is1) (Version: - Headlight Software, Inc.)
HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
korAccount (HKLM-x32\...\{ABBF9252-A2F0-4770-8557-FFC357EA0F37}) (Version: 4.0.6.0 - Kornelius)
LibreOffice 5.0.5.2 (HKLM-x32\...\{43D862C3-739D-4FF6-91C0-25612368CC81}) (Version: 5.0.5.2 - The Document Foundation)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Mozilla Firefox 54.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 54.0 (x86 de)) (Version: 54.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.0.6368 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
NVIDIA 3D Vision Treiber 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 342.01 - NVIDIA Corporation)
NVIDIA Grafiktreiber 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
OLYMPUS Digital Camera Updater (HKLM-x32\...\{2A9E8F56-C31B-4DBB-BFE2-0F4EC8192355}) (Version: 1.0.3 - OLYMPUS IMAGING CORP.)
OLYMPUS Viewer 2 (HKLM-x32\...\{AEE39224-92BE-4389-9493-E57FF73BB96A}) (Version: 1.3.1 - OLYMPUS IMAGING CORP.)
Oracle VM VirtualBox 5.0.20_Sirrix (HKLM\...\{D5D3DA57-5784-4703-845B-7AC08D13C4DE}) (Version: 5.0.20 - Sirrix AG)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6554 - Realtek Semiconductor Corp.)
Recover Keys (HKLM-x32\...\Recover Keys_is1) (Version: 9.0.3.168 - Recover Keys)
Spotify (HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\...\Spotify) (Version: 1.0.45.186.g3b5036d6 - Spotify AB)
Spotify (HKU\S-1-5-21-1972467013-2157606943-3240702937-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Spotify) (Version: 1.0.45.186.g3b5036d6 - Spotify AB)
StarMoney (x32 Version: 3.0.3.19 - StarFinanz) Hidden
StarMoney (x32 Version: 4.0.2.34 - StarFinanz) Hidden
StarMoney (x32 Version: 5.0.0.226 - StarFinanz) Hidden
StarMoney (x32 Version: 6.0.0.313 - StarFinanz) Hidden
StarMoney 10 (HKLM-x32\...\{4A1988CE-0DEA-412B-8624-31A260263254}) (Version: 10 - Star Finanz GmbH)
StarMoney 11 (HKLM-x32\...\{A0F298D4-9F6A-444D-A434-7C9F6DFF34FF}) (Version: 11 - Star Finanz GmbH)
StarMoney 9.0 (HKLM-x32\...\{E3F4EED3-A8DB-4751-9BAC-2C54B2EC12C0}) (Version: 9.0 - Star Finanz GmbH)
STRATO HiDrive (remove only) (HKLM-x32\...\STRATO HiDrive) (Version: - STRATO AG)
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
VoipConnect (HKLM-x32\...\VoipConnect_is1) (Version: 4.13 build 732 - Finarea S.A. Switzerland)
VoipGain (HKLM-x32\...\VoipGain_is1) (Version: 4.09 build 660 - Finarea S.A. Switzerland)
Windows 10-Upgrade-Assistent (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17349 - Microsoft Corporation)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows-Treiberpaket - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/11/2009 2.0.0010.00002) (HKLM\...\2F30E6DAC57CFBE9B670FFE89D9E2009ACA4666C) (Version: 08/11/2009 2.0.0010.00002 - Google, Inc.)
Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)
WISO steuer:Sparbuch 2016 (HKLM-x32\...\{9CD347AD-C3CB-40AA-B693-0D090B309F7C}) (Version: 23.00.1146 - Buhl Data Service GmbH)
WISO steuer:Sparbuch 2017 (HKLM-x32\...\{6B95FF21-CEC5-41B6-A36F-D40B0CE3F561}) (Version: 24.00.1375 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{66D1331F-5388-486F-BF77-847F6CBD0043}) (Version: 21.00.8480 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2015 (HKLM-x32\...\{1D311707-0AAB-43F6-A9B3-468555554C19}) (Version: 22.00.8811 - Buhl Data Service GmbH)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {0101F20B-D273-42D7-BC11-0C2E82F4A4C7} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {047A26EA-E65C-4BEC-90DE-CA3BBE92BBB4} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0E9DA4C4-D39A-4D98-B803-942DBDB9359D} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {169EABC2-63A7-46F4-B474-FC1BEF7CAF7A} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {17B53C2E-5E20-4023-A946-F5122CE7B583} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {20A80F12-7846-4E07-9AC7-7E9825AFC1E4} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {21BD8E56-FF1C-4D43-B03C-999866E98523} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {22AE36B0-CAC9-4163-8AC1-7A539B7760B8} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {282DA29B-55E0-437B-824F-DC4D02686C48} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {2BD99794-C7B1-4DA7-9DA8-08DE8CC227DE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-05-19] (Piriform Ltd)
Task: {2DBBF6DA-005C-4915-A19A-A329D7297044} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {34B53ED6-3023-4BF4-A0D9-EE26138231A9} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {4232FBBB-6E8F-4D1D-8E6C-BA8C7214D8B9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {47B78AAA-9A95-4BAC-8AFA-16CE1DBE4870} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {50DBC6DA-88B7-41C1-8AF7-21E6145AE8DA} - System32\Tasks\{78A448D7-22A9-4CC7-B099-543040F26CC6} => pcalua.exe -a C:\Users\Terra_Nova\Downloads\WISOSteuersoftware2012.exe -d C:\Windows\system32
Task: {513D3F3D-8E2B-427B-A539-2EF0932E9490} - System32\Tasks\{FFAF333C-D13E-4797-9E90-81987D85DD73} => C:\Usersxxxe\Desktop\bitcoin-0.8.1-win32-setup.exe
Task: {5D1EED4B-B134-445C-8275-D0577B4435BB} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {6FD0F5EA-67C0-4869-9CEC-BF7195B08B7C} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7338E112-1213-4FE9-8407-9DD7D1CDEB86} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {753C47AE-EC5E-44B3-95A9-2C8E553F0E39} - System32\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary => C:\Program Files\Windows Media Player\wmpnscfg.exe
Task: {798F5EF4-937E-4DE3-8A71-78989BA5D897} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8132E3D3-927A-4004-AD9F-F626F91335CA} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {82323F0B-CDCF-4721-8B84-0140346D7F60} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {84BD501C-F7AB-4148-940A-BD2A14A6055F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {8A8E1E0A-E7BC-4CA1-B828-47C746E8CC90} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {A5DD998E-F23F-4A7D-87B5-8B77D4CB81CC} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A6DC991D-BFFC-475E-9D7C-9853096CE5AE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {A97824E0-1CEA-4F24-858F-8030A30D60DA} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AACBC7B2-044C-4658-AC2B-7FB2EE867651} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {AD0A6245-467C-42BA-833F-597FF2C139FE} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {AF866AD2-7F9B-47AE-82B3-D62A6947D4BA} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {B6D591D1-38E7-4439-8D1C-AC587FF1C8A5} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C07510B7-8FD2-437C-A31A-62D5FD02C503} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {C2D1A508-31E4-441A-A131-448375E2748C} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C47DB370-B977-413B-AF68-22B24271957A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C6A19B7F-B746-4532-B74B-CF7B3A14914C} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D0DE78F0-48B4-45D4-A868-6C24698D254D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-17] (Adobe Systems Incorporated)
Task: {DCCA43DD-29F7-401D-AE68-8012D4C0BADD} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {E3F62F4C-1F20-4C11-9083-3216E0A6A0E8} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F766E8FF-8CC1-40BD-BAB4-3726D5020251} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Verknüpfungen & WMI ========================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2016-07-16 13:42 - 2016-07-16 13:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-06-14 19:12 - 2017-06-03 12:01 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-08-31 18:33 - 2016-11-14 13:15 - 00135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-10-14 15:31 - 2016-10-14 15:31 - 01244408 _____ () C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
2016-11-20 14:14 - 2016-11-20 14:14 - 04463592 _____ () C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
2017-04-11 04:17 - 2017-04-11 04:17 - 00192200 _____ () C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
2016-08-06 15:48 - 2016-08-06 15:48 - 00959168 _____ () C:\Users\xxx\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\ClientTelemetry.dll
2016-09-15 17:14 - 2016-09-07 06:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-15 21:20 - 2017-03-04 08:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-15 21:21 - 2017-03-04 08:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-15 21:21 - 2017-03-04 08:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-15 21:21 - 2017-03-04 08:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-06-14 19:12 - 2017-06-03 10:47 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-06-14 19:12 - 2017-06-03 10:47 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-06-14 19:12 - 2017-06-03 10:51 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-04-16 12:56 - 2016-04-16 12:56 - 09698296 _____ () C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
2017-06-21 10:11 - 2017-06-21 10:11 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-06-21 10:11 - 2017-06-21 10:11 - 00203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-06-21 10:11 - 2017-06-21 10:12 - 43454464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-06-21 10:11 - 2017-06-21 10:11 - 02437120 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\skypert.dll
2010-12-23 12:06 - 2010-12-23 12:06 - 00028672 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\cx_Logging.pyd
2012-10-27 16:21 - 2012-10-27 16:21 - 00098816 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32api.pyd
2012-10-27 16:20 - 2012-10-27 16:20 - 00110080 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\pywintypes27.dll
2012-10-27 16:20 - 2012-10-27 16:20 - 00018432 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32event.pyd
2012-10-27 16:20 - 2012-10-27 16:20 - 00119808 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32file.pyd
2012-10-27 16:21 - 2012-10-27 16:21 - 00167936 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32gui.pyd
2012-10-27 16:20 - 2012-10-27 16:20 - 00024064 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32pipe.pyd
2012-10-27 16:20 - 2012-10-27 16:20 - 00035840 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32process.pyd
2012-10-27 16:20 - 2012-10-27 16:20 - 00017408 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32profile.pyd
2012-10-27 16:20 - 2012-10-27 16:20 - 00108544 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32security.pyd
2012-10-27 16:21 - 2012-10-27 16:21 - 00022528 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32ts.pyd
2012-10-27 16:22 - 2012-10-27 16:22 - 00364544 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\pythoncom27.dll
2012-10-27 16:23 - 2012-10-27 16:23 - 00320512 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32com.shell.shell.pyd
2014-06-30 17:04 - 2014-06-30 17:04 - 00087552 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\_ctypes.pyd
2014-06-30 17:04 - 2014-06-30 17:04 - 00715264 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\_hashlib.pyd
2014-06-30 17:03 - 2014-06-30 17:03 - 00046080 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\_socket.pyd
2014-06-30 17:04 - 2014-06-30 17:04 - 01160704 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\_ssl.pyd
2012-10-27 16:20 - 2012-10-27 16:20 - 00025600 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32cred.pyd
2014-04-14 16:06 - 2014-04-14 16:06 - 00055510 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\pacparser._pacparser.pyd
2014-04-14 16:06 - 2014-04-14 16:06 - 00976827 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\pacparser.dll
2012-10-27 16:20 - 2012-10-27 16:20 - 00011264 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32crypt.pyd
2012-10-27 16:20 - 2012-10-27 16:20 - 00064512 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32net.pyd
2015-08-11 15:36 - 2015-08-11 15:36 - 00024896 _____ () C:\Program Files (x86)\Common Files\Acronis\Infrastructure\core_workers_shared_context.dll
2016-10-14 15:25 - 2016-10-14 15:25 - 00037808 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
2016-10-14 15:48 - 2016-10-14 15:48 - 04355264 _____ () C:\Program Files (x86)\Common Files\Acronis\Infrastructure\atih_mms_addon.dll
2015-08-23 15:59 - 2015-08-23 15:59 - 00606672 _____ () C:\Program Files (x86)\Common Files\Acronis\Infrastructure\sqlite3.dll
2016-10-14 15:47 - 2016-10-14 15:47 - 20605872 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers.dll
2015-11-16 18:05 - 2015-11-16 18:05 - 00126928 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\afcdpapi.dll
2016-04-16 12:45 - 2016-04-16 12:45 - 00248240 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\sync_agent_api.dll
2014-08-01 19:14 - 2011-01-13 12:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney 9.0\ouservice\PATCHW32.dll
2016-12-13 19:27 - 2016-01-28 16:33 - 01058624 _____ () C:\Program Files (x86)\StarMoney 10\ouservice\libxml2.dll
2016-12-13 19:27 - 2011-01-13 11:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney 10\ouservice\PATCHW32.dll
2017-03-18 14:12 - 2016-01-28 16:33 - 01060160 _____ () C:\Program Files (x86)\StarMoney 11\ouservice\libxml2.dll
2017-03-18 14:12 - 2017-01-23 18:49 - 00232800 _____ () C:\Program Files (x86)\StarMoney 11\ouservice\PATCHW32.dll
2016-10-14 15:25 - 2016-10-14 15:25 - 00445872 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2016-10-14 15:23 - 2016-10-14 15:23 - 00115632 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\EXPAT.dll
2014-03-31 21:35 - 2014-03-31 21:35 - 00282304 _____ () C:\Program Files (x86)\Windows Live\Writer\de\WindowsLive.Writer.Localization.resources.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1972467013-2157606943-3240702937-1000\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-1972467013-2157606943-3240702937-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\Control Panel\Desktop\\Wallpaper -> D:\Fotos\Gran Canaria 2017\IMG_20170401_115843.jpg
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> D:\Fotos\Gran Canaria 2017\IMG_20170401_115843.jpg
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk => C:\Windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.CommonStartup
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: AcronisTimounterMonitor => C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: FileHippo.com => "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background
MSCONFIG\startupreg: OV2_Monitor => "C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 2\FirstStart.exe" /OS
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TrueImageMonitor.exe => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
MSCONFIG\startupreg: VoipConnect => "C:\Program Files (x86)\VoipConnect.com\VoipConnect\voipconnect.exe" -nosplash -minimized
MSCONFIG\startupreg: VoipGain => "C:\Program Files (x86)\VoipGain.com\VoipGain\VoipGain.exe" -nosplash -minimized
HKLM\...\StartupApproved\StartupFolder: => "WISO Mein Steuer-Sparbuch heute.lnk"
HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor"
HKLM\...\StartupApproved\Run32: => "TrueImageMonitor.exe"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1000\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1000\...\StartupApproved\Run: => "VoipConnect"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1000\...\StartupApproved\Run: => "VoipGain"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "VoipConnect"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "VoipGain"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\...\StartupApproved\Run: => "OV2_Monitor"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "OV2_Monitor"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [UDP Query User{BA121EBC-2CC2-4DFD-BA99-27DF42237D85}C:\users\xxx\appdata\roaming\acer\acerextend\functmodules\{365c4421-38a3-4de4-9656-dc22f9dcdc34}\asmainapp.exe] => (Allow) C:\users\xxx\appdata\roaming\acer\acerextend\functmodules\{365c4421-38a3-4de4-9656-dc22f9dcdc34}\asmainapp.exe
FirewallRules: [TCP Query User{25D0296D-CA1B-41EF-9312-54B66AFA4D9D}C:\users\xxx\appdata\roaming\acer\acerextend\functmodules\{365c4421-38a3-4de4-9656-dc22f9dcdc34}\asmainapp.exe] => (Allow) C:\users\xxx\appdata\roaming\acer\acerextend\functmodules\{365c4421-38a3-4de4-9656-dc22f9dcdc34}\asmainapp.exe
FirewallRules: [{AE85B8AE-E55A-4A7F-AF43-85DF5F456AE7}] => (Allow) LPort=59888
FirewallRules: [{F73D786F-EDBC-4A46-9BCC-51F370BE80EA}] => (Allow) LPort=30122
FirewallRules: [{3D8BC636-00E8-4127-A915-C051D3A8E2E5}] => (Allow) LPort=30122
FirewallRules: [{6A122D5D-B18C-466A-BA83-5AC4E9C31E65}] => (Allow) C:\Usersxxxx \AppData\Roaming\Acer\AcerEXTEND\FunctModules\{3AE3E562-DDCD-4188-B625-892B932ACCF2}\AcerEXTENDSvc.exe
FirewallRules: [{6E337A54-501C-424D-BB4A-505E41331894}] => (Allow) C:\Users\xxx\AppData\Roaming\Acer\AcerEXTEND\FunctModules\{3AE3E562-DDCD-4188-B625-892B932ACCF2}\AcerEXTENDSvc.exe
FirewallRules: [{DDEC3FAE-DA4A-414D-8357-E2AB281FC4FD}] => (Allow) C:\Program Files (x86)\StarMoney 10\app\StarMoney.exe
FirewallRules: [{39C35FF6-751E-4EFD-A197-AD39DDA37A29}] => (Allow) C:\Program Files (x86)\StarMoney 10\app\StarMoney.exe
FirewallRules: [{07257636-F58A-4AA8-96CE-E45F913049CF}] => (Allow) C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{CB8D713D-A41A-408E-9CD2-7CEFE8AD357B}] => (Allow) C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [UDP Query User{86AF63D8-4865-4E05-BBF3-BDD0FDAA5058}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{013A7FF0-C04C-40DD-9CE0-BF20DAAF26C2}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{1674D825-118E-4B3F-A29F-CBAED91FCED5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7E5CD600-1422-4B76-82B0-C9D43B566A84}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{DAFE0615-83AD-4D02-BAFB-5078531A5C7F}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Block) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [TCP Query User{C939E945-6B4B-42BE-BBF7-9DD47CE1D6DA}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Block) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [{9210A1AE-CACC-4194-852F-D7F7DAD76151}] => (Allow) LPort=1900
FirewallRules: [{58973E43-2862-429C-9234-41DB28746CA1}] => (Allow) LPort=2869
FirewallRules: [{CC104FD6-5312-4646-8353-7AD3F5870087}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{03FFFB5A-13B1-48A7-8E44-67485F31C7A8}] => (Allow) C:\Program Files (x86)\StarMoney 9.0\app\StarMoney.exe
FirewallRules: [{A4D33C8D-8BE5-4B3D-8F9A-6D8F82B07DF2}] => (Allow) C:\Program Files (x86)\StarMoney 9.0\app\StarMoney.exe
FirewallRules: [{AF12370F-4437-4402-BC7A-F43C9B0659A3}] => (Allow) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{CDE77FEC-5A75-40C8-9F7F-64D039554201}] => (Allow) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [UDP Query User{FE745DBC-37C7-4175-BF07-E5A4333CAA59}C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe] => (Block) C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe
FirewallRules: [TCP Query User{3C5A341A-E6B5-444B-AB10-A4C00CCDEAEC}C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe] => (Block) C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe
FirewallRules: [UDP Query User{A0E3E357-CEBF-4DA1-9722-8861A5567015}C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe] => (Allow) C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe
FirewallRules: [TCP Query User{DC37608B-6901-43F6-8E68-5A77EBAD4D09}C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe] => (Allow) C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe
FirewallRules: [UDP Query User{48D14E43-ACC1-4DE7-9F67-256D84FAAB08}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{E719DE01-9897-4E98-8B56-7EAB4C5613AE}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{CB1AD701-5718-421C-840D-3F1FB3A19A08}C:\program files (x86)\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files (x86)\bitcoin\bitcoin-qt.exe
FirewallRules: [TCP Query User{DA879329-B380-4BA3-BEE8-291F994B9747}C:\program files (x86)\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files (x86)\bitcoin\bitcoin-qt.exe
FirewallRules: [UDP Query User{3C80E274-4745-4D2C-9676-B9B038524699}C:\program files (x86)\getright\getright.exe] => (Allow) C:\program files (x86)\getright\getright.exe
FirewallRules: [TCP Query User{939DF25B-AAC7-44A0-AB04-4FDD61DB5A8B}C:\program files (x86)\getright\getright.exe] => (Allow) C:\program files (x86)\getright\getright.exe
FirewallRules: [UDP Query User{D698667B-10C1-4C5C-B77D-5CCF7AAE74BE}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [TCP Query User{341D9099-A5FD-49D7-95E5-D5946CCC1844}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [UDP Query User{76A431DE-F918-42A8-ABE1-EA69D4E38D64}C:\program files (x86)\voipgain.com\voipgain\voipgain.exe] => (Block) C:\program files (x86)\voipgain.com\voipgain\voipgain.exe
FirewallRules: [TCP Query User{2A238244-E57F-4AA5-9520-B8FDA94AD8B7}C:\program files (x86)\voipgain.com\voipgain\voipgain.exe] => (Block) C:\program files (x86)\voipgain.com\voipgain\voipgain.exe
FirewallRules: [{B1DF55C8-B394-416B-95F2-AFF2A3C71DDE}] => (Allow) C:\Program Files (x86)\VoipGain.com\VoipGain\VoipGain.exe
FirewallRules: [{AE7DDE4D-F8B9-449D-B99D-A3B950274FC4}] => (Allow) C:\Program Files (x86)\VoipGain.com\VoipGain\VoipGain.exe
FirewallRules: [{3F153B3B-9F3D-4A3E-B5D1-5E2ED8ED3C37}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{774776B9-CBC5-41AF-A616-4BDDC8C3F907}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6EB67E1D-D20C-4C15-A9F8-3985A08F38F4}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{99A33E80-05B6-4936-B748-4CC26EB103DF}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{A24D208F-C83C-4CE9-93CF-3E2238CEA362}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{4FE385DE-2D62-4B00-A93A-845B40F6EE26}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{69839662-FD03-47B0-B149-45B380561264}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{5C1E60CB-8059-4A2E-812C-A49845BCD3A0}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [TCP Query User{C154720C-AAB7-4984-A8EB-50E5E1701C84}C:\users\xxx\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\xxx\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{D3909447-2B02-47E0-B7B3-3C5073ED895D}C:\users\xxx\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\xxx\appdata\roaming\spotify\spotify.exe
FirewallRules: [{5476897D-8925-4C2D-BDB5-C0B7099E0AB2}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{64F6096D-996F-4566-8D00-12F231489A7C}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
FirewallRules: [{52DFC457-1144-4B1E-8CE4-78B7A60B63D0}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{905E525C-13FB-4649-85E8-6921517A77FE}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
FirewallRules: [{1B380C31-FAD6-46ED-AC87-1B65579811D7}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{08F4E19D-25C2-4EDB-89C3-6D7A49D1E0EF}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
FirewallRules: [{79E60500-C7D3-4B9F-9F49-8906D8019B29}] => (Allow) C:\Program Files (x86)\StarMoney 11\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{94BE0D20-BD38-4175-B2E6-0DA192D92ECD}] => (Allow) C:\Program Files (x86)\StarMoney 11\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{64C87AEC-489E-455B-8C8C-21B432E9EF65}] => (Allow) C:\Program Files (x86)\StarMoney 11\app\StarMoney.exe
FirewallRules: [{DD26617C-983F-4333-970D-5C2B05334439}] => (Allow) C:\Program Files (x86)\StarMoney 11\app\StarMoney.exe
==================== Wiederherstellungspunkte =========================
19-06-2017 18:54:08 Geplanter Prüfpunkt
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: TAP-Win32 Adapter V9
Description: TAP-Win32 Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Realtek RTL8191SU Wireless LAN 802.11n USB 2.0 Network Adapter
Description: Realtek RTL8191SU Wireless LAN 802.11n USB 2.0-Netzwerkadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTL8192su
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (06/24/2017 01:01:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FRST64.exe, Version: 21.6.2017.1, Zeitstempel: 0x594a8b8e
Name des fehlerhaften Moduls: FRST64.exe, Version: 21.6.2017.1, Zeitstempel: 0x594a8b8e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000026765
ID des fehlerhaften Prozesses: 0x2028
Startzeit der fehlerhaften Anwendung: 0x01d2ecd925b9f851
Pfad der fehlerhaften Anwendung: C:\Users\Benutzername\Desktop\FRST64.exe
Pfad des fehlerhaften Moduls: C:\Users\Benutzername\Desktop\FRST64.exe
Berichtskennung: 3addf986-1780-4fcd-b65a-559027b1dc85
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (06/22/2017 07:16:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Terra_Nova-PC)
Description: Das Paket „Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe+App“ wurde beendet, da das Anhalten zu lange dauerte.
Error: (06/21/2017 06:46:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Terra_Nova-PC)
Description: Das Paket „Microsoft.Windows.ShellExperienceHost_10.0.14393.1358_neutral_neutral_cw5n1h2txyewy+App“ wurde beendet, da das Anhalten zu lange dauerte.
Error: (06/20/2017 07:06:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Microsoft.Photos.exe, Version 1.0.1706.13001 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 272c
Startzeit: 01d2e9bc8eebac82
Beendigungszeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
Berichts-ID: da215022-55da-11e7-8dfd-8c89a51b1638
Vollständiger Name des fehlerhaften Pakets: Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe
Auf das fehlerhafte Paket bezogene Anwendungs-ID: App
Error: (06/20/2017 07:06:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Terra_Nova-PC)
Description: Das Paket „Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe+App“ wurde beendet, da das Anhalten zu lange dauerte.
Error: (06/19/2017 06:54:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (06/19/2017 06:54:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddCorePnPFiles : Opening PnpLockdownFiles key failed.
System Error:
Zugriff verweigert
.
Error: (06/19/2017 06:33:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (06/19/2017 06:33:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddCorePnPFiles : Opening PnpLockdownFiles key failed.
System Error:
Zugriff verweigert
.
Error: (06/18/2017 01:44:47 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Systemfehler:
=============
Error: (06/24/2017 10:06:28 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
und der APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (06/24/2017 10:02:39 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
und der APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (06/24/2017 09:36:02 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
und der APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (06/24/2017 09:33:45 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "NetTcpActivator" ist vom Dienst "NetTcpPortSharing" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
Error: (06/24/2017 09:32:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Gruppenrichtlinienclient" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.
Error: (06/24/2017 09:32:26 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst gpsvc erreicht.
Error: (06/24/2017 09:31:56 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst DoSvc erreicht.
Error: (06/24/2017 09:31:26 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Appinfo erreicht.
Error: (06/24/2017 07:08:35 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
und der APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (06/24/2017 07:07:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NetMsmqActivator" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz
Prozentuale Nutzung des RAM: 59%
Installierter physikalischer RAM: 4077.64 MB
Verfügbarer physikalischer RAM: 1652.57 MB
Summe virtueller Speicher: 8173.64 MB
Verfügbarer virtueller Speicher: 4741.23 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:536.02 GB) (Free:403.96 GB) NTFS
Drive d: (Volume) (Fixed) (Total:709.88 GB) (Free:485.89 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 210D2946)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=536 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=861.1 GB) - (Type=05)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)
==================== Ende von Addition.txt ============================
|
|
24.06.2017, 12:52
| #4 |
| | Windows 10: Malwarebyte findet Trojan.Agent.BHO TDSS: Code:
ATTFilter 13:17:54.0548 0x1d00 TDSS rootkit removing tool 3.1.0.15 Apr 18 2017 11:34:02
13:17:59.0814 0x1d00 ============================================================
13:17:59.0814 0x1d00 Current date / time: 2017/06/24 13:17:59.0814
13:17:59.0814 0x1d00 SystemInfo:
13:17:59.0814 0x1d00
13:17:59.0814 0x1d00 OS Version: 10.0.14393 ServicePack: 0.0
13:17:59.0814 0x1d00 Product type: Workstation
13:17:59.0814 0x1d00 ComputerName: TERRA_NOVA-PC
13:17:59.0814 0x1d00 UserName: Terra_Nova
13:17:59.0814 0x1d00 Windows directory: C:\WINDOWS
13:17:59.0814 0x1d00 System windows directory: C:\WINDOWS
13:17:59.0814 0x1d00 Running under WOW64
13:17:59.0814 0x1d00 Processor architecture: Intel x64
13:17:59.0814 0x1d00 Number of processors: 4
13:17:59.0814 0x1d00 Page size: 0x1000
13:17:59.0814 0x1d00 Boot type: Normal boot
13:17:59.0814 0x1d00 CodeIntegrityOptions = 0x00000001
13:17:59.0814 0x1d00 ============================================================
13:18:00.0923 0x1d00 KLMD registered as C:\WINDOWS\system32\drivers\56741947.sys
13:18:00.0923 0x1d00 KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 14393.1358, osProperties = 0x19
13:18:01.0079 0x1d00 System UUID: {3E0948D3-04A5-4CDB-CEE9-E350D8BAFA70}
13:18:01.0517 0x1d00 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 ( 1397.27 Gb ), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:18:01.0517 0x1d00 ============================================================
13:18:01.0517 0x1d00 \Device\Harddisk0\DR0:
13:18:01.0517 0x1d00 MBR partitions:
13:18:01.0517 0x1d00 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:18:01.0517 0x1d00 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3282C, BlocksNum 0x4300AEB6
13:18:01.0533 0x1d00 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x4303D728, BlocksNum 0x58BC2D77
13:18:01.0533 0x1d00 ============================================================
13:18:01.0579 0x1d00 C: <-> \Device\Harddisk0\DR0\Partition2
13:18:01.0611 0x1d00 D: <-> \Device\Harddisk0\DR0\Partition3
13:18:01.0611 0x1d00 ============================================================
13:18:01.0611 0x1d00 Initialize success
13:18:01.0611 0x1d00 ============================================================
13:18:04.0126 0x28e8 ============================================================
13:18:04.0126 0x28e8 Scan started
13:18:04.0126 0x28e8 Mode: Manual;
13:18:04.0126 0x28e8 ============================================================
13:18:04.0126 0x28e8 KSN ping started
13:18:04.0189 0x28e8 KSN ping finished: true
13:18:07.0580 0x28e8 ================ Scan system memory ========================
13:18:07.0580 0x28e8 System memory - ok
13:18:07.0580 0x28e8 ================ Scan services =============================
13:18:07.0720 0x28e8 1394ohci - ok
13:18:07.0720 0x28e8 3ware - ok
13:18:07.0736 0x28e8 ACPI - ok
13:18:07.0752 0x28e8 AcpiDev - ok
13:18:07.0752 0x28e8 acpiex - ok
13:18:07.0752 0x28e8 acpipagr - ok
13:18:07.0767 0x28e8 AcpiPmi - ok
13:18:07.0767 0x28e8 acpitime - ok
13:18:07.0892 0x28e8 [ 2D2DF41D56BE1E51DBCA37B72E19714F, 6F32F4701D2B894C20C926A0B324D9F118CDF5C16F10608ACF9181FD27523B87 ] AcrSch2Svc C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
13:18:07.0908 0x28e8 AcrSch2Svc - ok
13:18:07.0970 0x28e8 [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:18:07.0970 0x28e8 AdobeARMservice - ok
13:18:08.0064 0x28e8 [ E6A1D864EC90F4397DF5AB2633B34DD4, 05F1B7291EBDD9CA1D74649C0DAFCBE5F2CF93E92C5CA16A8AC10B6DF83101A0 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:18:08.0080 0x28e8 AdobeFlashPlayerUpdateSvc - ok
13:18:08.0080 0x28e8 ADP80XX - ok
13:18:08.0220 0x28e8 [ D58AFA917D97BFF073E58763B13E4A65, 5D735F27CC1C17CED976E0996033AF72E3C70BADAE8BFE6506AAF5BD747E6DA2 ] afcdpsrv C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
13:18:08.0299 0x28e8 afcdpsrv - ok
13:18:08.0314 0x28e8 AFD - ok
13:18:08.0314 0x28e8 ahcache - ok
13:18:08.0345 0x28e8 AJRouter - ok
13:18:08.0345 0x28e8 ALG - ok
13:18:08.0361 0x28e8 AmdK8 - ok
13:18:08.0377 0x28e8 [ BE258C17CFD09F4210602105432E784A, FD38B50785206D6E5EADE65396030E18C8B9D993D7225057B0C24F3256BCE2E3 ] amdkmafd C:\WINDOWS\system32\drivers\amdkmafd.sys
13:18:08.0377 0x28e8 amdkmafd - ok
13:18:08.0377 0x28e8 AmdPPM - ok
13:18:08.0377 0x28e8 amdsata - ok
13:18:08.0392 0x28e8 amdsbs - ok
13:18:08.0392 0x28e8 amdxata - ok
13:18:08.0486 0x28e8 [ 2C5A37BC42D91CD54FEAFCC51D3E4924, FDF678E91D1FAF789A2E0C8315D65D4BAF7997705D66D0450EFF81631BD79F59 ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
13:18:08.0502 0x28e8 AntiVirMailService - ok
13:18:08.0549 0x28e8 [ 1CE285653AD840CBC168957C5ACA6DDE, DBF70B3AFBF5287332B27534E94F2917E3960B74ADBEED938AFD16B87065A2A9 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
13:18:08.0564 0x28e8 AntiVirSchedulerService - ok
13:18:08.0595 0x28e8 [ 1CE285653AD840CBC168957C5ACA6DDE, DBF70B3AFBF5287332B27534E94F2917E3960B74ADBEED938AFD16B87065A2A9 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
13:18:08.0595 0x28e8 AntiVirService - ok
13:18:08.0674 0x28e8 [ B1DEA30E906DC1A90AA9D89FBF3FE490, B37AA43BA8B3C91A657C94D9621C40818BAAFF6C2445D66C4C225E9DB657C2A3 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
13:18:08.0705 0x28e8 AntiVirWebService - ok
13:18:08.0720 0x28e8 AppHostSvc - ok
13:18:08.0736 0x28e8 AppID - ok
13:18:08.0752 0x28e8 AppIDSvc - ok
13:18:08.0767 0x28e8 Appinfo - ok
13:18:08.0767 0x28e8 applockerfltr - ok
13:18:08.0799 0x28e8 AppReadiness - ok
13:18:08.0814 0x28e8 AppXSvc - ok
13:18:08.0830 0x28e8 arcsas - ok
13:18:08.0877 0x28e8 aspnet_state - ok
13:18:08.0877 0x28e8 AsyncMac - ok
13:18:08.0892 0x28e8 atapi - ok
13:18:08.0908 0x28e8 AudioEndpointBuilder - ok
13:18:08.0908 0x28e8 Audiosrv - ok
13:18:08.0924 0x28e8 [ 4621EA3385170B087A03F3C90E276B4A, 1513802CF844B1B7A70C820AEF732EDA432D44CD8726560D95F05EB5CA556CD7 ] avdevprot C:\WINDOWS\system32\DRIVERS\avdevprot.sys
13:18:08.0924 0x28e8 avdevprot - ok
13:18:08.0955 0x28e8 [ 0C6D49FFD4B70F95E24EF5311ED57A28, AB58DC263E3B5DE2E5E76DCBE8061D9B6736B411C2D572E56AD68BB326818FAF ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
13:18:08.0955 0x28e8 avgntflt - ok
13:18:08.0986 0x28e8 [ DAA6BD143D3AC4274791018FFAD5543A, 2D85818C52FF768579528A81DEB8D106421D986B28837B301F53B600E382E6CF ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
13:18:08.0986 0x28e8 avipbb - ok
13:18:09.0033 0x28e8 [ D9D137C05116142FABA0580C031C6AD3, D7F8633DF8715562457A787043F149B6E376B163651CD2364791F8DE32009494 ] Avira.ServiceHost C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
13:18:09.0049 0x28e8 Avira.ServiceHost - ok
13:18:09.0064 0x28e8 [ 2CBA09A7983B1D39531B768BCED08C20, B40968DFE1A648CCB9260033E1EA57B5D496274A335B000354156B0DB740EDE0 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
13:18:09.0064 0x28e8 avkmgr - ok
13:18:09.0080 0x28e8 [ 8D18C6406FF8DC39028177E1E5675182, 44985DEE74F235567FB849350256F342BCE26EF66439D761FA3F6EDA22882092 ] avnetflt C:\WINDOWS\system32\DRIVERS\avnetflt.sys
13:18:09.0080 0x28e8 avnetflt - ok
13:18:09.0095 0x28e8 AxInstSV - ok
13:18:09.0111 0x28e8 b06bdrv - ok
13:18:09.0127 0x28e8 BasicDisplay - ok
13:18:09.0158 0x28e8 BasicRender - ok
13:18:09.0158 0x28e8 bcmfn - ok
13:18:09.0158 0x28e8 bcmfn2 - ok
13:18:09.0174 0x28e8 BDESVC - ok
13:18:09.0189 0x28e8 Beep - ok
13:18:09.0205 0x28e8 BFE - ok
13:18:09.0283 0x28e8 [ DEEDB9C7504B423FFA3AEFF986A687B0, 96E7F43D0A18AEF6C7FEACCE0D26AD49B47C0DF90B9D9503F567D782777977BD ] BitBoxService C:\Program Files (x86)\Sirrix AG\BitBox\bin\BitBoxService.exe
13:18:09.0283 0x28e8 BitBoxService - ok
13:18:09.0299 0x28e8 BITS - ok
13:18:09.0314 0x28e8 bowser - ok
13:18:09.0314 0x28e8 BrokerInfrastructure - ok
13:18:09.0314 0x28e8 Browser - ok
13:18:09.0314 0x28e8 BthAvrcpTg - ok
13:18:09.0314 0x28e8 BthHFEnum - ok
13:18:09.0330 0x28e8 bthhfhid - ok
13:18:09.0345 0x28e8 BthHFSrv - ok
13:18:09.0345 0x28e8 BTHMODEM - ok
13:18:09.0345 0x28e8 bthserv - ok
13:18:09.0361 0x28e8 buttonconverter - ok
13:18:09.0377 0x28e8 CapImg - ok
13:18:09.0377 0x28e8 cdfs - ok
13:18:09.0392 0x28e8 CDPSvc - ok
13:18:09.0392 0x28e8 CDPUserSvc - ok
13:18:09.0424 0x28e8 cdrom - ok
13:18:09.0439 0x28e8 CertPropSvc - ok
13:18:09.0439 0x28e8 cht4iscsi - ok
13:18:09.0439 0x28e8 cht4vbd - ok
13:18:09.0455 0x28e8 circlass - ok
13:18:09.0470 0x28e8 CLFS - ok
13:18:09.0470 0x28e8 ClipSVC - ok
13:18:09.0486 0x28e8 clreg - ok
13:18:09.0502 0x28e8 CmBatt - ok
13:18:09.0517 0x28e8 CNG - ok
13:18:09.0517 0x28e8 cnghwassist - ok
13:18:09.0596 0x28e8 CompositeBus - ok
13:18:09.0596 0x28e8 COMSysApp - ok
13:18:09.0596 0x28e8 condrv - ok
13:18:09.0611 0x28e8 CoreMessagingRegistrar - ok
13:18:09.0611 0x28e8 CryptSvc - ok
13:18:09.0627 0x28e8 dam - ok
13:18:09.0627 0x28e8 DcomLaunch - ok
13:18:09.0642 0x28e8 DcpSvc - ok
13:18:09.0658 0x28e8 defragsvc - ok
13:18:09.0674 0x28e8 DeviceAssociationService - ok
13:18:09.0689 0x28e8 DeviceInstall - ok
13:18:09.0705 0x28e8 DevQueryBroker - ok
13:18:09.0705 0x28e8 Dfsc - ok
13:18:09.0736 0x28e8 Dhcp - ok
13:18:09.0767 0x28e8 diagnosticshub.standardcollector.service - ok
13:18:09.0799 0x28e8 DiagTrack - ok
13:18:09.0799 0x28e8 disk - ok
13:18:09.0799 0x28e8 DmEnrollmentSvc - ok
13:18:09.0814 0x28e8 dmvsc - ok
13:18:09.0814 0x28e8 dmwappushservice - ok
13:18:09.0830 0x28e8 Dnscache - ok
13:18:09.0846 0x28e8 dot3svc - ok
13:18:09.0846 0x28e8 DPS - ok
13:18:09.0861 0x28e8 drmkaud - ok
13:18:09.0861 0x28e8 DsmSvc - ok
13:18:09.0877 0x28e8 DsSvc - ok
13:18:09.0892 0x28e8 DXGKrnl - ok
13:18:09.0892 0x28e8 EapHost - ok
13:18:09.0892 0x28e8 ebdrv - ok
13:18:09.0939 0x28e8 EFS - ok
13:18:09.0939 0x28e8 EhStorClass - ok
13:18:09.0955 0x28e8 EhStorTcgDrv - ok
13:18:09.0971 0x28e8 embeddedmode - ok
13:18:10.0002 0x28e8 EntAppSvc - ok
13:18:10.0002 0x28e8 ErrDev - ok
13:18:10.0002 0x28e8 EventSystem - ok
13:18:10.0017 0x28e8 [ 0BF32186C3EC11315C33CC29EA8DD86C, 82B43762A5BC9C0AB7B5D1F96DC47B34700924B598070A7CCB30C92EB5EE1599 ] ew_usbccgpfilter C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys
13:18:10.0017 0x28e8 ew_usbccgpfilter - ok
13:18:10.0033 0x28e8 exfat - ok
13:18:10.0033 0x28e8 fastfat - ok
13:18:10.0033 0x28e8 fdc - ok
13:18:10.0049 0x28e8 fdPHost - ok
13:18:10.0049 0x28e8 FDResPub - ok
13:18:10.0064 0x28e8 fhsvc - ok
13:18:10.0080 0x28e8 FileCrypt - ok
13:18:10.0080 0x28e8 FileInfo - ok
13:18:10.0080 0x28e8 Filetrace - ok
13:18:10.0111 0x28e8 [ 71480800762CE096CED42DD853574861, B2A178E68B20C713B494E2419F295DA502156961B72C3E4B1AE787A3AD8F7F1D ] file_tracker C:\WINDOWS\system32\DRIVERS\file_tracker.sys
13:18:10.0111 0x28e8 file_tracker - ok
13:18:10.0127 0x28e8 flpydisk - ok
13:18:10.0127 0x28e8 FltMgr - ok
13:18:10.0142 0x28e8 [ 4AD91299304A5E75084434F246DE0F9A, 3617EFEBCCB23F15FC9423544D061AF183E8E87B7E1EA9AA13EAAC5A9F0DE439 ] fltsrv C:\WINDOWS\system32\DRIVERS\fltsrv.sys
13:18:10.0158 0x28e8 fltsrv - ok
13:18:10.0174 0x28e8 FontCache - ok
13:18:10.0221 0x28e8 FontCache3.0.0.0 - ok
13:18:10.0236 0x28e8 FrameServer - ok
13:18:10.0236 0x28e8 FsDepends - ok
13:18:10.0236 0x28e8 Fs_Rec - ok
13:18:10.0252 0x28e8 fvevol - ok
13:18:10.0267 0x28e8 gencounter - ok
13:18:10.0267 0x28e8 genericusbfn - ok
13:18:10.0267 0x28e8 GPIOClx0101 - ok
13:18:10.0299 0x28e8 gpsvc - ok
13:18:10.0299 0x28e8 GpuEnergyDrv - ok
13:18:10.0361 0x28e8 [ C1B577B2169900F4CF7190C39F085794, 73E104B96A48F4C80D8C37254ECB0891D15C0D2F0C251B57C168F90D60316447 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
13:18:10.0361 0x28e8 gusvc - ok
13:18:10.0377 0x28e8 HdAudAddService - ok
13:18:10.0377 0x28e8 HDAudBus - ok
13:18:10.0377 0x28e8 HidBatt - ok
13:18:10.0392 0x28e8 HidBth - ok
13:18:10.0408 0x28e8 hidi2c - ok
13:18:10.0408 0x28e8 hidinterrupt - ok
13:18:10.0408 0x28e8 HidIr - ok
13:18:10.0408 0x28e8 hidserv - ok
13:18:10.0455 0x28e8 HidUsb - ok
13:18:10.0455 0x28e8 HomeGroupListener - ok
13:18:10.0486 0x28e8 HomeGroupProvider - ok
13:18:10.0486 0x28e8 HpSAMD - ok
13:18:10.0502 0x28e8 HTTP - ok
13:18:10.0533 0x28e8 [ E548929868BDFD3FC13B46D99605B764, 737C8A1210442533735F10BD80AFBB3E890D0CC9068F2406CA5C577C7C58B97C ] HuaweiHiSuiteService64.exe C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
13:18:10.0533 0x28e8 HuaweiHiSuiteService64.exe - ok
13:18:10.0549 0x28e8 HvHost - ok
13:18:10.0564 0x28e8 hvservice - ok
13:18:10.0564 0x28e8 hwpolicy - ok
13:18:10.0564 0x28e8 hyperkbd - ok
13:18:10.0580 0x28e8 i8042prt - ok
13:18:10.0580 0x28e8 iagpio - ok
13:18:10.0596 0x28e8 iai2c - ok
13:18:10.0596 0x28e8 iaLPSS2i_GPIO2 - ok
13:18:10.0596 0x28e8 iaLPSS2i_I2C - ok
13:18:10.0596 0x28e8 iaLPSSi_GPIO - ok
13:18:10.0611 0x28e8 iaLPSSi_I2C - ok
13:18:10.0611 0x28e8 iaStorAV - ok
13:18:10.0611 0x28e8 iaStorV - ok
13:18:10.0611 0x28e8 ibbus - ok
13:18:10.0642 0x28e8 icssvc - ok
13:18:10.0658 0x28e8 IKEEXT - ok
13:18:10.0658 0x28e8 IndirectKmd - ok
13:18:10.0814 0x28e8 [ ACACD1B925D448558C1C9D0258749451, 896ECC9CD5EBE658B3A4211700029C8855DD7F38312F15716A6AC1FD0302CF6E ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
13:18:10.0877 0x28e8 IntcAzAudAddService - ok
13:18:10.0892 0x28e8 intelide - ok
13:18:10.0892 0x28e8 intelpep - ok
13:18:10.0892 0x28e8 intelppm - ok
13:18:10.0908 0x28e8 iorate - ok
13:18:10.0924 0x28e8 IpFilterDriver - ok
13:18:10.0955 0x28e8 iphlpsvc - ok
13:18:11.0033 0x28e8 IPMIDRV - ok
13:18:11.0033 0x28e8 IPNAT - ok
13:18:11.0049 0x28e8 irda - ok
13:18:11.0049 0x28e8 IRENUM - ok
13:18:11.0049 0x28e8 irmon - ok
13:18:11.0049 0x28e8 isapnp - ok
13:18:11.0096 0x28e8 iScsiPrt - ok
13:18:11.0111 0x28e8 kbdclass - ok
13:18:11.0127 0x28e8 kbdhid - ok
13:18:11.0127 0x28e8 kdnic - ok
13:18:11.0142 0x28e8 KeyIso - ok
13:18:11.0142 0x28e8 KSecDD - ok
13:18:11.0142 0x28e8 KSecPkg - ok
13:18:11.0158 0x28e8 ksthunk - ok
13:18:11.0174 0x28e8 KtmRm - ok
13:18:11.0174 0x28e8 LanmanServer - ok
13:18:11.0205 0x28e8 LanmanWorkstation - ok
13:18:11.0205 0x28e8 lfsvc - ok
13:18:11.0205 0x28e8 LicenseManager - ok
13:18:11.0205 0x28e8 lltdio - ok
13:18:11.0221 0x28e8 lltdsvc - ok
13:18:11.0252 0x28e8 lmhosts - ok
13:18:11.0283 0x28e8 [ 1584DEEAE5AA0E3FB045F3D0EAC585EA, 27DE800E2A609827D9D972F7B9D196870E5875F9A09FB0CC3EBBC593294D7BDD ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
13:18:11.0283 0x28e8 LMS - ok
13:18:11.0299 0x28e8 LSI_SAS - ok
13:18:11.0299 0x28e8 LSI_SAS2i - ok
13:18:11.0299 0x28e8 LSI_SAS3i - ok
13:18:11.0299 0x28e8 LSI_SSS - ok
13:18:11.0330 0x28e8 LSM - ok
13:18:11.0330 0x28e8 luafv - ok
13:18:11.0346 0x28e8 MapsBroker - ok
13:18:11.0346 0x28e8 megasas - ok
13:18:11.0361 0x28e8 megasas2i - ok
13:18:11.0361 0x28e8 megasr - ok
13:18:11.0377 0x28e8 [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64 C:\WINDOWS\System32\drivers\HECIx64.sys
13:18:11.0377 0x28e8 MEIx64 - ok
13:18:11.0377 0x28e8 MessagingService - ok
13:18:11.0408 0x28e8 mlx4_bus - ok
13:18:11.0408 0x28e8 MMCSS - ok
13:18:11.0596 0x28e8 [ D9652739D1007B9B5CE34CEF38E095C5, 20AFFEA3B2E7F254A58CDD9F4F9D51D94710C20E98A650BE33FD446A474D7D12 ] mmsminisrv C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
13:18:11.0674 0x28e8 mmsminisrv - ok
13:18:11.0674 0x28e8 Modem - ok
13:18:11.0690 0x28e8 monitor - ok
13:18:11.0690 0x28e8 mouclass - ok
13:18:11.0690 0x28e8 mouhid - ok
13:18:11.0690 0x28e8 mountmgr - ok
13:18:11.0752 0x28e8 [ 210E9F5AA212E9E669A1B4131ED01AFA, FB2FF1C32497697F4ABE9F6A4754F5C4B1324318546E7274C0F05022C637AE33 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:18:11.0752 0x28e8 MozillaMaintenance - ok
13:18:11.0752 0x28e8 mpsdrv - ok
13:18:11.0768 0x28e8 MpsSvc - ok
13:18:11.0768 0x28e8 MQAC - ok
13:18:11.0768 0x28e8 MRxDAV - ok
13:18:11.0783 0x28e8 mrxsmb - ok
13:18:11.0799 0x28e8 mrxsmb10 - ok
13:18:11.0799 0x28e8 mrxsmb20 - ok
13:18:11.0815 0x28e8 MsBridge - ok
13:18:11.0830 0x28e8 MSDTC - ok
13:18:11.0830 0x28e8 Msfs - ok
13:18:11.0830 0x28e8 msgpiowin32 - ok
13:18:11.0830 0x28e8 mshidkmdf - ok
13:18:11.0846 0x28e8 mshidumdf - ok
13:18:11.0846 0x28e8 msisadrv - ok
13:18:11.0861 0x28e8 MSiSCSI - ok
13:18:11.0861 0x28e8 msiserver - ok
13:18:11.0861 0x28e8 MSKSSRV - ok
13:18:11.0877 0x28e8 MsLldp - ok
13:18:11.0893 0x28e8 MSMQ - ok
13:18:11.0893 0x28e8 MSPCLOCK - ok
13:18:11.0893 0x28e8 MSPQM - ok
13:18:11.0893 0x28e8 MsRPC - ok
13:18:11.0908 0x28e8 mssmbios - ok
13:18:11.0908 0x28e8 MSTEE - ok
13:18:11.0908 0x28e8 MTConfig - ok
13:18:11.0908 0x28e8 Mup - ok
13:18:11.0924 0x28e8 mvumis - ok
13:18:11.0924 0x28e8 NativeWifiP - ok
13:18:11.0924 0x28e8 NcaSvc - ok
13:18:11.0940 0x28e8 NcbService - ok
13:18:11.0940 0x28e8 NcdAutoSetup - ok
13:18:11.0940 0x28e8 ndfltr - ok
13:18:11.0955 0x28e8 NDIS - ok
13:18:11.0955 0x28e8 NdisCap - ok
13:18:11.0971 0x28e8 NdisImPlatform - ok
13:18:11.0971 0x28e8 NdisTapi - ok
13:18:11.0971 0x28e8 Ndisuio - ok
13:18:11.0986 0x28e8 NdisVirtualBus - ok
13:18:11.0986 0x28e8 NdisWan - ok
13:18:11.0986 0x28e8 ndiswanlegacy - ok
13:18:11.0986 0x28e8 ndproxy - ok
13:18:12.0002 0x28e8 Ndu - ok
13:18:12.0002 0x28e8 NetAdapterCx - ok
13:18:12.0002 0x28e8 NetBIOS - ok
13:18:12.0002 0x28e8 NetBT - ok
13:18:12.0002 0x28e8 Netlogon - ok
13:18:12.0018 0x28e8 Netman - ok
13:18:12.0065 0x28e8 NetMsmqActivator - ok
13:18:12.0065 0x28e8 NetPipeActivator - ok
13:18:12.0065 0x28e8 netprofm - ok
13:18:12.0080 0x28e8 NetSetupSvc - ok
13:18:12.0096 0x28e8 NetTcpActivator - ok
13:18:12.0096 0x28e8 NetTcpPortSharing - ok
13:18:12.0096 0x28e8 NgcCtnrSvc - ok
13:18:12.0111 0x28e8 NgcSvc - ok
13:18:12.0111 0x28e8 NlaSvc - ok
13:18:12.0111 0x28e8 Npfs - ok
13:18:12.0111 0x28e8 npsvctrig - ok
13:18:12.0127 0x28e8 nsi - ok
13:18:12.0127 0x28e8 nsiproxy - ok
13:18:12.0143 0x28e8 NTFS - ok
13:18:12.0143 0x28e8 Null - ok
13:18:12.0174 0x28e8 [ 9FA7207F728651F98A6B3C6D3AA79AD2, 040E3E30B6CA1C7FCEAB3760DE2332EF0F73086B832F970B58BE5FFC4238C497 ] NVHDA C:\WINDOWS\system32\drivers\nvhda64v.sys
13:18:12.0174 0x28e8 NVHDA - ok
13:18:12.0533 0x28e8 [ 6764192883EA0CD324CC4305046D3B6B, 00DEB8AB69E9679EE60A628AD228C092AB1ED45D57A40A9301C2007B0A07D893 ] nvlddmkm C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys
13:18:12.0721 0x28e8 nvlddmkm - ok
13:18:12.0752 0x28e8 nvraid - ok
13:18:12.0752 0x28e8 nvstor - ok
13:18:12.0799 0x28e8 [ FFADB2E34CE378F059F57161AD555DBF, 442C79D96012ABD76CB8A4FE1490AEB7D8CC9068170AB85DB7F8115FA807ADB0 ] nvsvc C:\WINDOWS\system32\nvvsvc.exe
13:18:12.0815 0x28e8 nvsvc - ok
13:18:12.0846 0x28e8 OneSyncSvc - ok
13:18:12.0861 0x28e8 p2pimsvc - ok
13:18:12.0877 0x28e8 p2psvc - ok
13:18:12.0877 0x28e8 Parport - ok
13:18:12.0877 0x28e8 partmgr - ok
13:18:12.0893 0x28e8 PcaSvc - ok
13:18:12.0908 0x28e8 pci - ok
13:18:12.0924 0x28e8 pciide - ok
13:18:12.0924 0x28e8 pcmcia - ok
13:18:12.0924 0x28e8 pcw - ok
13:18:12.0924 0x28e8 pdc - ok
13:18:12.0924 0x28e8 PEAUTH - ok
13:18:12.0940 0x28e8 percsas2i - ok
13:18:12.0940 0x28e8 percsas3i - ok
13:18:13.0002 0x28e8 PerfHost - ok
13:18:13.0033 0x28e8 PhoneSvc - ok
13:18:13.0049 0x28e8 PimIndexMaintenanceSvc - ok
13:18:13.0065 0x28e8 pla - ok
13:18:13.0096 0x28e8 PlugPlay - ok
13:18:13.0096 0x28e8 PNRPAutoReg - ok
13:18:13.0096 0x28e8 PNRPsvc - ok
13:18:13.0096 0x28e8 PolicyAgent - ok
13:18:13.0111 0x28e8 Power - ok
13:18:13.0111 0x28e8 PptpMiniport - ok
13:18:13.0252 0x28e8 [ 30AA256A85C1A7B17A590B1C5244D28E, 2C1FB30DEF53C37CA0D0CA54B65CB8572C53DDFB430DE57F964253F1082ACEA0 ] PrintNotify C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
13:18:13.0299 0x28e8 PrintNotify - ok
13:18:13.0299 0x28e8 Processor - ok
13:18:13.0315 0x28e8 ProfSvc - ok
13:18:13.0315 0x28e8 Psched - ok
13:18:13.0330 0x28e8 QWAVE - ok
13:18:13.0346 0x28e8 QWAVEdrv - ok
13:18:13.0346 0x28e8 RasAcd - ok
13:18:13.0361 0x28e8 RasAgileVpn - ok
13:18:13.0377 0x28e8 RasAuto - ok
13:18:13.0377 0x28e8 Rasl2tp - ok
13:18:13.0377 0x28e8 RasMan - ok
13:18:13.0377 0x28e8 RasPppoe - ok
13:18:13.0393 0x28e8 RasSstp - ok
13:18:13.0393 0x28e8 rdbss - ok
13:18:13.0408 0x28e8 rdpbus - ok
13:18:13.0408 0x28e8 RDPDR - ok
13:18:13.0440 0x28e8 RdpVideoMiniport - ok
13:18:13.0455 0x28e8 rdyboost - ok
13:18:13.0455 0x28e8 ReFSv1 - ok
13:18:13.0471 0x28e8 RemoteAccess - ok
13:18:13.0471 0x28e8 RemoteRegistry - ok
13:18:13.0486 0x28e8 RetailDemo - ok
13:18:13.0486 0x28e8 RmSvc - ok
13:18:13.0502 0x28e8 RpcEptMapper - ok
13:18:13.0502 0x28e8 RpcLocator - ok
13:18:13.0518 0x28e8 RpcSs - ok
13:18:13.0518 0x28e8 rspndr - ok
13:18:13.0533 0x28e8 rt640x64 - ok
13:18:13.0549 0x28e8 RTL8192su - ok
13:18:13.0549 0x28e8 s3cap - ok
13:18:13.0580 0x28e8 SamSs - ok
13:18:13.0580 0x28e8 sbp2port - ok
13:18:13.0596 0x28e8 SCardSvr - ok
13:18:13.0611 0x28e8 ScDeviceEnum - ok
13:18:13.0627 0x28e8 scfilter - ok
13:18:13.0627 0x28e8 Schedule - ok
13:18:13.0643 0x28e8 scmbus - ok
13:18:13.0643 0x28e8 scmdisk0101 - ok
13:18:13.0643 0x28e8 SCPolicySvc - ok
13:18:13.0658 0x28e8 sdbus - ok
13:18:13.0674 0x28e8 SDRSVC - ok
13:18:13.0690 0x28e8 sdstor - ok
13:18:13.0690 0x28e8 seclogon - ok
13:18:13.0690 0x28e8 SENS - ok
13:18:13.0690 0x28e8 SensorDataService - ok
13:18:13.0705 0x28e8 SensorService - ok
13:18:13.0705 0x28e8 SensrSvc - ok
13:18:13.0705 0x28e8 SerCx - ok
13:18:13.0721 0x28e8 SerCx2 - ok
13:18:13.0721 0x28e8 Serenum - ok
13:18:13.0721 0x28e8 Serial - ok
13:18:13.0721 0x28e8 sermouse - ok
13:18:13.0736 0x28e8 SessionEnv - ok
13:18:13.0736 0x28e8 sfloppy - ok
13:18:13.0752 0x28e8 SharedAccess - ok
13:18:13.0768 0x28e8 ShellHWDetection - ok
13:18:13.0799 0x28e8 shpamsvc - ok
13:18:13.0799 0x28e8 SiSRaid2 - ok
13:18:13.0815 0x28e8 SiSRaid4 - ok
13:18:13.0830 0x28e8 smphost - ok
13:18:13.0862 0x28e8 SmsRouter - ok
13:18:13.0893 0x28e8 [ 67E7E7DB39769F2D8C4DC7BD4EBA02E6, 0FA9E2D4B100AA5BD258B152D1CA7CD7682DF2796584892710F822FEF1AF1A85 ] snapman C:\WINDOWS\system32\DRIVERS\snapman.sys
13:18:13.0893 0x28e8 snapman - ok
13:18:13.0908 0x28e8 SNMPTRAP - ok
13:18:13.0924 0x28e8 spaceport - ok
13:18:13.0924 0x28e8 SpbCx - ok
13:18:13.0940 0x28e8 Spooler - ok
13:18:13.0955 0x28e8 sppsvc - ok
13:18:13.0955 0x28e8 srv - ok
13:18:13.0955 0x28e8 srv2 - ok
13:18:13.0971 0x28e8 srvnet - ok
13:18:13.0986 0x28e8 SSDPSRV - ok
13:18:14.0002 0x28e8 SstpSvc - ok
13:18:14.0096 0x28e8 [ A72B7C730B1EF1E7764044737E802FAD, D102122D2B938A48F8A6761F1F75D37476D628C1E5D644DFB30262CE50E2D250 ] StarMoney 10 OnlineUpdate C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe
13:18:14.0111 0x28e8 StarMoney 10 OnlineUpdate - ok
13:18:14.0190 0x28e8 [ 404B70B39397BF0DBBDAC96655A16347, EE6FD159FC7985A69F9A53E80AB26083979B6351167F74EE544AC359E6628A28 ] StarMoney 11 OnlineUpdate C:\Program Files (x86)\StarMoney 11\ouservice\StarMoneyOnlineUpdate.exe
13:18:14.0205 0x28e8 StarMoney 11 OnlineUpdate - ok
13:18:14.0283 0x28e8 [ 3BF022F8064A83A23DF90971DD78CA83, 85754DF1C6DE745ADF9A0BAB1948AFF2CA16C4569128DA90AF610D199E621BF4 ] StarMoney 9.0 OnlineUpdate C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
13:18:14.0283 0x28e8 StarMoney 9.0 OnlineUpdate - ok
13:18:14.0315 0x28e8 StateRepository - ok
13:18:14.0362 0x28e8 [ 843F16D234D03756B9EB6054B5C62FAA, 529E1F8C6EB4AA881C9FDE9DA6CAFA34F5770E87059E867B8F88B40FE879743D ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
13:18:14.0362 0x28e8 Stereo Service - ok
13:18:14.0362 0x28e8 stexstor - ok
13:18:14.0408 0x28e8 stisvc - ok
13:18:14.0424 0x28e8 storahci - ok
13:18:14.0424 0x28e8 storflt - ok
13:18:14.0424 0x28e8 stornvme - ok
13:18:14.0424 0x28e8 storqosflt - ok
13:18:14.0455 0x28e8 StorSvc - ok
13:18:14.0455 0x28e8 storufs - ok
13:18:14.0455 0x28e8 storvsc - ok
13:18:14.0502 0x28e8 [ DD7F11E64E90043B895724DBDC668CD7, FDDA7F0D2221557C6A6E0F3603A4DFB4369ADD3195FF1AC8F4A2BE40C1C28CC6 ] STRATO HiDrive Service C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe
13:18:14.0502 0x28e8 STRATO HiDrive Service - ok
13:18:14.0502 0x28e8 svsvc - ok
13:18:14.0518 0x28e8 swenum - ok
13:18:14.0518 0x28e8 swprv - ok
13:18:14.0846 0x28e8 [ C653C8A3D3079A7D03F8DAB6C5FE6DD7, 7A0A6F6697227924F9EEB6CA020D807746FADAEC1D27096A9A9F7FC5B54DC593 ] syncagentsrv C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
13:18:14.0987 0x28e8 syncagentsrv - ok
13:18:15.0018 0x28e8 Synth3dVsc - ok
13:18:15.0018 0x28e8 SysMain - ok
13:18:15.0033 0x28e8 SystemEventsBroker - ok
13:18:15.0049 0x28e8 TabletInputService - ok
13:18:15.0065 0x28e8 [ BCD6A90D6FD757CE9C29DDC850F7F231, 8E736A42B28BE11EC524C40DFA1C7A88BBE10CBC97320F128BCBE44051BBCC81 ] tap0901 C:\WINDOWS\System32\drivers\tap0901.sys
13:18:15.0065 0x28e8 tap0901 - ok
13:18:15.0065 0x28e8 TapiSrv - ok
13:18:15.0096 0x28e8 Tcpip - ok
13:18:15.0096 0x28e8 Tcpip6 - ok
13:18:15.0096 0x28e8 tcpipreg - ok
13:18:15.0096 0x28e8 tdx - ok
13:18:15.0112 0x28e8 terminpt - ok
13:18:15.0127 0x28e8 TermService - ok
13:18:15.0127 0x28e8 Themes - ok
13:18:15.0190 0x28e8 [ D66C989F0C86A11472A57963841643D4, B75C1645512DE29281DE28AB125CFB449E75D285BF3EF577FD4A096DF3FF7260 ] tib C:\WINDOWS\system32\DRIVERS\tib.sys
13:18:15.0205 0x28e8 tib - ok
13:18:15.0221 0x28e8 [ 0F9FD35675C7B29AA01DF7CA038FC18C, E0FE87FBD73A9070D6C900BC535B9B99402005957306562CA1D68AB920CB0EE9 ] tib_mounter C:\WINDOWS\system32\DRIVERS\tib_mounter.sys
13:18:15.0221 0x28e8 tib_mounter - ok
13:18:15.0252 0x28e8 TieringEngineService - ok
13:18:15.0268 0x28e8 [ 3E24B7FE52BC455DA8D6E2CC2B4CA23F, 0AC9C626F0ED7F27CCE0236897D44836789331953AA0A73B2A88E4A91CF996B6 ] tifsfilter C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
13:18:15.0268 0x28e8 tifsfilter - ok
13:18:15.0268 0x28e8 tiledatamodelsvc - ok
13:18:15.0268 0x28e8 TimeBrokerSvc - ok
13:18:15.0299 0x28e8 [ EC4FD4D147985A97E881729E808E6F34, 6C1B15AE8E1F4E3B50856EF2CBFEE28D5FAC9C7276D0922E286A7BD6514DA74A ] timounter C:\WINDOWS\system32\DRIVERS\timntr.sys
13:18:15.0315 0x28e8 timounter - ok
13:18:15.0346 0x28e8 [ 21AFBEAC264AB4C6A399E41EF7B2A500, 005089F7F971BED5184A36C6FAE21A68117FB1C017B2F00021FA218131E9AC3A ] tnd C:\WINDOWS\system32\DRIVERS\tnd.sys
13:18:15.0362 0x28e8 tnd - ok
13:18:15.0362 0x28e8 TPM - ok
13:18:15.0362 0x28e8 TrkWks - ok
13:18:15.0424 0x28e8 TrustedInstaller - ok
13:18:15.0440 0x28e8 tsusbflt - ok
13:18:15.0440 0x28e8 TsUsbGD - ok
13:18:15.0440 0x28e8 tunnel - ok
13:18:15.0471 0x28e8 tzautoupdate - ok
13:18:15.0471 0x28e8 UASPStor - ok
13:18:15.0487 0x28e8 UcmCx0101 - ok
13:18:15.0487 0x28e8 UcmTcpciCx0101 - ok
13:18:15.0487 0x28e8 UcmUcsi - ok
13:18:15.0487 0x28e8 Ucx01000 - ok
13:18:15.0502 0x28e8 UdeCx - ok
13:18:15.0502 0x28e8 udfs - ok
13:18:15.0502 0x28e8 UEFI - ok
13:18:15.0502 0x28e8 Ufx01000 - ok
13:18:15.0518 0x28e8 UfxChipidea - ok
13:18:15.0518 0x28e8 ufxsynopsys - ok
13:18:15.0518 0x28e8 UI0Detect - ok
13:18:15.0518 0x28e8 umbus - ok
13:18:15.0534 0x28e8 UmPass - ok
13:18:15.0534 0x28e8 UmRdpService - ok
13:18:15.0565 0x28e8 UnistoreSvc - ok
13:18:15.0690 0x28e8 [ FC43877B4625F6EB773C98233EB625C5, 2294E1981A3323606FBD8FC9B35EEC85F47C6E0F6F73C1F6346B5A3492D53F40 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
13:18:15.0737 0x28e8 UNS - ok
13:18:15.0752 0x28e8 upnphost - ok
13:18:15.0752 0x28e8 UrsChipidea - ok
13:18:15.0752 0x28e8 UrsCx01000 - ok
13:18:15.0752 0x28e8 UrsSynopsys - ok
13:18:15.0768 0x28e8 usbccgp - ok
13:18:15.0768 0x28e8 usbcir - ok
13:18:15.0768 0x28e8 usbehci - ok
13:18:15.0768 0x28e8 usbhub - ok
13:18:15.0784 0x28e8 USBHUB3 - ok
13:18:15.0784 0x28e8 usbohci - ok
13:18:15.0784 0x28e8 usbprint - ok
13:18:15.0784 0x28e8 usbser - ok
13:18:15.0784 0x28e8 USBSTOR - ok
13:18:15.0799 0x28e8 usbuhci - ok
13:18:15.0815 0x28e8 USBXHCI - ok
13:18:15.0815 0x28e8 UserDataSvc - ok
13:18:15.0830 0x28e8 UserManager - ok
13:18:15.0846 0x28e8 UsoSvc - ok
13:18:15.0846 0x28e8 VaultSvc - ok
13:18:15.0893 0x28e8 [ E0BDAB45FEB6A1931A67252CB1396198, BAB0834B9D4BFC48E64F04826D11786780F00CA5A3EA9B753B10A0373299EDE9 ] VBoxDrv C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys
13:18:15.0909 0x28e8 VBoxDrv - ok
13:18:15.0940 0x28e8 [ 9A0B657A56AFC4F7E9C00E130A45FC08, C7BA38E3EA8CC9B3417791F462A5287ECE07F297A4FAB79FA411C50AF70AF234 ] VBoxNetLwf C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys
13:18:15.0940 0x28e8 VBoxNetLwf - ok
13:18:15.0955 0x28e8 [ 992352A818AA2E67E3724C056C7385D7, 0A0B4CFCC7AA5AE19B3864E5EC3FE4C1CA7D371BFE5E48047D2893576A601FD9 ] VBoxUSBMon C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys
13:18:15.0971 0x28e8 VBoxUSBMon - ok
13:18:15.0971 0x28e8 vdrvroot - ok
13:18:15.0987 0x28e8 vds - ok
13:18:15.0987 0x28e8 VerifierExt - ok
13:18:15.0987 0x28e8 vhdmp - ok
13:18:15.0987 0x28e8 vhf - ok
13:18:16.0018 0x28e8 [ 593D66A1424176B07E1E04B581C636C2, D4E1FA96A1A24DD3EEB3FAB0F32C702C5A621F633007B3D7874995C77CB116E5 ] virtual_file C:\WINDOWS\system32\DRIVERS\virtual_file.sys
13:18:16.0034 0x28e8 virtual_file - ok
13:18:16.0065 0x28e8 vmbus - ok
13:18:16.0065 0x28e8 VMBusHID - ok
13:18:16.0065 0x28e8 vmgid - ok
13:18:16.0112 0x28e8 vmicguestinterface - ok
13:18:16.0112 0x28e8 vmicheartbeat - ok
13:18:16.0127 0x28e8 vmickvpexchange - ok
13:18:16.0127 0x28e8 vmicrdv - ok
13:18:16.0143 0x28e8 vmicshutdown - ok
13:18:16.0143 0x28e8 vmictimesync - ok
13:18:16.0143 0x28e8 vmicvmsession - ok
13:18:16.0143 0x28e8 vmicvss - ok
13:18:16.0143 0x28e8 volmgr - ok
13:18:16.0159 0x28e8 volmgrx - ok
13:18:16.0159 0x28e8 volsnap - ok
13:18:16.0159 0x28e8 volume - ok
13:18:16.0159 0x28e8 vpci - ok
13:18:16.0174 0x28e8 vsmraid - ok
13:18:16.0174 0x28e8 VSS - ok
13:18:16.0174 0x28e8 VSTXRAID - ok
13:18:16.0190 0x28e8 vwifibus - ok
13:18:16.0190 0x28e8 vwififlt - ok
13:18:16.0205 0x28e8 W32Time - ok
13:18:16.0221 0x28e8 w3logsvc - ok
13:18:16.0237 0x28e8 W3SVC - ok
13:18:16.0237 0x28e8 WacomPen - ok
13:18:16.0252 0x28e8 WalletService - ok
13:18:16.0252 0x28e8 wanarp - ok
13:18:16.0252 0x28e8 wanarpv6 - ok
13:18:16.0252 0x28e8 WAS - ok
13:18:16.0268 0x28e8 wbengine - ok
13:18:16.0299 0x28e8 WbioSrvc - ok
13:18:16.0299 0x28e8 wcifs - ok
13:18:16.0299 0x28e8 Wcmsvc - ok
13:18:16.0299 0x28e8 wcncsvc - ok
13:18:16.0315 0x28e8 wcnfs - ok
13:18:16.0315 0x28e8 WdBoot - ok
13:18:16.0315 0x28e8 Wdf01000 - ok
13:18:16.0315 0x28e8 WdFilter - ok
13:18:16.0330 0x28e8 WdiServiceHost - ok
13:18:16.0330 0x28e8 WdiSystemHost - ok
13:18:16.0330 0x28e8 wdiwifi - ok
13:18:16.0330 0x28e8 WdNisDrv - ok
13:18:16.0346 0x28e8 WdNisSvc - ok
13:18:16.0362 0x28e8 WebClient - ok
13:18:16.0362 0x28e8 Wecsvc - ok
13:18:16.0377 0x28e8 WEPHOSTSVC - ok
13:18:16.0393 0x28e8 wercplsupport - ok
13:18:16.0393 0x28e8 WerSvc - ok
13:18:16.0393 0x28e8 WFPLWFS - ok
13:18:16.0409 0x28e8 WiaRpc - ok
13:18:16.0424 0x28e8 WIMMount - ok
13:18:16.0424 0x28e8 WinDefend - ok
13:18:16.0424 0x28e8 WindowsTrustedRT - ok
13:18:16.0440 0x28e8 WindowsTrustedRTProxy - ok
13:18:16.0455 0x28e8 WinHttpAutoProxySvc - ok
13:18:16.0455 0x28e8 WinMad - ok
13:18:16.0627 0x28e8 Winmgmt - ok
13:18:16.0659 0x28e8 WinRM - ok
13:18:16.0659 0x28e8 WINUSB - ok
13:18:16.0659 0x28e8 WinVerbs - ok
13:18:16.0705 0x28e8 wisvc - ok
13:18:16.0721 0x28e8 WlanSvc - ok
13:18:16.0737 0x28e8 wlidsvc - ok
13:18:16.0752 0x28e8 WmiAcpi - ok
13:18:16.0752 0x28e8 wmiApSrv - ok
13:18:16.0752 0x28e8 Wof - ok
13:18:16.0784 0x28e8 workfolderssvc - ok
13:18:16.0799 0x28e8 WPDBusEnum - ok
13:18:16.0799 0x28e8 WpdUpFltr - ok
13:18:16.0799 0x28e8 WpnService - ok
13:18:16.0815 0x28e8 WpnUserService - ok
13:18:16.0877 0x28e8 ws2ifsl - ok
13:18:16.0893 0x28e8 wscsvc - ok
13:18:16.0909 0x28e8 WSDPrintDevice - ok
13:18:16.0909 0x28e8 WSearch - ok
13:18:16.0924 0x28e8 wuauserv - ok
13:18:16.0940 0x28e8 WudfPf - ok
13:18:16.0940 0x28e8 WUDFRd - ok
13:18:16.0940 0x28e8 wudfsvc - ok
13:18:16.0940 0x28e8 WUDFWpdFs - ok
13:18:16.0956 0x28e8 WUDFWpdMtp - ok
13:18:16.0956 0x28e8 WwanSvc - ok
13:18:16.0971 0x28e8 XblAuthManager - ok
13:18:16.0987 0x28e8 XblGameSave - ok
13:18:17.0002 0x28e8 xboxgip - ok
13:18:17.0018 0x28e8 XboxNetApiSvc - ok
13:18:17.0034 0x28e8 xinputhid - ok
13:18:17.0034 0x28e8 ================ Scan global ===============================
13:18:17.0112 0x28e8 [ Global ] - ok
13:18:17.0112 0x28e8 ================ Scan MBR ==================================
13:18:17.0127 0x28e8 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:18:17.0346 0x28e8 \Device\Harddisk0\DR0 - ok
13:18:17.0346 0x28e8 ================ Scan VBR ==================================
13:18:17.0346 0x28e8 [ 6660F8FDE23FC210D0E309F9B1147F1A ] \Device\Harddisk0\DR0\Partition1
13:18:17.0346 0x28e8 \Device\Harddisk0\DR0\Partition1 - ok
13:18:17.0346 0x28e8 [ 2A5E320E44953B91C74053263A1B711E ] \Device\Harddisk0\DR0\Partition2
13:18:17.0346 0x28e8 \Device\Harddisk0\DR0\Partition2 - ok
13:18:17.0362 0x28e8 [ 864DB2DEC6EFD29C059CC17890866076 ] \Device\Harddisk0\DR0\Partition3
13:18:17.0362 0x28e8 \Device\Harddisk0\DR0\Partition3 - ok
13:18:17.0362 0x28e8 ================ Scan generic autorun ======================
13:18:17.0737 0x28e8 [ 1F590BA022251AF63ED0CD0DAFD49052, 397C28F9C27A851F5893B4271EB5DB38520ED7146DEACDAC82BD5B82D1C2447B ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
13:18:18.0096 0x28e8 RTHDVCPL - ok
13:18:18.0174 0x28e8 [ 0CB22F45A985A01E3F41358FA6E4D9BB, F1D5118D1E7E9DEE6EFE6FB251B8BA794898BBF724C5FBE651CA6B13ECC6B669 ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
13:18:18.0237 0x28e8 NvBackend - ok
13:18:18.0299 0x28e8 [ E691A4E1BDCC6BD31DCF9C36D3E3AEB0, 137DF526D38188101997803B2B4CB52EBE47D05DDEC5A33E1A5F5C63F356A578 ] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
13:18:18.0315 0x28e8 Acronis Scheduler2 Service - ok
13:18:18.0393 0x28e8 [ 323B5D30CEA1179661F03E87B95B79D8, 1F3A11B908FF01D850DA71EF8FD4CD4D60C3EA76DDF308DA090C4EBF752599CE ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
13:18:18.0409 0x28e8 avgnt - ok
13:18:18.0471 0x28e8 [ F916BA0DA28A4B4F7B1ADE76EB42F088, FB3C91D44709D039E959B275F6ECE26AF9307D272FE3E25CC41EAC259AA3B596 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
13:18:18.0487 0x28e8 SunJavaUpdateSched - ok
13:18:18.0534 0x28e8 [ EA9AFCC83D4BD8AF238BDBF5F76E71BD, 5C0338D685F1EA0EBB29B52F0211502F753B3D48DCAA9DC47B3B3CC6A6ECAE17 ] C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe
13:18:18.0534 0x28e8 Avira SystrayStartTrigger - ok
13:18:18.0596 0x28e8 [ 3E04F1E482357B1FC8B088197C3D9FF8, 85524ADDC27ADC831EBBD24E079B412CFDC69E5F594BD153319087665A28D546 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
13:18:18.0643 0x28e8 Adobe ARM - ok
13:18:18.0737 0x28e8 [ 4C6AAABB264526A9C845A39AEBB79B69, B27F869E8B44CC5F1F9ADCA53AA848C16D706587ED9C7F995AE59BF9B0426523 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe
13:18:18.0753 0x28e8 StartCCC - ok
13:18:18.0799 0x28e8 [ 44D0198A661F67F709D0FD232DAF3E16, FC441E8AE34AE444DAA507ADDCB2F78574A28C86573C7215336CE227BD38DAEA ] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
13:18:18.0799 0x28e8 AcronisTibMounterMonitor - ok
13:18:19.0034 0x28e8 [ C00A993D99DCB1649865961EB233BB6F, 05AF804DCB41A7560834A8CD51771085F4874B15A7473C9563C01E41D2780D68 ] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
13:18:19.0237 0x28e8 TrueImageMonitor.exe - ok
13:18:19.0331 0x28e8 OneDriveSetup - ok
13:18:19.0331 0x28e8 OneDriveSetup - ok
13:18:19.0378 0x28e8 VoipGain - ok
13:18:19.0409 0x28e8 VoipConnect - ok
13:18:19.0706 0x28e8 [ 4A4FF358B1ECCAEDBBDAEF293613CEC5, 0697FCBC726F2BC2573495CD878F9309235DB7289DD76FB9406233D01D546272 ] C:\Program Files\CCleaner\CCleaner64.exe
13:18:19.0956 0x28e8 CCleaner Monitoring - ok
13:18:20.0096 0x28e8 [ 1D7DD340E13DF9585EABB849CFC3E11B, 31CCD9753402DC030C641214B4ECB48A757BCD9F427A143A88745C62EFF87766 ] C:\Users\Terra_Nova\AppData\Local\Microsoft\OneDrive\OneDrive.exe
13:18:20.0112 0x28e8 OneDrive - ok
13:18:20.0174 0x28e8 Uninstall C:\Users\Terra_Nova\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64 - ok
13:18:20.0221 0x28e8 [ 04B991710C201FF21E7B07F287B7D384, 5442DEACBB335AB7910A4FCFAAC4558A2FFA859CFB002086DFC992D5C8F68722 ] C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 2\OV2Monitor.exe
13:18:20.0237 0x28e8 OV2_Monitor - ok
13:18:20.0237 0x28e8 Uninstall C:\Users\xxx\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64 - ok
13:18:20.0253 0x28e8 Uninstall C:\Users\xxx\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1 - ok
13:18:20.0253 0x28e8 OneDriveSetup - ok
13:18:20.0299 0x28e8 WAB Migrate - ok
13:18:20.0299 0x28e8 Waiting for KSN requests completion. In queue: 33
13:18:21.0315 0x28e8 AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\AntiVir Desktop\WindowsSecurityCenter.exe ( 15.0.27.34 ), 0x41000 ( enabled : updated )
13:18:21.0315 0x28e8 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.10.14393.1198 ), 0x62100 ( disabled : updated )
13:18:21.0315 0x28e8 Win FW state via NFP2: enabled ( trusted )
13:18:21.0409 0x28e8 ============================================================
13:18:21.0409 0x28e8 Scan finished
13:18:21.0409 0x28e8 ============================================================
13:18:21.0409 0x2710 Detected object count: 0
13:18:21.0409 0x2710 Actual detected object count: 0
r. |
|
24.06.2017, 13:07
| #5 |
| /// TB-Ausbilder | Windows 10: Malwarebyte findet Trojan.Agent.BHO Servus, ja, du hast alles richtig gemacht.  Schritt 1 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 2
Schritt 3 Downloade Dir bitte Malwarebytes Anti-Malware 3
Schritt 4
Bitte poste mit deiner nächsten Antwort
|
|
24.06.2017, 14:24
| #6 |
| | Windows 10: Malwarebyte findet Trojan.Agent.BHO Hallo Matthias, geschafft :-) so zuerst ADW Code:
ATTFilter AdwCleaner v6.047 - Bericht erstellt am 24/06/2017 um 14:22:13
# Aktualisiert am 19/05/2017 von Malwarebytes
# Datenbank : 2017-06-23.1 [Lokal]
# Betriebssystem : Windows 10 Home (X64)
# Benutzername : xxx
# Gestartet von : C:\Users\xxx y xxx\Desktop\adwcleaner_6.047.exe
# Modus: Suchlauf
# Unterstützung : https://www.malwarebytes.com/support
***** [ Dienste ] *****
Keine schädlichen Dienste gefunden.
***** [ Ordner ] *****
Keine schädlichen Ordner gefunden.
***** [ Dateien ] *****
Keine schädlichen Dateien gefunden.
***** [ DLL ] *****
Keine infizierten DLLs gefunden.
***** [ WMI ] *****
Keine schädlichen Schlüssel gefunden.
***** [ Verknüpfungen ] *****
Keine infizierten Verknüpfungen gefunden.
***** [ Aufgabenplanung ] *****
Keine schädlichen Aufgaben gefunden.
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden: HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\Software\Headlight
Schlüssel Gefunden: HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\Software\AppDataLow\Software\Headlight
Schlüssel Gefunden: HKU\S-1-5-21-1972467013-2157606943-3240702937-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Conduit
Schlüssel Gefunden: HKU\S-1-5-21-1972467013-2157606943-3240702937-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Headlight
Schlüssel Gefunden: HKU\S-1-5-21-1972467013-2157606943-3240702937-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\Software\Headlight
Daten Gefunden: HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxps://safesearch.avira.com/#web/result?source=art&q=
Daten Gefunden: HKU\S-1-5-21-1972467013-2157606943-3240702937-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxps://safesearch.avira.com/#web/result?source=ar
***** [ Internetbrowser ] *****
Firefox pref Gefunden: [C:\Users\xxx y xxx\AppData\Roaming\Mozilla\Firefox\Profiles\d9v9l3fs.default-1401512288368\prefs.js] - "extensions.a518dcd9fae80409780aaa9dae0ad4d7b4dd9787b93a445e4b8286df475da9388com50611.50611.co
Firefox pref Gefunden: [C:\Users\xxx y xxx\AppData\Roaming\Mozilla\Firefox\Profiles\d9v9l3fs.default-1401512288368\prefs.js] - "extensions.a518dcd9fae80409780aaa9dae0ad4d7b4dd9787b93a445e4b8286df475da9388com50611.50611.co
Firefox pref Gefunden: [C:\Users\xxx y xxx\AppData\Roaming\Mozilla\Firefox\Profiles\d9v9l3fs.default-1401512288368\prefs.js] - "extensions.a518dcd9fae80409780aaa9dae0ad4d7b4dd9787b93a445e4b8286df475da9388com50611.50611.co
Firefox pref Gefunden: [C:\Users\xxx y xxx\AppData\Roaming\Mozilla\Firefox\Profiles\d9v9l3fs.default-1401512288368\prefs.js] - "extensions.a518dcd9fae80409780aaa9dae0ad4d7b4dd9787b93a445e4b8286df475da9388com50611.50611.co
Firefox pref Gefunden: [C:\Users\xxx y xxx\AppData\Roaming\Mozilla\Firefox\Profiles\d9v9l3fs.default-1401512288368\prefs.js] - "extensions.a518dcd9fae80409780aaa9dae0ad4d7b4dd9787b93a445e4b8286df475da9388com50611.50611.co
Firefox pref Gefunden: [C:\Users\xxx y xxx\AppData\Roaming\Mozilla\Firefox\Profiles\d9v9l3fs.default-1401512288368\prefs.js] - "extensions.a518dcd9fae80409780aaa9dae0ad4d7b4dd9787b93a445e4b8286df475da9388com50611.50611.co
Firefox pref Gefunden: [C:\Users\xxx y xxx\AppData\Roaming\Mozilla\Firefox\Profiles\d9v9l3fs.default-1401512288368\prefs.js] - "extensions.a518dcd9fae80409780aaa9dae0ad4d7b4dd9787b93a445e4b8286df475da9388com50611.50611.in
Firefox pref Gefunden: [C:\Users\xxx y xxx\AppData\Roaming\Mozilla\Firefox\Profiles\d9v9l3fs.default-1401512288368\prefs.js] - "extensions.a518dcd9fae80409780aaa9dae0ad4d7b4dd9787b93a445e4b8286df475da9388com50611.50611.in
Firefox pref Gefunden: [C:\Users\xxx y xxx\AppData\Roaming\Mozilla\Firefox\Profiles\d9v9l3fs.default-1401512288368\prefs.js] - "extensions.a518dcd9fae80409780aaa9dae0ad4d7b4dd9787b93a445e4b8286df475da9388com50611.50611.in
Firefox pref Gefunden: [C:\Users\xxx y xxx\AppData\Roaming\Mozilla\Firefox\Profiles\d9v9l3fs.default-1401512288368\prefs.js] - "extensions.a518dcd9fae80409780aaa9dae0ad4d7b4dd9787b93a445e4b8286df475da9388com50611.50611.in
Firefox pref Gefunden: [C:\Users\xxx y xxx\AppData\Roaming\Mozilla\Firefox\Profiles\d9v9l3fs.default-1401512288368\prefs.js] - "extensions.a518dcd9fae80409780aaa9dae0ad4d7b4dd9787b93a445e4b8286df475da9388com50611.50611.th
Keine schädlichen Elemente in Chrome basierten Browsern gefunden.
*************************
C:\AdwCleaner\AdwCleaner[R0].txt - [2392 Bytes] - [30/05/2014 13:27:40]
C:\AdwCleaner\AdwCleaner[R1].txt - [1160 Bytes] - [30/05/2014 13:33:26]
C:\AdwCleaner\AdwCleaner[R2].txt - [1281 Bytes] - [30/05/2014 19:31:46]
C:\AdwCleaner\AdwCleaner[S0].txt - [2351 Bytes] - [30/05/2014 13:28:43]
C:\AdwCleaner\AdwCleaner[S1].txt - [1222 Bytes] - [30/05/2014 13:34:30]
C:\AdwCleaner\AdwCleaner[S2].txt - [1342 Bytes] - [30/05/2014 19:32:37]
C:\AdwCleaner\AdwCleaner[S3].txt - [5902 Bytes] - [24/06/2017 14:18:58]
C:\AdwCleaner\AdwCleaner[S4].txt - [5081 Bytes] - [24/06/2017 14:22:13]
########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [5154 Bytes] ##########
Code:
ATTFilter Malwarebytes
www.malwarebytes.com
-Protokolldetails-
Scan-Datum: 24.06.17
Scan-Zeit: 14:47
Protokolldatei: mbam.txt
Administrator: Nein
-Softwaredaten-
Version: 3.1.2.1733
Komponentenversion: 1.0.141
Version des Aktualisierungspakets: 1.0.2222
Lizenz: Testversion
-Systemdaten-
Betriebssystem: Windows 10
CPU: x64
Dateisystem: NTFS
Benutzer: xxx
-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Ergebnis: Abgeschlossen
Gescannte Objekte: 485595
Erkannte Bedrohungen: 0
(keine bösartigen Elemente erkannt)
In die Quarantäne verschobene Bedrohungen: 0
(keine bösartigen Elemente erkannt)
Abgelaufene Zeit: 13 Min., 58 Sek.
-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)
Modul: 0
(keine bösartigen Elemente erkannt)
Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)
Registrierungswert: 0
(keine bösartigen Elemente erkannt)
Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)
Daten-Stream: 0
(keine bösartigen Elemente erkannt)
Ordner: 0
(keine bösartigen Elemente erkannt)
Datei: 0
(keine bösartigen Elemente erkannt)
Physischer Sektor: 0
(keine bösartigen Elemente erkannt)
(end)
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 21-06-2017 01
durchgeführt von xxx (Administrator) auf xxx-PC (24-06-2017 15:03:51)
Gestartet von C:\Users\xxx y xxx\Desktop
Geladene Profile: xxx & xxx y xxx & (Verfügbare Profile: xxx & xxx y xxx & DefaultAppPool)
Platform: Windows 10 Home Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Sirrix AG) C:\Program Files (x86)\Sirrix AG\BitBox\bin\BitBoxService.exe
() C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 11\ouservice\StarMoneyOnlineUpdate.exe
(STRATO) C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1439_none_7efe016621f50bd0\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12445288 2012-01-16] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1794888 2015-06-29] (NVIDIA Corporation)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [567088 2016-10-14] ()
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [NWEReboot] => [X]
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [918008 2017-06-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [97512 2017-05-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [421768 2016-04-25] (Acronis International GmbH)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7382232 2016-10-14] ()
HKU\S-1-5-21-1972467013-2157606943-3240702937-1000\...\Run: [VoipGain] => C:\Program Files (x86)\VoipGain.com\VoipGain\voipgain.exe [23054936 2014-12-13] (VoipGain)
HKU\S-1-5-21-1972467013-2157606943-3240702937-1000\...\Run: [VoipConnect] => C:\Program Files (x86)\VoipConnect.com\VoipConnect\voipconnect.exe [36547168 2016-04-10] (VoipConnect)
HKU\S-1-5-21-1972467013-2157606943-3240702937-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9773272 2017-05-19] (Piriform Ltd)
HKU\S-1-5-21-1972467013-2157606943-3240702937-1000\...\RunOnce: [Uninstall C:\Users\xxx\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\xxx\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1000\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[C0].txt [12458 2017-06-24] ()
HKU\S-1-5-21-1972467013-2157606943-3240702937-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06242017144814005\...\Run: [VoipGain] => C:\Program Files (x86)\VoipGain.com\VoipGain\voipgain.exe [23054936 2014-12-13] (VoipGain)
HKU\S-1-5-21-1972467013-2157606943-3240702937-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06242017144814005\...\Run: [VoipConnect] => C:\Program Files (x86)\VoipConnect.com\VoipConnect\voipconnect.exe [36547168 2016-04-10] (VoipConnect)
HKU\S-1-5-21-1972467013-2157606943-3240702937-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06242017144814005\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9773272 2017-05-19] (Piriform Ltd)
HKU\S-1-5-21-1972467013-2157606943-3240702937-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06242017144814005\...\RunOnce: [Uninstall C:\Users\xxx\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\xxx\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06242017144814005\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[C0].txt [12458 2017-06-24] ()
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\...\Run: [OV2_Monitor] => C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 2\OV2Monitor.exe [231784 2013-01-10] (OLYMPUS IMAGING CORP.)
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\...\RunOnce: [Uninstall C:\Users\xxx y xxx\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\xxx y xxx\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\...\RunOnce: [Uninstall C:\Users\xxx y xxx\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\xxx y xxx\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\...\MountPoints2: {1d46483e-4cf7-11e7-8dfb-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\...\MountPoints2: {2574d6c8-2350-11e7-8dea-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\...\MountPoints2: {2574d762-2350-11e7-8dea-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\...\MountPoints2: {2574d79c-2350-11e7-8dea-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\...\MountPoints2: {4ee8ad62-31ce-11e7-8def-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\...\MountPoints2: {5fb1e021-71b2-11e6-8dbe-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\...\MountPoints2: {a1772a20-e3e2-11e6-8dde-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\...\MountPoints2: {b095eec6-7028-11e6-8dbd-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\...\MountPoints2: {b095ef46-7028-11e6-8dbd-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\...\MountPoints2: {b095ef58-7028-11e6-8dbd-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\...\MountPoints2: {dedb0a57-e5f6-11e6-8ddf-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\...\MountPoints2: {e04e85cf-0ae9-11e7-8de8-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\...\MountPoints2: {e84323e1-3bf2-11e7-8df7-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\...\MountPoints2: {e8432568-3bf2-11e7-8df7-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06242017144814863\...\Run: [OV2_Monitor] => C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 2\OV2Monitor.exe [231784 2013-01-10] (OLYMPUS IMAGING CORP.)
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06242017144814863\...\RunOnce: [Uninstall C:\Users\xxx y xxx\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\xxx y xxx\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06242017144814863\...\RunOnce: [Uninstall C:\Users\xxx y xxx\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\xxx y xxx\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06242017144814863\...\MountPoints2: {1d46483e-4cf7-11e7-8dfb-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06242017144814863\...\MountPoints2: {2574d6c8-2350-11e7-8dea-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06242017144814863\...\MountPoints2: {2574d762-2350-11e7-8dea-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06242017144814863\...\MountPoints2: {2574d79c-2350-11e7-8dea-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06242017144814863\...\MountPoints2: {4ee8ad62-31ce-11e7-8def-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06242017144814863\...\MountPoints2: {5fb1e021-71b2-11e6-8dbe-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06242017144814863\...\MountPoints2: {a1772a20-e3e2-11e6-8dde-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06242017144814863\...\MountPoints2: {b095eec6-7028-11e6-8dbd-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06242017144814863\...\MountPoints2: {b095ef46-7028-11e6-8dbd-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06242017144814863\...\MountPoints2: {b095ef58-7028-11e6-8dbd-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06242017144814863\...\MountPoints2: {dedb0a57-e5f6-11e6-8ddf-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06242017144814863\...\MountPoints2: {e04e85cf-0ae9-11e7-8de8-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06242017144814863\...\MountPoints2: {e84323e1-3bf2-11e7-8df7-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06242017144814863\...\MountPoints2: {e8432568-3bf2-11e7-8df7-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06242017144817141\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2016-03-18] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2016-03-18] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2016-03-18] (Acronis)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{e7690fc1-1796-4cb4-b365-595a25d2511c}: [DhcpNameServer] 192.168.178.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06242017144814863\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06242017144814863\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06242017144814863\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-27] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-27] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
FireFox:
========
FF ProfilePath: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\ypuqh6j4.default-1484483457845 [2017-06-05]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru => nicht gefunden
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-17] ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\system32\npDeployJava1.dll [2013-03-24] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [Keine Datei]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-17] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2013-07-03] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2013-07-03] (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-27] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-27] (Adobe Systems Inc.)
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1244408 2016-10-14] ()
R2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [4463592 2016-11-20] ()
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [1128432 2017-06-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [490968 2017-06-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [490968 2017-06-16] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1524216 2017-06-16] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [374352 2017-05-22] (Avira Operations GmbH & Co. KG)
R2 BitBoxService; C:\Program Files (x86)\Sirrix AG\BitBox\bin\BitBoxService.exe [738304 2016-06-20] (Sirrix AG) [Datei ist nicht signiert]
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2017-04-11] () [Datei ist nicht signiert]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4884064 2015-08-11] (Acronis)
R2 StarMoney 10 OnlineUpdate; C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe [701760 2016-11-25] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 StarMoney 11 OnlineUpdate; C:\Program Files (x86)\StarMoney 11\ouservice\StarMoneyOnlineUpdate.exe [701040 2017-02-21] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 STRATO HiDrive Service; C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe [32768 2011-11-15] (STRATO) [Datei ist nicht signiert]
R2 syncagentsrv; C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [9698296 2016-04-16] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-28] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-28] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [31992 2015-06-03] (Advanced Micro Devices, Inc.)
R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [60920 2017-06-16] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [167504 2017-06-16] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [164824 2017-06-16] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2017-03-02] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2017-03-02] (Avira Operations GmbH & Co. KG)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77376 2017-05-25] ()
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2017-04-11] (Huawei Technologies Co., Ltd.)
R0 file_tracker; C:\WINDOWS\System32\DRIVERS\file_tracker.sys [366432 2016-11-20] (Acronis International GmbH)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2017-04-11] (Huawei Technologies Co., Ltd.)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [188312 2017-06-24] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [113592 2017-06-24] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [44960 2017-06-24] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [252832 2017-06-24] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93600 2017-06-24] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
R0 tib; C:\WINDOWS\System32\DRIVERS\tib.sys [1267552 2016-11-20] (Acronis International GmbH)
R2 tib_mounter; C:\WINDOWS\system32\DRIVERS\tib_mounter.sys [193376 2016-11-20] (Acronis International GmbH)
S3 tnd; C:\WINDOWS\system32\DRIVERS\tnd.sys [601432 2016-11-20] (Acronis International GmbH)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [182480 2016-04-29] (Oracle Corporation)
R2 virtual_file; C:\WINDOWS\System32\DRIVERS\virtual_file.sys [279392 2016-09-22] (Acronis International GmbH)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U3 idsvc; kein ImagePath
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-06-24 14:46 - 2017-06-24 14:48 - 00093600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-06-24 14:46 - 2017-06-24 14:46 - 00252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-06-24 14:46 - 2017-06-24 14:46 - 00188312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-06-24 14:46 - 2017-06-24 14:46 - 00113592 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-06-24 14:46 - 2017-06-24 14:46 - 00044960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-06-24 14:46 - 2017-06-24 14:46 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-06-24 14:46 - 2017-06-24 14:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-06-24 14:46 - 2017-06-24 14:46 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-24 14:46 - 2017-06-24 14:46 - 00000000 ____D C:\Program Files\Malwarebytes
2017-06-24 14:46 - 2017-05-25 11:58 - 00077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-06-24 14:44 - 2017-06-24 14:44 - 64232976 _____ (Malwarebytes ) C:\Users\xxx y xxx\Desktop\mb3-setup-consumer-3.1.2.1733-1.0.141-1.0.2092.exe
2017-06-24 14:38 - 2017-06-24 14:38 - 00566128 _____ (Malwarebytes) C:\Users\xxx y xxx\Desktop\mbam-clean-2.3.0.1001.exe
2017-06-24 14:13 - 2017-06-24 14:13 - 04110280 _____ C:\Users\xxx y xxx\Desktop\adwcleaner_6.047.exe
2017-06-24 13:53 - 2017-06-24 13:54 - 00053701 _____ C:\Users\xxx y xxx\Desktop\Unbenannt 3.odt
2017-06-24 13:17 - 2017-06-24 13:50 - 00078142 _____ C:\TDSSKiller.3.1.0.15_24.06.2017_13.17.54_log.txt
2017-06-24 13:16 - 2017-06-24 13:17 - 00053267 _____ C:\Users\xxx y xxx\Desktop\Addition.txt
2017-06-24 13:07 - 2017-06-24 13:17 - 00078288 _____ C:\TDSSKiller.3.1.0.15_24.06.2017_13.07.55_log.txt
2017-06-24 13:06 - 2017-06-24 13:06 - 04922400 _____ (AO Kaspersky Lab) C:\Users\xxx y xxx\Downloads\tdsskiller.exe
2017-06-24 13:06 - 2017-06-24 13:06 - 04922400 _____ (AO Kaspersky Lab) C:\Users\xxx y xxx\Desktop\tdsskiller.exe
2017-06-24 13:01 - 2017-06-24 15:04 - 00027491 _____ C:\Users\xxx y xxx\Desktop\FRST.txt
2017-06-24 13:00 - 2017-06-24 15:03 - 00000000 ____D C:\FRST
2017-06-24 12:59 - 2017-06-24 12:59 - 02439680 _____ (Farbar) C:\Users\xxx y xxx\Desktop\FRST64.exe
2017-06-23 13:15 - 2017-06-23 13:15 - 01008793 _____ C:\Users\xxx y xxx\Downloads\aktuell.pdf
2017-06-17 09:54 - 2017-06-17 09:54 - 01886221 _____ C:\Users\xxx y xxx\Downloads\1409_RE13_Kaldenkirchen-Venlo_Juni_01b(1).pdf
2017-06-17 09:52 - 2017-06-17 09:52 - 01886221 _____ C:\Users\xxx y xxx\Downloads\1409_RE13_Kaldenkirchen-Venlo_Juni_01b.pdf
2017-06-17 09:14 - 2017-06-17 09:14 - 00130539 _____ C:\Users\xxx y xxx\Downloads\4036321129515532 - 1PLUS CARD_2017_06_16.pdf
2017-06-17 09:11 - 2017-06-17 09:11 - 00308118 _____ C:\Users\xxx y xxx\Downloads\20170612_KaufFondsZertifikate_1007966421_78197737.pdf
2017-06-16 07:04 - 2017-06-16 07:03 - 00060920 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avdevprot.sys
2017-06-15 15:03 - 2017-06-15 15:03 - 00517064 _____ C:\Users\xxx y xxx\Downloads\anschriftenaenderung.pdf
2017-06-15 13:53 - 2017-06-15 13:53 - 00047023 _____ C:\Users\xxx y xxx\Downloads\medipreis-produktsteckbrief-selergo-1-creme-20-g-almirall-hermal-gmbh-06714060.pdf
2017-06-15 01:10 - 2017-06-15 01:10 - 00000000 ____D C:\WINDOWS\Panther
2017-06-14 20:47 - 2017-06-14 20:47 - 00000000 ___SD C:\WINDOWS\UpdateAssistantV2
2017-06-14 20:31 - 2017-06-14 20:32 - 1281774100 _____ C:\Users\xxx y xxx\Downloads\Tatort_17.06.11_20-15_ard_90_TVOON_DE.mpg.HD.avi
2017-06-14 19:26 - 2017-06-03 11:22 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcorehc.dll
2017-06-14 19:25 - 2017-06-03 12:11 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-06-14 19:25 - 2017-06-03 11:58 - 00340832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-06-14 19:25 - 2017-06-03 11:55 - 00780640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-06-14 19:25 - 2017-06-03 11:52 - 00607072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2017-06-14 19:25 - 2017-06-03 11:52 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2017-06-14 19:25 - 2017-06-03 11:49 - 20967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-14 19:25 - 2017-06-03 11:39 - 05686272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-14 19:25 - 2017-06-03 11:33 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-14 19:25 - 2017-06-03 11:31 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2017-06-14 19:25 - 2017-06-03 11:28 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-06-14 19:25 - 2017-06-03 11:26 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBrokerUI.dll
2017-06-14 19:25 - 2017-06-03 11:23 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-14 19:25 - 2017-06-03 11:22 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2017-06-14 19:25 - 2017-06-03 11:22 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpipcfg.dll
2017-06-14 19:25 - 2017-06-03 11:20 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-06-14 19:25 - 2017-06-03 11:19 - 01164288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-06-14 19:25 - 2017-06-03 11:16 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2017-06-14 19:25 - 2017-06-03 11:15 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-14 19:25 - 2017-06-03 11:12 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdProxy.dll
2017-06-14 19:25 - 2017-06-03 11:08 - 12187648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-14 19:25 - 2017-06-03 11:08 - 02643968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-14 19:25 - 2017-06-03 11:08 - 01221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2017-06-14 19:25 - 2017-06-03 11:06 - 03664384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-14 19:25 - 2017-06-03 11:05 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-06-14 19:25 - 2017-06-03 11:04 - 06042624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-14 19:25 - 2017-06-03 11:04 - 00773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-14 19:25 - 2017-06-03 11:03 - 01988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-14 19:25 - 2017-06-03 11:02 - 02997760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-14 19:25 - 2017-03-04 08:22 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-06-14 19:25 - 2017-03-04 08:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2017-06-14 19:25 - 2017-03-04 08:16 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2017-06-14 19:25 - 2016-09-07 06:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2017-06-14 19:24 - 2017-06-03 12:50 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-14 19:24 - 2017-06-03 12:50 - 00192856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-06-14 19:24 - 2017-06-03 12:06 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-14 19:24 - 2017-06-03 11:52 - 01021784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-06-14 19:24 - 2017-06-03 11:44 - 01412640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-14 19:24 - 2017-06-03 11:44 - 00545944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-14 19:24 - 2017-06-03 11:32 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-06-14 19:24 - 2017-06-03 11:31 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-14 19:24 - 2017-06-03 11:28 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2017-06-14 19:24 - 2017-06-03 11:26 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-06-14 19:24 - 2017-06-03 11:15 - 19414016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-14 19:24 - 2017-06-03 11:15 - 18364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-14 19:24 - 2017-06-03 11:05 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hnetcfg.dll
2017-06-14 19:24 - 2017-06-03 11:04 - 02006528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-14 19:24 - 2017-06-03 10:40 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-14 19:15 - 2017-06-03 11:14 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-06-14 19:15 - 2017-06-03 10:52 - 03403264 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-14 19:15 - 2017-06-03 10:50 - 02538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-14 19:15 - 2017-06-03 10:49 - 00903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-14 19:14 - 2017-06-03 12:11 - 00128864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-14 19:14 - 2017-06-03 11:59 - 00118112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-14 19:14 - 2017-06-03 11:53 - 00404824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-06-14 19:14 - 2017-06-03 11:50 - 00857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-06-14 19:14 - 2017-06-03 11:49 - 00509280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-06-14 19:14 - 2017-06-03 11:45 - 22220864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-14 19:14 - 2017-06-03 11:44 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-06-14 19:14 - 2017-06-03 11:39 - 02532192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-14 19:14 - 2017-06-03 11:16 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-14 19:14 - 2017-06-03 11:15 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-14 19:14 - 2017-06-03 11:14 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-14 19:14 - 2017-06-03 11:14 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-14 19:14 - 2017-06-03 11:11 - 00353792 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-06-14 19:14 - 2017-06-03 11:10 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-06-14 19:14 - 2017-06-03 11:10 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBrokerUI.dll
2017-06-14 19:14 - 2017-06-03 11:08 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-06-14 19:14 - 2017-06-03 11:07 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-14 19:14 - 2017-06-03 11:03 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-06-14 19:14 - 2017-06-03 10:53 - 08125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-14 19:14 - 2017-06-03 10:52 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-06-14 19:14 - 2017-06-03 10:50 - 04744704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-14 19:14 - 2017-06-03 10:49 - 03615744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-14 19:14 - 2017-06-03 10:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-14 19:14 - 2017-06-03 10:49 - 02318848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-06-14 19:14 - 2017-06-03 10:49 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-14 19:14 - 2017-06-03 10:48 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-06-14 19:14 - 2017-06-03 10:46 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-14 19:13 - 2017-06-03 12:14 - 00136024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-06-14 19:13 - 2017-06-03 12:09 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-06-14 19:13 - 2017-06-03 12:08 - 07783256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-14 19:13 - 2017-06-03 11:59 - 01181024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-06-14 19:13 - 2017-06-03 11:51 - 02187104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-14 19:13 - 2017-06-03 11:51 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-06-14 19:13 - 2017-06-03 11:49 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-06-14 19:13 - 2017-06-03 11:48 - 00857952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2017-06-14 19:13 - 2017-06-03 11:48 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2017-06-14 19:13 - 2017-06-03 11:18 - 22569984 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-14 19:13 - 2017-06-03 11:16 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-06-14 19:13 - 2017-06-03 11:09 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2017-06-14 19:13 - 2017-06-03 11:09 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcorehc.dll
2017-06-14 19:13 - 2017-06-03 11:09 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2017-06-14 19:13 - 2017-06-03 11:08 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-14 19:13 - 2017-06-03 11:07 - 00456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-06-14 19:13 - 2017-06-03 11:00 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-14 19:13 - 2017-06-03 10:56 - 13091840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-14 19:13 - 2017-06-03 10:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2017-06-14 19:13 - 2017-06-03 10:51 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2017-06-14 19:13 - 2017-06-03 10:48 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-06-14 19:13 - 2017-06-03 10:48 - 01131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-14 19:13 - 2017-06-03 10:48 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-14 19:13 - 2017-05-25 07:56 - 00038752 _____ (Microsoft Corporation) C:\WINDOWS\system32\OOBEUpdater.exe
2017-06-14 19:13 - 2017-03-04 08:16 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2017-06-14 19:12 - 2017-06-03 12:14 - 01564512 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-06-14 19:12 - 2017-06-03 12:14 - 00629088 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-06-14 19:12 - 2017-06-03 12:14 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-14 19:12 - 2017-06-03 12:14 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-06-14 19:12 - 2017-06-03 12:14 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-06-14 19:12 - 2017-06-03 12:14 - 00096608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-06-14 19:12 - 2017-06-03 12:14 - 00034648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-06-14 19:12 - 2017-06-03 12:01 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-14 19:12 - 2017-06-03 11:48 - 01112416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2017-06-14 19:12 - 2017-06-03 11:40 - 01566552 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-14 19:12 - 2017-06-03 11:40 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-14 19:12 - 2017-06-03 11:22 - 07217152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-14 19:12 - 2017-06-03 11:14 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-14 19:12 - 2017-06-03 11:10 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-06-14 19:12 - 2017-06-03 11:07 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\HNetCfgClient.dll
2017-06-14 19:12 - 2017-06-03 11:06 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2017-06-14 19:12 - 2017-06-03 11:01 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-06-14 19:12 - 2017-06-03 10:52 - 00975872 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-14 19:12 - 2017-06-03 10:52 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2017-06-14 19:12 - 2017-06-03 10:51 - 01418240 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-06-14 19:12 - 2017-06-03 10:49 - 02475520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-14 19:12 - 2017-06-03 10:49 - 01845248 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-14 19:12 - 2017-06-03 10:49 - 00351744 _____ (Microsoft Corporation) C:\WINDOWS\system32\hnetcfg.dll
2017-06-14 19:12 - 2017-06-03 08:08 - 00080078 _____ C:\WINDOWS\system32\normidna.nls
2017-06-14 19:11 - 2017-06-03 12:16 - 00279904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-06-14 19:11 - 2017-06-03 12:14 - 01214816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-06-14 19:11 - 2017-06-03 12:14 - 00544096 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-06-14 19:11 - 2017-06-03 12:14 - 00334176 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-06-14 19:11 - 2017-06-03 12:14 - 00233824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-06-14 19:11 - 2017-06-03 11:59 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-14 19:11 - 2017-06-03 11:54 - 00187232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-06-14 19:11 - 2017-06-03 11:50 - 00381792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-06-14 19:11 - 2017-06-03 11:48 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-06-14 19:11 - 2017-06-03 11:48 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-06-14 19:11 - 2017-06-03 11:39 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-06-14 19:11 - 2017-06-03 11:15 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-14 19:11 - 2017-06-03 11:08 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-06-14 19:11 - 2017-06-03 10:58 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2017-06-14 19:05 - 2017-06-14 19:06 - 1167375480 _____ C:\Users\xxx y xxx\Downloads\Sherlock_Das_letzte_Problem_S04E03_17.06.11_21-45_ard_90_TVOON_DE.mpg.HD.avi
2017-06-11 17:04 - 2017-06-14 19:47 - 00011672 _____ C:\Users\xxx y xxx\Desktop\Unbenannt 1.odt
2017-06-11 16:07 - 2017-06-11 16:08 - 00095582 _____ C:\Users\xxx y xxx\Downloads\Briefmarken.2Stk.11.06.2017_1607.pdf
2017-06-11 13:49 - 2017-06-11 13:49 - 00165740 _____ C:\Users\xxx y xxx\Downloads\FILELOAD
2017-06-10 12:49 - 2017-06-10 12:49 - 00001064 _____ C:\Users\Public\Desktop\HiSuite.lnk
2017-06-10 12:49 - 2017-06-10 12:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiSuite
2017-06-10 12:48 - 2017-06-10 12:49 - 00000000 ____D C:\Program Files (x86)\HiSuite
2017-06-10 12:48 - 2017-04-11 04:17 - 00287232 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\hw_quusbnet.sys
2017-06-10 12:48 - 2017-04-11 04:17 - 00226560 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\hw_quusbmdm.sys
2017-06-10 12:48 - 2017-04-11 04:17 - 00127360 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\hw_cdcacm.sys
2017-06-10 12:48 - 2017-04-11 04:17 - 00116864 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\hw_usbdev.sys
2017-06-09 17:25 - 2017-06-09 17:26 - 00766472 _____ C:\Users\xxx y xxx\Downloads\Moerderische Nachbarn.epub
2017-05-31 18:01 - 2017-05-31 18:01 - 00000000 ____D C:\Users\xxx y xxx\Desktop\IMG_20170521_194740
2017-05-31 18:00 - 2017-05-31 18:00 - 00000000 ____D C:\Users\xxx y xxx\AppData\Roaming\WinRAR
2017-05-31 18:00 - 2017-05-31 18:00 - 00000000 ____D C:\Users\xxx\AppData\Roaming\WinRAR
2017-05-31 17:59 - 2017-05-31 18:17 - 00000000 ____D C:\Program Files\WinRAR
2017-05-27 15:24 - 2017-05-27 15:24 - 01509200 _____ C:\Users\xxx y xxx\Downloads\Por-andar-vestida-de-hombre--Julio-Csar-Gonzlez-Pags.pdf
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-06-24 14:43 - 2016-11-18 20:01 - 00000000 ____D C:\Users\xxx y xxx\AppData\LocalLow\Mozilla
2017-06-24 14:41 - 2016-08-31 18:35 - 00000000 ____D C:\ProgramData\NVIDIA
2017-06-24 14:41 - 2016-08-06 14:41 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-24 14:40 - 2016-07-16 08:04 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-06-24 14:30 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-06-24 14:22 - 2014-05-30 13:27 - 00000000 ____D C:\AdwCleaner
2017-06-24 14:01 - 2016-08-06 14:05 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-06-24 10:03 - 2015-09-27 18:33 - 00000000 ____D C:\Users\xxx\AppData\Local\Packages
2017-06-24 10:02 - 2016-08-06 14:08 - 00000000 ____D C:\ProgramData\Package Cache
2017-06-24 10:02 - 2016-02-13 19:30 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-24 09:33 - 2016-07-16 13:47 - 00000000 ___RD C:\WINDOWS\PrintDialog
2017-06-24 09:30 - 2012-11-18 10:16 - 00000000 ____D C:\Program Files (x86)\GetRight
2017-06-24 07:06 - 2017-01-27 21:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-06-24 07:06 - 2012-11-24 09:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-06-23 13:13 - 2016-07-16 13:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-23 01:19 - 2017-03-18 14:09 - 00000000 ____D C:\Program Files (x86)\StarMoney 11
2017-06-22 17:54 - 2015-05-12 17:44 - 00000000 ____D C:\Program Files (x86)\StarMoney 10
2017-06-18 18:54 - 2016-08-06 14:15 - 02400870 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-18 18:54 - 2016-07-17 00:51 - 00954776 _____ C:\WINDOWS\system32\perfh007.dat
2017-06-18 18:54 - 2016-07-17 00:51 - 00230828 _____ C:\WINDOWS\system32\perfc007.dat
2017-06-18 13:35 - 2016-08-06 14:53 - 00000000 ____D C:\WINDOWS\system32\msmq
2017-06-18 13:33 - 2016-07-16 13:45 - 00000000 ____D C:\WINDOWS\INF
2017-06-17 10:39 - 2014-07-04 22:51 - 00000000 ____D C:\Users\xxx y xxx\AppData\Roaming\vlc
2017-06-16 07:06 - 2012-10-16 14:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-06-16 07:03 - 2016-10-10 18:33 - 00038048 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avusbflt.sys
2017-06-16 07:03 - 2013-03-28 20:12 - 00167504 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2017-06-16 07:03 - 2013-03-28 20:12 - 00164824 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2017-06-15 15:24 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\rescache
2017-06-15 01:11 - 2016-08-06 14:16 - 00000000 ____D C:\Users\xxx y xxx
2017-06-15 01:09 - 2016-08-06 14:05 - 00260872 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-15 01:09 - 2012-05-10 17:52 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-06-15 01:09 - 2012-05-10 17:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-06-14 20:47 - 2016-07-16 13:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-06-14 20:47 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-14 20:47 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-06-14 20:04 - 2013-10-11 16:52 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-14 19:56 - 2012-05-10 17:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-06-14 19:56 - 2012-04-03 18:28 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-14 19:55 - 2016-07-16 13:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-10 20:25 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-06-10 12:49 - 2016-09-03 10:06 - 00000000 ____D C:\Users\xxx\AppData\Local\Hisuite
2017-06-05 11:51 - 2017-01-15 14:30 - 00000000 ____D C:\Users\xxx\AppData\LocalLow\Mozilla
2017-06-05 11:51 - 2016-08-06 14:16 - 00000000 ____D C:\Users\DefaultAppPool
2017-06-05 11:51 - 2012-04-06 13:50 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-06-05 11:39 - 2015-11-14 13:54 - 00000000 ____D C:\Users\xxx y xxx\Downloads\Bücher
2017-06-05 11:31 - 2016-10-09 13:44 - 00000000 ___RD C:\Users\xxx y xxx\Downloads\Kurzfilme
2017-06-04 13:37 - 2017-01-01 14:19 - 00000000 ____D C:\Users\xxx y xxx\Documents\korAccount
2017-06-04 13:37 - 2016-04-29 16:53 - 00000000 ____D C:\Users\xxx\AppData\Local\ElevatedDiagnostics
2017-06-04 13:37 - 2012-04-01 14:57 - 00000000 ____D C:\Users\xxx y xxx\AppData\Roaming\korAccount
2017-06-03 08:36 - 2016-07-16 13:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-03 08:36 - 2016-07-16 13:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-02 21:42 - 2014-08-01 22:52 - 00001143 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-06-02 21:40 - 2016-08-06 14:16 - 00000000 ____D C:\Users\xxx
2017-05-31 18:08 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\registration
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-06-16 16:38
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 21-06-2017 01
durchgeführt von xxx (24-06-2017 15:05:12)
Gestartet von C:\Users\xxx y xxx\Desktop
Windows 10 Home Version 1607 (X64) (2016-08-06 13:34:27)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-1972467013-2157606943-3240702937-500 - Administrator - Disabled)
BitBox (S-1-5-21-1972467013-2157606943-3240702937-1004 - Limited - Enabled)
DefaultAccount (S-1-5-21-1972467013-2157606943-3240702937-503 - Limited - Disabled)
Gast (S-1-5-21-1972467013-2157606943-3240702937-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1972467013-2157606943-3240702937-1002 - Limited - Enabled)
xxx (S-1-5-21-1972467013-2157606943-3240702937-1000 - Administrator - Enabled) => C:\Users\xxx
xxx y xxx (S-1-5-21-1972467013-2157606943-3240702937-1003 - Limited - Enabled) => C:\Users\xxx y xxx
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acronis True Image (HKLM-x32\...\{E5F28743-0DB5-42C1-8B70-5986D88C0BE0}Visible) (Version: 19.0.6581 - Acronis)
Acronis True Image (x32 Version: 19.0.6581 - Acronis) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2540 - Adobe Systems Incorporated)
Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0.3 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Reader X (10.1.15) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.15 - Adobe Systems Incorporated)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.10.1.0 - Asmedia Technology)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.27.34 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{b9b31169-be62-4b82-9e65-d47c99299ba1}) (Version: 1.2.88.24864 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.88.24864 - Avira Operations GmbH & Co. KG) Hidden
Biet-O-Matic v2.14.8 (HKLM-x32\...\Biet-O-Matic v2.14.8) (Version: 2.14.8 - BOM Development Team)
Bitcoin (HKU\S-1-5-21-1972467013-2157606943-3240702937-1000\...\Bitcoin) (Version: 0.8.6 - Bitcoin project)
Bitcoin (HKU\S-1-5-21-1972467013-2157606943-3240702937-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06242017144814005\...\Bitcoin) (Version: 0.8.6 - Bitcoin project)
Browser in the Box (HKLM-x32\...\BitBox) (Version: 4.3.2-r211 - Sirrix AG)
calibre 64bit (HKLM\...\{CDAEDA67-2C58-43F6-832A-D9C4D84347BA}) (Version: 2.53.0 - Kovid Goyal)
Canon iP7200 series Benutzerregistrierung (HKLM-x32\...\Canon iP7200 series Benutzerregistrierung) (Version: - Canon Inc.)
Canon iP7200 series On-screen Manual (HKLM-x32\...\Canon iP7200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon iP7200 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP7200_series) (Version: - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.30 - Piriform)
CloudReading (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.0.27.1025 - Foxit Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Data Lifeguard Diagnostic for Windows (HKLM-x32\...\{E40CE517-0D42-4198-96B4-C8232B257EB5}) (Version: 1.13 - Western Digital Corporation)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
ffdshow [rev 3154] [2009-12-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.1.1031 - Foxit Corporation)
GetRight 5.2d (HKLM-x32\...\GetRight_is1) (Version: - Headlight Software, Inc.)
HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
korAccount (HKLM-x32\...\{ABBF9252-A2F0-4770-8557-FFC357EA0F37}) (Version: 4.0.6.0 - Kornelius)
LibreOffice 5.0.5.2 (HKLM-x32\...\{43D862C3-739D-4FF6-91C0-25612368CC81}) (Version: 5.0.5.2 - The Document Foundation)
Malwarebytes Version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Mozilla Firefox 54.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 54.0 (x86 de)) (Version: 54.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.0.6368 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
NVIDIA 3D Vision Treiber 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 342.01 - NVIDIA Corporation)
NVIDIA Grafiktreiber 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
OLYMPUS Digital Camera Updater (HKLM-x32\...\{2A9E8F56-C31B-4DBB-BFE2-0F4EC8192355}) (Version: 1.0.3 - OLYMPUS IMAGING CORP.)
OLYMPUS Viewer 2 (HKLM-x32\...\{AEE39224-92BE-4389-9493-E57FF73BB96A}) (Version: 1.3.1 - OLYMPUS IMAGING CORP.)
Oracle VM VirtualBox 5.0.20_Sirrix (HKLM\...\{D5D3DA57-5784-4703-845B-7AC08D13C4DE}) (Version: 5.0.20 - Sirrix AG)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6554 - Realtek Semiconductor Corp.)
Recover Keys (HKLM-x32\...\Recover Keys_is1) (Version: 9.0.3.168 - Recover Keys)
Spotify (HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\...\Spotify) (Version: 1.0.45.186.g3b5036d6 - Spotify AB)
Spotify (HKU\S-1-5-21-1972467013-2157606943-3240702937-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06242017144814863\...\Spotify) (Version: 1.0.45.186.g3b5036d6 - Spotify AB)
StarMoney (x32 Version: 3.0.3.19 - StarFinanz) Hidden
StarMoney (x32 Version: 4.0.2.34 - StarFinanz) Hidden
StarMoney (x32 Version: 5.0.0.226 - StarFinanz) Hidden
StarMoney (x32 Version: 6.0.0.313 - StarFinanz) Hidden
StarMoney 10 (HKLM-x32\...\{4A1988CE-0DEA-412B-8624-31A260263254}) (Version: 10 - Star Finanz GmbH)
StarMoney 11 (HKLM-x32\...\{A0F298D4-9F6A-444D-A434-7C9F6DFF34FF}) (Version: 11 - Star Finanz GmbH)
StarMoney 9.0 (HKLM-x32\...\{E3F4EED3-A8DB-4751-9BAC-2C54B2EC12C0}) (Version: 9.0 - Star Finanz GmbH)
STRATO HiDrive (remove only) (HKLM-x32\...\STRATO HiDrive) (Version: - STRATO AG)
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
VoipConnect (HKLM-x32\...\VoipConnect_is1) (Version: 4.13 build 732 - Finarea S.A. Switzerland)
VoipGain (HKLM-x32\...\VoipGain_is1) (Version: 4.09 build 660 - Finarea S.A. Switzerland)
Windows 10-Upgrade-Assistent (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17349 - Microsoft Corporation)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows-Treiberpaket - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/11/2009 2.0.0010.00002) (HKLM\...\2F30E6DAC57CFBE9B670FFE89D9E2009ACA4666C) (Version: 08/11/2009 2.0.0010.00002 - Google, Inc.)
Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)
WISO steuer:Sparbuch 2016 (HKLM-x32\...\{9CD347AD-C3CB-40AA-B693-0D090B309F7C}) (Version: 23.00.1146 - Buhl Data Service GmbH)
WISO steuer:Sparbuch 2017 (HKLM-x32\...\{6B95FF21-CEC5-41B6-A36F-D40B0CE3F561}) (Version: 24.00.1375 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{66D1331F-5388-486F-BF77-847F6CBD0043}) (Version: 21.00.8480 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2015 (HKLM-x32\...\{1D311707-0AAB-43F6-A9B3-468555554C19}) (Version: 22.00.8811 - Buhl Data Service GmbH)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {0101F20B-D273-42D7-BC11-0C2E82F4A4C7} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {047A26EA-E65C-4BEC-90DE-CA3BBE92BBB4} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0E9DA4C4-D39A-4D98-B803-942DBDB9359D} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {169EABC2-63A7-46F4-B474-FC1BEF7CAF7A} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {17B53C2E-5E20-4023-A946-F5122CE7B583} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {20A80F12-7846-4E07-9AC7-7E9825AFC1E4} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {21BD8E56-FF1C-4D43-B03C-999866E98523} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {22AE36B0-CAC9-4163-8AC1-7A539B7760B8} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {282DA29B-55E0-437B-824F-DC4D02686C48} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {2BD99794-C7B1-4DA7-9DA8-08DE8CC227DE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-05-19] (Piriform Ltd)
Task: {2DBBF6DA-005C-4915-A19A-A329D7297044} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {34B53ED6-3023-4BF4-A0D9-EE26138231A9} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {4232FBBB-6E8F-4D1D-8E6C-BA8C7214D8B9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {47B78AAA-9A95-4BAC-8AFA-16CE1DBE4870} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {50DBC6DA-88B7-41C1-8AF7-21E6145AE8DA} - System32\Tasks\{78A448D7-22A9-4CC7-B099-543040F26CC6} => pcalua.exe -a C:\Users\xxx\Downloads\WISOSteuersoftware2012.exe -d C:\Windows\system32
Task: {513D3F3D-8E2B-427B-A539-2EF0932E9490} - System32\Tasks\{FFAF333C-D13E-4797-9E90-81987D85DD73} => C:\Users\xxx y xxx\Desktop\bitcoin-0.8.1-win32-setup.exe
Task: {5D1EED4B-B134-445C-8275-D0577B4435BB} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {6FD0F5EA-67C0-4869-9CEC-BF7195B08B7C} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7338E112-1213-4FE9-8407-9DD7D1CDEB86} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {753C47AE-EC5E-44B3-95A9-2C8E553F0E39} - System32\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary => C:\Program Files\Windows Media Player\wmpnscfg.exe
Task: {798F5EF4-937E-4DE3-8A71-78989BA5D897} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8132E3D3-927A-4004-AD9F-F626F91335CA} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {82323F0B-CDCF-4721-8B84-0140346D7F60} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {84BD501C-F7AB-4148-940A-BD2A14A6055F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {8A8E1E0A-E7BC-4CA1-B828-47C746E8CC90} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {A5DD998E-F23F-4A7D-87B5-8B77D4CB81CC} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A6DC991D-BFFC-475E-9D7C-9853096CE5AE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {A97824E0-1CEA-4F24-858F-8030A30D60DA} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AACBC7B2-044C-4658-AC2B-7FB2EE867651} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {AD0A6245-467C-42BA-833F-597FF2C139FE} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {AF866AD2-7F9B-47AE-82B3-D62A6947D4BA} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {B6D591D1-38E7-4439-8D1C-AC587FF1C8A5} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C07510B7-8FD2-437C-A31A-62D5FD02C503} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {C2D1A508-31E4-441A-A131-448375E2748C} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C47DB370-B977-413B-AF68-22B24271957A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C6A19B7F-B746-4532-B74B-CF7B3A14914C} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D0DE78F0-48B4-45D4-A868-6C24698D254D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-17] (Adobe Systems Incorporated)
Task: {DCCA43DD-29F7-401D-AE68-8012D4C0BADD} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {E3F62F4C-1F20-4C11-9083-3216E0A6A0E8} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F766E8FF-8CC1-40BD-BAB4-3726D5020251} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Verknüpfungen & WMI ========================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2016-07-16 13:42 - 2016-07-16 13:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-06-14 19:12 - 2017-06-03 12:01 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-08-31 18:33 - 2016-11-14 13:15 - 00135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-10-14 15:31 - 2016-10-14 15:31 - 01244408 _____ () C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
2016-11-20 14:14 - 2016-11-20 14:14 - 04463592 _____ () C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
2017-04-11 04:17 - 2017-04-11 04:17 - 00192200 _____ () C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
2016-08-06 15:48 - 2016-08-06 15:48 - 00959168 _____ () C:\Users\xxx y xxx\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\ClientTelemetry.dll
2016-09-15 17:14 - 2016-09-07 06:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-15 21:20 - 2017-03-04 08:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-15 21:21 - 2017-03-04 08:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-15 21:21 - 2017-03-04 08:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-15 21:21 - 2017-03-04 08:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-06-14 19:12 - 2017-06-03 10:47 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-06-14 19:12 - 2017-06-03 10:47 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-06-14 19:12 - 2017-06-03 10:51 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-04-16 12:56 - 2016-04-16 12:56 - 09698296 _____ () C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
2017-06-21 10:11 - 2017-06-21 10:11 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-06-21 10:11 - 2017-06-21 10:11 - 00203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-06-21 10:11 - 2017-06-21 10:12 - 43454464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-06-21 10:11 - 2017-06-21 10:11 - 02437120 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\skypert.dll
2017-06-24 14:46 - 2017-05-25 14:11 - 02270664 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2010-12-23 12:06 - 2010-12-23 12:06 - 00028672 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\cx_Logging.pyd
2012-10-27 16:21 - 2012-10-27 16:21 - 00098816 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32api.pyd
2012-10-27 16:20 - 2012-10-27 16:20 - 00110080 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\pywintypes27.dll
2012-10-27 16:20 - 2012-10-27 16:20 - 00018432 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32event.pyd
2012-10-27 16:20 - 2012-10-27 16:20 - 00119808 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32file.pyd
2012-10-27 16:21 - 2012-10-27 16:21 - 00167936 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32gui.pyd
2012-10-27 16:20 - 2012-10-27 16:20 - 00024064 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32pipe.pyd
2012-10-27 16:20 - 2012-10-27 16:20 - 00035840 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32process.pyd
2012-10-27 16:20 - 2012-10-27 16:20 - 00017408 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32profile.pyd
2012-10-27 16:20 - 2012-10-27 16:20 - 00108544 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32security.pyd
2012-10-27 16:21 - 2012-10-27 16:21 - 00022528 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32ts.pyd
2012-10-27 16:22 - 2012-10-27 16:22 - 00364544 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\pythoncom27.dll
2012-10-27 16:23 - 2012-10-27 16:23 - 00320512 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32com.shell.shell.pyd
2014-06-30 17:04 - 2014-06-30 17:04 - 00087552 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\_ctypes.pyd
2014-06-30 17:04 - 2014-06-30 17:04 - 00715264 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\_hashlib.pyd
2014-06-30 17:03 - 2014-06-30 17:03 - 00046080 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\_socket.pyd
2014-06-30 17:04 - 2014-06-30 17:04 - 01160704 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\_ssl.pyd
2012-10-27 16:20 - 2012-10-27 16:20 - 00025600 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32cred.pyd
2014-04-14 16:06 - 2014-04-14 16:06 - 00055510 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\pacparser._pacparser.pyd
2014-04-14 16:06 - 2014-04-14 16:06 - 00976827 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\pacparser.dll
2012-10-27 16:20 - 2012-10-27 16:20 - 00011264 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32crypt.pyd
2012-10-27 16:20 - 2012-10-27 16:20 - 00064512 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32net.pyd
2015-08-11 15:36 - 2015-08-11 15:36 - 00024896 _____ () C:\Program Files (x86)\Common Files\Acronis\Infrastructure\core_workers_shared_context.dll
2016-10-14 15:25 - 2016-10-14 15:25 - 00037808 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
2016-10-14 15:48 - 2016-10-14 15:48 - 04355264 _____ () C:\Program Files (x86)\Common Files\Acronis\Infrastructure\atih_mms_addon.dll
2015-08-23 15:59 - 2015-08-23 15:59 - 00606672 _____ () C:\Program Files (x86)\Common Files\Acronis\Infrastructure\sqlite3.dll
2016-10-14 15:47 - 2016-10-14 15:47 - 20605872 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers.dll
2015-11-16 18:05 - 2015-11-16 18:05 - 00126928 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\afcdpapi.dll
2016-04-16 12:45 - 2016-04-16 12:45 - 00248240 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\sync_agent_api.dll
2014-08-01 19:14 - 2011-01-13 12:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney 9.0\ouservice\PATCHW32.dll
2016-12-13 19:27 - 2016-01-28 16:33 - 01058624 _____ () C:\Program Files (x86)\StarMoney 10\ouservice\libxml2.dll
2016-12-13 19:27 - 2011-01-13 11:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney 10\ouservice\PATCHW32.dll
2017-03-18 14:12 - 2016-01-28 16:33 - 01060160 _____ () C:\Program Files (x86)\StarMoney 11\ouservice\libxml2.dll
2017-03-18 14:12 - 2017-01-23 18:49 - 00232800 _____ () C:\Program Files (x86)\StarMoney 11\ouservice\PATCHW32.dll
2016-10-14 15:25 - 2016-10-14 15:25 - 00445872 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2016-10-14 15:23 - 2016-10-14 15:23 - 00115632 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\EXPAT.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06242017144813267\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06242017144813668\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1972467013-2157606943-3240702937-1000\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-1972467013-2157606943-3240702937-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06242017144814005\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\Control Panel\Desktop\\Wallpaper -> D:\Fotos\Gran Canaria 2017\IMG_20170401_115843.jpg
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06242017144814863\Control Panel\Desktop\\Wallpaper -> D:\Fotos\Gran Canaria 2017\IMG_20170401_115843.jpg
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06242017144817141\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk => C:\Windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.CommonStartup
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: AcronisTimounterMonitor => C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: FileHippo.com => "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background
MSCONFIG\startupreg: OV2_Monitor => "C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 2\FirstStart.exe" /OS
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TrueImageMonitor.exe => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
MSCONFIG\startupreg: VoipConnect => "C:\Program Files (x86)\VoipConnect.com\VoipConnect\voipconnect.exe" -nosplash -minimized
MSCONFIG\startupreg: VoipGain => "C:\Program Files (x86)\VoipGain.com\VoipGain\VoipGain.exe" -nosplash -minimized
HKLM\...\StartupApproved\StartupFolder: => "WISO Mein Steuer-Sparbuch heute.lnk"
HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor"
HKLM\...\StartupApproved\Run32: => "TrueImageMonitor.exe"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1000\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1000\...\StartupApproved\Run: => "VoipConnect"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1000\...\StartupApproved\Run: => "VoipGain"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06242017144814005\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06242017144814005\...\StartupApproved\Run: => "VoipConnect"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06242017144814005\...\StartupApproved\Run: => "VoipGain"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06242017144814005\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\...\StartupApproved\Run: => "OV2_Monitor"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06242017144814863\...\StartupApproved\Run: => "OV2_Monitor"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Wiederherstellungspunkte =========================
19-06-2017 18:54:08 Geplanter Prüfpunkt
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: TAP-Win32 Adapter V9
Description: TAP-Win32 Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Realtek RTL8191SU Wireless LAN 802.11n USB 2.0 Network Adapter
Description: Realtek RTL8191SU Wireless LAN 802.11n USB 2.0-Netzwerkadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTL8192su
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (06/24/2017 02:19:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: adwcleaner_6.047.exe, Version: 6.0.4.7, Zeitstempel: 0x591e43a6
Name des fehlerhaften Moduls: adwcleaner_6.047.exe, Version: 6.0.4.7, Zeitstempel: 0x591e43a6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000211de
ID des fehlerhaften Prozesses: 0x24c
Startzeit der fehlerhaften Anwendung: 0x01d2ece3a0127955
Pfad der fehlerhaften Anwendung: C:\Users\xxx y xxx\Desktop\adwcleaner_6.047.exe
Pfad des fehlerhaften Moduls: C:\Users\xxx y xxx\Desktop\adwcleaner_6.047.exe
Berichtskennung: 7b9c6fb0-44c2-4d2d-bc0d-2bd3557c7f23
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (06/24/2017 01:01:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FRST64.exe, Version: 21.6.2017.1, Zeitstempel: 0x594a8b8e
Name des fehlerhaften Moduls: FRST64.exe, Version: 21.6.2017.1, Zeitstempel: 0x594a8b8e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000026765
ID des fehlerhaften Prozesses: 0x2028
Startzeit der fehlerhaften Anwendung: 0x01d2ecd925b9f851
Pfad der fehlerhaften Anwendung: C:\Users\xxx y xxx\Desktop\FRST64.exe
Pfad des fehlerhaften Moduls: C:\Users\xxx y xxx\Desktop\FRST64.exe
Berichtskennung: 3addf986-1780-4fcd-b65a-559027b1dc85
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (06/22/2017 07:16:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: xxx-PC)
Description: Das Paket „Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe+App“ wurde beendet, da das Anhalten zu lange dauerte.
Error: (06/21/2017 06:46:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: xxx-PC)
Description: Das Paket „Microsoft.Windows.ShellExperienceHost_10.0.14393.1358_neutral_neutral_cw5n1h2txyewy+App“ wurde beendet, da das Anhalten zu lange dauerte.
Error: (06/20/2017 07:06:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Microsoft.Photos.exe, Version 1.0.1706.13001 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 272c
Startzeit: 01d2e9bc8eebac82
Beendigungszeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
Berichts-ID: da215022-55da-11e7-8dfd-8c89a51b1638
Vollständiger Name des fehlerhaften Pakets: Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe
Auf das fehlerhafte Paket bezogene Anwendungs-ID: App
Error: (06/20/2017 07:06:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: xxx-PC)
Description: Das Paket „Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe+App“ wurde beendet, da das Anhalten zu lange dauerte.
Error: (06/19/2017 06:54:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (06/19/2017 06:54:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddCorePnPFiles : Opening PnpLockdownFiles key failed.
System Error:
Zugriff verweigert
.
Error: (06/19/2017 06:33:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (06/19/2017 06:33:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddCorePnPFiles : Opening PnpLockdownFiles key failed.
System Error:
Zugriff verweigert
.
Systemfehler:
=============
Error: (06/24/2017 02:43:19 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
und der APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (06/24/2017 02:41:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "NetTcpActivator" ist vom Dienst "NetTcpPortSharing" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
Error: (06/24/2017 02:37:08 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
und der APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (06/24/2017 02:35:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "NetTcpActivator" ist vom Dienst "NetTcpPortSharing" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
Error: (06/24/2017 02:33:54 PM) (Source: DCOM) (EventID: 10010) (User: xxx-PC)
Description: Der Server "{D7FD466D-F6CF-4C8E-86DD-12E9B0FDAE48}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (06/24/2017 02:26:33 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
und der APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (06/24/2017 02:24:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "NetTcpActivator" ist vom Dienst "NetTcpPortSharing" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
Error: (06/24/2017 02:22:52 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
Es wird bereits eine Instanz des Dienstes ausgeführt.
Error: (06/24/2017 02:22:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Message Queuing" wurde unerwartet beendet. Dies ist bereits 2 Mal passiert.
Error: (06/24/2017 02:22:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz
Prozentuale Nutzung des RAM: 69%
Installierter physikalischer RAM: 4077.64 MB
Verfügbarer physikalischer RAM: 1259.38 MB
Summe virtueller Speicher: 8173.64 MB
Verfügbarer virtueller Speicher: 4450.63 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:536.02 GB) (Free:403.84 GB) NTFS
Drive d: (Volume) (Fixed) (Total:709.88 GB) (Free:485.89 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 210D2946)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=536 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=861.1 GB) - (Type=05)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)
==================== Ende von Addition.txt ============================
|
|
24.06.2017, 14:27
| #7 |
| | Windows 10: Malwarebyte findet Trojan.Agent.BHO shortcut Code:
ATTFilter Untersuchungsergebnis der Verknüpfungen des Benutzers (x64) Version: 21-06-2017 01
durchgeführt von Benutzernamea (24-06-2017 15:07:16)
Gestartet von C:\Users\Benutzername\Desktop
Start-Modus: Normal
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\01 - File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\03 - Documents.lnk -> C:\Users\xxx\Documents ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\04 - Downloads.lnk -> C:\Users\xxx\Downloads ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\05 - Music.lnk -> C:\Users\xxx\Music ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\06 - Pictures.lnk -> C:\Users\xxx\Pictures ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\07 - Videos.lnk -> C:\Users\xxx\Videos ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\08 - Homegroup.lnk -> Microsoft.Windows.Homegroup
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\09 - Network.lnk -> Microsoft.Windows.Network
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\10 - UserProfile.lnk -> C:\Users\xxx ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis True Image.lnk -> C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageLauncher.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 4.0.lnk -> C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.0\DigitalEditions.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1031-7B44-AA1000000001}\SC_Reader.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk -> C:\Program Files (x86)\ImgBurn\ImgBurn.exe (LIGHTNING UK!)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\korAccount.lnk -> C:\Windows\Installer\{ABBF9252-A2F0-4770-8557-FFC357EA0F37}\korAccount.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk -> C:\Windows\MiracastView\MiracastView.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk -> C:\Windows\PrintDialog\PrintDialog.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10-Upgrade-Assistent.lnk -> C:\Windows10Upgrade\Windows10UpgraderApp.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk -> C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2015\WISO Steuer-Sparbuch 2015.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2015\wiso2015.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2015\Hilfen\WISO Steuer-Sparbuch 2015 Bedienbuch.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2015\Handbuch\spar2015.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2015\Hilfen\WISO Steuer-Sparbuch 2015 Hilfe.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2015\wisohilfe.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2015\Hilfen\WISO Steuer-Sparbuch 2015 Steuer-Ratgeber.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2015\Handbuch\sparfb2015.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2014\WISO Steuer-Sparbuch 2014.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\wiso2014.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2014\Hilfen\WISO Steuer-Sparbuch 2014 Bedienbuch.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\Handbuch\spar2014.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2014\Hilfen\WISO Steuer-Sparbuch 2014 Hilfe.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\wisohilfe.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2014\Hilfen\WISO Steuer-Sparbuch 2014 Steuer-Ratgeber.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\Handbuch\sparfb2014.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO steuer Sparbuch 2017\WISO steuer Sparbuch 2017.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2017\wiso2017.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO steuer Sparbuch 2016\WISO steuer Sparbuch 2016.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2016\wiso2016.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital Corporation\Data Lifeguard Diagnostic for Windows\Help Documentation.lnk -> C:\Program Files (x86)\Western Digital Corporation\Data Lifeguard Diagnostic for Windows\help.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital Corporation\Data Lifeguard Diagnostic for Windows\WinDLG.lnk -> C:\Program Files (x86)\Western Digital Corporation\Data Lifeguard Diagnostic for Windows\WinDlg.exe (Western Digital)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VoipGain\VoipGain im Internet.lnk -> C:\Program Files (x86)\VoipGain.com\VoipGain\VoipGain.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VoipGain\VoipGain.lnk -> C:\Program Files (x86)\VoipGain.com\VoipGain\voipgain.exe (VoipGain)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VoipConnect\VoipConnect im Internet.lnk -> C:\Program Files (x86)\VoipConnect.com\VoipConnect\VoipConnect.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VoipConnect\VoipConnect.lnk -> C:\Program Files (x86)\VoipConnect.com\VoipConnect\VoipConnect.exe (VoipConnect)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk -> C:\Program Files (x86)\VideoLAN\VLC\Documentation.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk -> C:\Program Files (x86)\VideoLAN\VLC\NEWS.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk -> C:\Program Files (x86)\VideoLAN\VLC\VideoLAN Website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Windows Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STRATO AG\STRATO HiDrive.lnk -> C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive.exe (STRATO)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STRATO AG\Uninstall.lnk -> C:\Program Files (x86)\STRATO AG\STRATO HiDrive\Uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarMoney 9.0\Aktuelle Informationen.lnk -> C:\Program Files (x86)\StarMoney 9.0\Readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarMoney 9.0\Chipkartenleser Setup.lnk -> C:\Program Files (x86)\StarMoney 9.0\app\SCRConfig.exe (Star Finanz-Software Entwicklung und Vertriebs GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarMoney 9.0\Konverter für Fremddaten.lnk -> C:\Program Files (x86)\StarMoney 9.0\app\smkonv.exe (Star Finanz-Software Entwicklung und Vertriebs GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarMoney 9.0\NetViewer.lnk -> C:\Program Files (x86)\StarMoney 9.0\tools\netviewerK6.exe (Netviewer GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarMoney 9.0\StarMoney 9.0.lnk -> C:\Program Files (x86)\StarMoney 9.0\app\StartStarMoney.exe (Star Finanz-Software Entwicklung und Vertriebs GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarMoney 9.0\Zu Ihren StarMoney-Daten.lnk -> C:\ProgramData\StarMoney 9.0\profil ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarMoney 11\Aktuelle Informationen.lnk -> C:\Program Files (x86)\StarMoney 11\Readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarMoney 11\Chipkartenleser Setup.lnk -> C:\Program Files (x86)\StarMoney 11\app\SCRConfig.exe (Star Finanz-Software Entwicklung und Vertriebs GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarMoney 11\fastviewer.lnk -> C:\Program Files (x86)\StarMoney 11\tools\FastClient.exe (Fastviewer.com)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarMoney 11\Konverter für Fremddaten.lnk -> C:\Program Files (x86)\StarMoney 11\app\smkonv.exe (Star Finanz-Software Entwicklung und Vertriebs GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarMoney 11\StarMoney 11.lnk -> C:\Program Files (x86)\StarMoney 11\app\StartStarMoney.exe (Star Finanz-Software Entwicklung und Vertriebs GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarMoney 11\TeamViewer.lnk -> C:\Program Files (x86)\StarMoney 11\tools\TeamViewerQS_de-idcfsnhckt.exe (TeamViewer)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarMoney 11\Zu Ihren StarMoney-Daten.lnk -> C:\ProgramData\StarMoney 11\profil ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarMoney 10\Aktuelle Informationen.lnk -> C:\Program Files (x86)\StarMoney 10\Readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarMoney 10\Chipkartenleser Setup.lnk -> C:\Program Files (x86)\StarMoney 10\app\SCRConfig.exe (Star Finanz-Software Entwicklung und Vertriebs GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarMoney 10\Konverter für Fremddaten.lnk -> C:\Program Files (x86)\StarMoney 10\app\smkonv.exe (Star Finanz-Software Entwicklung und Vertriebs GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarMoney 10\NetViewer.lnk -> C:\Program Files (x86)\StarMoney 10\tools\netviewerK6.exe (Netviewer GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarMoney 10\StarMoney 10.lnk -> C:\Program Files (x86)\StarMoney 10\app\StartStarMoney.exe (Star Finanz-Software Entwicklung und Vertriebs GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarMoney 10\Zu Ihren StarMoney-Daten.lnk -> C:\ProgramData\StarMoney 10\profil ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recover Keys\Recover Keys.lnk -> C:\Program Files (x86)\Recover Keys\RecoverKeys.exe (ONE UP LTD.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recover Keys\Uninstall Recover Keys\Uninstall Recover Keys.lnk -> C:\Program Files (x86)\Recover Keys\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3\Deinstallieren.lnk -> C:\Program Files (x86)\Google\Picasa3\Uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3\Picasa 3.lnk -> C:\Program Files (x86)\Google\Picasa3\Picasa3.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OLYMPUS Viewer 2\OLYMPUS Viewer 2 ReadMe.lnk -> C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 2\Readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OLYMPUS Viewer 2\OLYMPUS Viewer 2-Hilfe.lnk -> C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 2\OLYMPUSViewer2.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OLYMPUS Viewer 2\OLYMPUS Viewer 2.lnk -> C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 2\OLYMPUS Viewer 2.exe (OLYMPUS IMAGING CORP.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OLYMPUS Digital Kamera Updater\OLYMPUS Digital Kamera Updater.lnk -> C:\Program Files (x86)\OLYMPUS\CameraUpdateTool\CameraUpdate.exe (OLYMPUS IMAGING CORP.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OLYMPUS Digital Kamera Updater\ReadMe des OLYMPUS Digital Kamera Updater.lnk -> C:\Program Files (x86)\OLYMPUS\CameraUpdateTool\Readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OLYMPUS Camera\VG110,D700 Bedienungsanleitung.lnk -> C:\Users\Public\Documents\OLYMPUS\Camera Manual\VG110,D700\DEU.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer\MyPhoneExplorer.lnk -> C:\Program Files (x86)\MyPhoneExplorer\MyPhoneExplorer.exe (F.J. Wechselberger)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer\Uninstall.lnk -> C:\Program Files (x86)\MyPhoneExplorer\uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\Silverlight.Configuration.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Uninstall Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.0\LibreOffice Base.lnk -> C:\Program Files (x86)\LibreOffice 5\program\sbase.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.0\LibreOffice Calc.lnk -> C:\Program Files (x86)\LibreOffice 5\program\scalc.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.0\LibreOffice Draw.lnk -> C:\Program Files (x86)\LibreOffice 5\program\sdraw.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.0\LibreOffice Impress.lnk -> C:\Program Files (x86)\LibreOffice 5\program\simpress.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.0\LibreOffice Math.lnk -> C:\Program Files (x86)\LibreOffice 5\program\smath.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.0\LibreOffice Writer.lnk -> C:\Program Files (x86)\LibreOffice 5\program\swriter.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.0\LibreOffice.lnk -> C:\Program Files (x86)\LibreOffice 5\program\soffice.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Besuchen Sie Java.com.lnk -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\java.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Hilfe aufrufen.lnk -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\java.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Java konfigurieren.lnk -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\javacpl.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel Control Center.lnk -> C:\Program Files (x86)\Intel\Intel Control Center\IntelControlCenter.exe (Intel Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn\ImgBurn Read Me.lnk -> C:\Program Files (x86)\ImgBurn\ReadMe.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn\ImgBurn.lnk -> C:\Program Files (x86)\ImgBurn\ImgBurn.exe (LIGHTNING UK!)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn\Uninstall.lnk -> C:\Program Files (x86)\ImgBurn\uninstall.exe (LIGHTNING UK!)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiSuite\HiSuite.lnk -> C:\Program Files (x86)\HiSuite\HiSuite.exe (Huawei)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiSuite\Uninstall.lnk -> C:\Program Files (x86)\HiSuite\uninst.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GetRight\GetRight Deinstallieren.lnk -> C:\Program Files (x86)\GetRight\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GetRight\GetRight.lnk -> C:\Program Files (x86)\GetRight\GetRight.exe (Headlight Software, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader\Foxit Reader.lnk -> C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader\Uninstall Foxit Reader.lnk -> C:\Program Files (x86)\Foxit Software\Foxit Reader\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow\ffdshow deinstallieren.lnk -> C:\Program Files (x86)\ffdshow\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay\eBay Turbo Lister 2.lnk -> C:\Program Files (x86)\eBay\Turbo Lister2\Tl.exe (eBay Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\Quick Menu\Quick Menu.lnk -> C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\My Image Garden\My Image Garden.lnk -> C:\Program Files (x86)\Canon\My Image Garden\cnmigmain.exe (CANON INC.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP7200 series Benutzerregistrierung\Benutzerregistrierung.LNK -> C:\Program Files (x86)\Canon\IJEREG\iP7200 series\IJEREG.exe (CANON INC.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP7200 series\Liesmich.lnk -> C:\Program Files\CanonBJ\IJPrinter\Canon iP7200 series\readme_German.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management\calibre 64bit - E-book management.lnk -> C:\Program Files\Calibre2\calibre.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management\E-book viewer 64bit.lnk -> C:\Program Files\Calibre2\ebook-viewer.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management\Edit E-book 64bit.lnk -> C:\Program Files\Calibre2\ebook-edit.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management\LRF viewer 64bit.lnk -> C:\Program Files\Calibre2\lrfviewer.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser in the Box\Uninstall Browser in the Box.lnk -> C:\Program Files (x86)\Sirrix AG\BitBox\BitBoxuninstall.exe (Sirrix AG)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Biet-O-Matic\Biet-O-Matic Dokumentation.lnk -> C:\Program Files (x86)\Biet-O-Matic\BOM_DE.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Biet-O-Matic\Biet-O-Matic.lnk -> C:\Program Files (x86)\Biet-O-Matic\Biet-O-Matic.exe (www.bid-o-matic.org)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Biet-O-Matic\Lizenz.lnk -> C:\Program Files (x86)\Biet-O-Matic\Lizenz.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Biet-O-Matic\What's New.lnk -> C:\Program Files (x86)\Biet-O-Matic\WhatsNew.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Biet-O-Matic\Support\Auto Updater.lnk -> C:\Program Files (x86)\Biet-O-Matic\BOMUpdate.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Biet-O-Matic\Support\BOM Logging Config Tool.lnk -> C:\Program Files (x86)\Biet-O-Matic\BOM Logging Config Tool.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Biet-O-Matic\Support\HTML Log Viewer.lnk -> C:\Program Files (x86)\Biet-O-Matic\HTMLLogViewer.exe (Wave)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Antivirus\Avira Antivirus Hilfe.lnk -> C:\Program Files (x86)\Avira\AntiVir Desktop\57\avwin.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Antivirus\Avira Antivirus starten.lnk -> C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe (Avira Operations GmbH & Co. KG)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Antivirus\Avira im Internet.lnk -> C:\Program Files (x86)\Avira\AntiVir Desktop\weblink.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe\Adobe Digital Editions 4.0\Adobe Digital Editions 4.0.lnk -> C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.0\DigitalEditions.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe\Adobe Digital Editions 4.0\Help.lnk -> C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.0\DigitalEditions.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe\Adobe Digital Editions 4.0\Home Page.lnk -> C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.0\DigitalEditions.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe\Adobe Digital Editions 4.0\Uninstall.lnk -> C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.0\uninstall.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft® Windows® Operating System)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis\True Image\Acronis True Image.lnk -> C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageLauncher.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis\True Image\Tools and Utilities\Acronis System Report.lnk -> C:\Program Files (x86)\Acronis\TrueImageHome\SystemReport.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis\True Image\Tools and Utilities\Bootable*Rescue*Media*Builder.lnk -> C:\Program Files (x86)\Acronis\TrueImageHome\MediaBuilder.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk -> C:\Windows\System32\quickassist.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk -> C:\Program Files\7-Zip\7zFM.exe (Igor Pavlov)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk -> C:\Program Files\7-Zip\7-zip.chm ()
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Windows Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Acronis True Image.lnk -> C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageLauncher.exe ()
Shortcut: C:\Users\Public\Desktop\Adobe Digital Editions 4.0.lnk -> C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.0\DigitalEditions.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\Public\Desktop\Adobe Reader X.lnk -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\Public\Desktop\Biet-O-Matic.lnk -> C:\Program Files (x86)\Biet-O-Matic\Biet-O-Matic.exe (www.bid-o-matic.org)
Shortcut: C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk -> C:\Program Files\Calibre2\calibre.exe ()
Shortcut: C:\Users\Public\Desktop\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
Shortcut: C:\Users\Public\Desktop\eBay Turbo Lister 2.lnk -> C:\Program Files (x86)\eBay\Turbo Lister2\Tl.exe (eBay Inc.)
Shortcut: C:\Users\Public\Desktop\Foxit Reader.lnk -> C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe ()
Shortcut: C:\Users\Public\Desktop\HiSuite.lnk -> C:\Program Files (x86)\HiSuite\HiSuite.exe (Huawei)
Shortcut: C:\Users\Public\Desktop\ImgBurn.lnk -> C:\Program Files (x86)\ImgBurn\ImgBurn.exe (LIGHTNING UK!)
Shortcut: C:\Users\Public\Desktop\LibreOffice 5.0.lnk -> C:\Program Files (x86)\LibreOffice 5\program\soffice.exe (The Document Foundation)
Shortcut: C:\Users\Public\Desktop\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Public\Desktop\MyPhoneExplorer.lnk -> C:\Program Files (x86)\MyPhoneExplorer\MyPhoneExplorer.exe (F.J. Wechselberger)
Shortcut: C:\Users\Public\Desktop\Picasa 3.lnk -> C:\Program Files (x86)\Google\Picasa3\Picasa3.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\Recover Keys.lnk -> C:\Program Files (x86)\Recover Keys\RecoverKeys.exe (ONE UP LTD.)
Shortcut: C:\Users\Public\Desktop\StarMoney 10.lnk -> C:\Program Files (x86)\StarMoney 10\app\StartStarMoney.exe (Star Finanz-Software Entwicklung und Vertriebs GmbH)
Shortcut: C:\Users\Public\Desktop\STRATO HiDrive.lnk -> C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive.exe (STRATO)
Shortcut: C:\Users\Public\Desktop\VLC media player.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN)
Shortcut: C:\Users\Public\Desktop\WISO steuer Sparbuch 2017.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2017\wiso2017.exe ()
Shortcut: C:\Users\xxx\Links\Desktop.lnk -> C:\Users\xxx\Desktop ()
Shortcut: C:\Users\xxx\Links\Downloads.lnk -> C:\Users\xxx\Downloads ()
Shortcut: C:\Users\xxx\Links\RecentPlaces.lnk -> [::{22877A6D-37A1-461A-91B0-DBDA5AAEBC99}]
Shortcut: C:\Users\xxx\Desktop\2009Decoder - Verknüpfung.lnk -> C:\Program Files\OTRDecoder_2.0.0.21\2009Decoder.exe (© onlinetvrecorder.com)
Shortcut: C:\Users\xxx\Desktop\OLYMPUS Digital Kamera Updater.lnk -> C:\Program Files (x86)\OLYMPUS\CameraUpdateTool\CameraUpdate.exe (OLYMPUS IMAGING CORP.)
Shortcut: C:\Users\xxx\Desktop\OLYMPUS Viewer 2.lnk -> C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 2\OLYMPUS Viewer 2.exe (OLYMPUS IMAGING CORP.)
Shortcut: C:\Users\xxx\Desktop\VG110,D700 Bedienungsanleitung.lnk -> C:\Users\Public\Documents\OLYMPUS\Camera Manual\VG110,D700\DEU.pdf ()
Shortcut: C:\Users\xxx\Desktop\VoipConnect.lnk -> C:\Program Files (x86)\VoipConnect.com\VoipConnect\VoipConnect.exe (VoipConnect)
Shortcut: C:\Users\xxx\Desktop\VoipGain.lnk -> C:\Program Files (x86)\VoipGain.com\VoipGain\voipgain.exe (VoipGain)
Shortcut: C:\Users\xxx\Desktop\Windows 10-Upgrade-Assistent.lnk -> C:\Windows10Upgrade\Windows10UpgraderApp.exe (Microsoft Corporation)
Shortcut: C:\Users\xxx\Desktop\Windows 7 USB DVD Download Tool.lnk -> C:\Users\xxx\AppData\Local\Apps\Windows 7 USB DVD Download Tool\Windows7-USB-DVD-Download-Tool.exe (Microsoft Corporation)
Shortcut: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\xxx\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optionale Features.lnk -> C:\Windows\System32\fodhelper.exe (Microsoft Corporation)
Shortcut: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool\Windows 7 USB DVD Download Tool.lnk -> C:\Users\xxx\AppData\Local\Apps\Windows 7 USB DVD Download Tool\Windows7-USB-DVD-Download-Tool.exe (Microsoft Corporation)
Shortcut: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitcoin\Bitcoin.lnk -> C:\Program Files (x86)\Bitcoin\bitcoin-qt.exe ()
Shortcut: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitcoin\Uninstall Bitcoin.lnk -> C:\Program Files (x86)\Bitcoin\uninstall.exe (Bitcoin project)
Shortcut: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth-Dateiübertragung.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\xxx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions 4.0.lnk -> C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.0\DigitalEditions.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\xxx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\eBay Turbo Lister 2.lnk -> C:\Program Files (x86)\eBay\Turbo Lister2\Tl.exe (eBay Inc.)
Shortcut: C:\Users\xxx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk -> C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe ()
Shortcut: C:\Users\xxx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\xxx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk -> C:\Program Files\Oracle\VirtualBox\VirtualBox.exe (Oracle Corporation)
Shortcut: C:\Users\xxx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk -> C:\Program Files (x86)\Google\Picasa3\Picasa3.exe (Google Inc.)
Shortcut: C:\Users\xxx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\xxx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\xxx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\xxx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\xxx\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\xxx\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\xxx\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\xxx\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\xxx\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\xxx\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\xxx\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\xxx\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\xxx\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Windows.PurchaseDialog_cw5n1h2txyewy\Microsoft.Windows.PurchaseDialog.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Windows.ContactSupport_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.ZuneVideo_8wekyb3d8bbwe\Microsoft.ZuneVideo.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.ZuneMusic_8wekyb3d8bbwe\Microsoft.ZuneMusic.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Microsoft.XboxIdentityProvider.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Microsoft.XboxGameCallableUI.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.XboxApp_8wekyb3d8bbwe\Microsoft.XboxApp.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsStore_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsPhone_8wekyb3d8bbwe\CompanionApp.App.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsMaps_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsFeedback_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsDVDPlayer_8wekyb3d8bbwe\Microsoft.WindowsDVDPlayer.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\microsoft.windowslive.calendar.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\microsoft.windowslive.mail.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsCamera_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsCalculator_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsAlarms_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.Photos_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaUI.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.SkypeApp_kzf8qxf38zg5c\App.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.People_8wekyb3d8bbwe\x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Office.OneNote_8wekyb3d8bbwe\microsoft.onenoteim.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Microsoft.MicrosoftOfficeHub.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.LockApp_cw5n1h2txyewy\WindowsDefaultLockScreen.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Getstarted_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BioEnrollment_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingWeather_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingSports_8wekyb3d8bbwe\AppexSports.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingNews_8wekyb3d8bbwe\AppexNews.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingFinance_8wekyb3d8bbwe\AppexFinance.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Appconnector_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.AccountsControl_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.3DBuilder_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx y xxx\Links\Desktop.lnk -> C:\Users\xxx y xxx\Desktop ()
Shortcut: C:\Users\xxx y xxx\Links\Downloads.lnk -> C:\Users\xxx y xxx\Downloads ()
Shortcut: C:\Users\xxx y xxx\Links\RecentPlaces.lnk -> [::{22877A6D-37A1-461A-91B0-DBDA5AAEBC99}]
Shortcut: C:\Users\xxx y xxx\Desktop\2009Decoder - Verknüpfung.lnk -> C:\Program Files\OTRDecoder_2.0.0.21\2009Decoder.exe (© onlinetvrecorder.com)
Shortcut: C:\Users\xxx y xxx\Desktop\cut_assistant - Verknüpfung.lnk -> C:\Program Files\OTRDecoder_2.0.0.21\cut_assistant.exe ()
Shortcut: C:\Users\xxx y xxx\Desktop\Spotify.lnk -> C:\Users\xxx y xxx\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
Shortcut: C:\Users\xxx y xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\xxx y xxx\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\xxx y xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk -> C:\Users\xxx y xxx\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
Shortcut: C:\Users\xxx y xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\xxx y xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\xxx y xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\xxx y xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\xxx y xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\xxx y xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\xxx y xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\xxx y xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\xxx y xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\xxx y xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\xxx y xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\xxx y xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\xxx y xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\xxx y xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\xxx y xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\xxx y xxx\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth-Dateiübertragung.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\xxx y xxx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\xxx y xxx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\xxx y xxx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\xxx y xxx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\xxx y xxx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\LibreOffice 5.0.lnk -> C:\Program Files (x86)\LibreOffice 5\program\soffice.exe (The Document Foundation)
Shortcut: C:\Users\xxx y xxx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\xxx y xxx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\VLC media player.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN)
Shortcut: C:\Users\xxx y xxx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Live Mail.lnk -> C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation)
Shortcut: C:\Users\xxx y xxx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\2009Decoder - Verknüpfung.lnk -> C:\Program Files\OTRDecoder_2.0.0.21\2009Decoder.exe (© onlinetvrecorder.com)
Shortcut: C:\Users\xxx y xxx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Biet-O-Matic.lnk -> C:\Program Files (x86)\Biet-O-Matic\Biet-O-Matic.exe (www.bid-o-matic.org)
Shortcut: C:\Users\xxx y xxx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
Shortcut: C:\Users\xxx y xxx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\cut_assistant - Verknüpfung.lnk -> C:\Program Files\OTRDecoder_2.0.0.21\cut_assistant.exe ()
Shortcut: C:\Users\xxx y xxx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\VLC media player.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN)
Shortcut: C:\Users\xxx y xxx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\VoipConnect.lnk -> C:\Program Files (x86)\VoipConnect.com\VoipConnect\VoipConnect.exe (VoipConnect)
Shortcut: C:\Users\xxx y xxx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\VoipGain.lnk -> C:\Program Files (x86)\VoipGain.com\VoipGain\voipgain.exe (VoipGain)
Shortcut: C:\Users\xxx y xxx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\xxx y xxx\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\xxx y xxx\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\xxx y xxx\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\xxx y xxx\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\xxx y xxx\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\xxx y xxx\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\xxx y xxx\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\xxx y xxx\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\xxx y xxx\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\xxx y xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Windows.PurchaseDialog_cw5n1h2txyewy\Microsoft.Windows.PurchaseDialog.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx y xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Windows.ContactSupport_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx y xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.ZuneVideo_8wekyb3d8bbwe\Microsoft.ZuneVideo.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx y xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.ZuneMusic_8wekyb3d8bbwe\Microsoft.ZuneMusic.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx y xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Microsoft.XboxIdentityProvider.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx y xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Microsoft.XboxGameCallableUI.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx y xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.XboxApp_8wekyb3d8bbwe\Microsoft.XboxApp.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx y xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsStore_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx y xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx y xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsPhone_8wekyb3d8bbwe\CompanionApp.App.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx y xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsMaps_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx y xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsFeedback_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx y xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsDVDPlayer_8wekyb3d8bbwe\Microsoft.WindowsDVDPlayer.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx y xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\microsoft.windowslive.calendar.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx y xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\microsoft.windowslive.mail.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx y xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsCamera_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx y xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsCalculator_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx y xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsAlarms_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx y xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx y xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.Photos_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx y xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx y xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaUI.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx y xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx y xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx y xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.SkypeApp_kzf8qxf38zg5c\App.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx y xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.People_8wekyb3d8bbwe\x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx y xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Office.OneNote_8wekyb3d8bbwe\microsoft.onenoteim.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx y xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx y xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Microsoft.MicrosoftOfficeHub.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx y xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx y xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.LockApp_cw5n1h2txyewy\WindowsDefaultLockScreen.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx y xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Getstarted_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx y xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BioEnrollment_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx y xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingWeather_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx y xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingSports_8wekyb3d8bbwe\AppexSports.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx y xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingNews_8wekyb3d8bbwe\AppexNews.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx y xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingFinance_8wekyb3d8bbwe\AppexFinance.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx y xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Appconnector_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx y xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.AccountsControl_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx y xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx y xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.3DBuilder_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\xxx y xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\king.com.CandyCrushSaga_kgqvnymyfvs32\App.lnk -> CandyCrushSodaSaga
Shortcut: C:\Users\xxx y xxx\AppData\Local\Microsoft\Windows\Application Shortcuts\9E2F88E3.Twitter_wgeqdkkx372wm\x554f661dyd360y462cy8743yf8a99b7d41dbx.lnk -> Tile and icon assets
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser in the Box.lnk -> C:\Program Files (x86)\Sirrix AG\BitBox\bin\BitBoxClient.exe (Sirrix AG) -> start
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN) -> --reset-config --reset-plugins-cache vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN) -> -Iskins
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft® Windows® Operating System) -> /7
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3\Picasa Photo Viewer konfigurieren.lnk -> C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe (Google Inc.) -> /reconfig
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Auf Updates prüfen.lnk -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\javacpl.exe (Oracle Corporation) -> -tab update
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Info zu Java.lnk -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\javacpl.exe (Oracle Corporation) -> -tab about
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow\Audiodekoder-Konfiguration.lnk -> C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) -> ffdshow.ax,configureAudio
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow\VFW-Konfiguration.lnk -> C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) -> ff_vfw.dll,configureVFW
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow\Videodekoder-Konfiguration.lnk -> C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) -> ffdshow.ax,configure
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\My Printer\My Printer.lnk -> C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) -> /mn
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP7200 series Manual\Canon iP7200 series Online-Handbuch.lnk -> C:\Program Files (x86)\Canon\IJ Manual\Easy Guide Viewer\cmview.exe (CANON INC.) -> "C:\PROGRAM FILES (X86)\Canon\IJ Manual\CANON IP7200 SERIES\German\Info.egv"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser in the Box\Browser in the Box.lnk -> C:\Program Files (x86)\Sirrix AG\BitBox\bin\BitBoxClient.exe (Sirrix AG) -> start
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Connect.lnk -> C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Avira Operations GmbH & Co. KG) -> /showMiniGui
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asmedia Technology\ASM104x USB 3.0 Driver\Uninstall.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /x {E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis\True Image\Tools and Utilities\Activate Acronis Startup Recovery Manager.lnk -> C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe () -> /asz_recovery_manager
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis\True Image\Tools and Utilities\Add New Disk.lnk -> C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe () -> /add_new_disk
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis\True Image\Tools and Utilities\Clone Disk.lnk -> C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe () -> /clone_disk
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis\True Image\Tools and Utilities\DriveCleanser.lnk -> C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe () -> /drive_cleanser
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis\True Image\Tools and Utilities\Manage Acronis Secure Zone.lnk -> C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe () -> /manage_asz
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis\True Image\Tools and Utilities\System Clean-up.lnk -> C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe () -> /system_cleanup
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis\True Image\Tools and Utilities\Try&Decide.lnk -> C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe () -> /tnd_tool
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Default Apps.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsDefaults
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Devices.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemDevices
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft® Windows® Operating System) -> /0
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Default Apps.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsDefaults
ShortcutWithArgument: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Devices.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemDevices
ShortcutWithArgument: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft® Windows® Operating System) -> /0
ShortcutWithArgument: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\Public\Desktop\Browser in the Box.lnk -> C:\Program Files (x86)\Sirrix AG\BitBox\bin\BitBoxClient.exe (Sirrix AG) -> start
ShortcutWithArgument: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool\Uninstall Windows 7 USB DVD Download Tool.lnk -> C:\Windows\System32\msiexec.exe (Microsoft Corporation) -> /x {CCF298AF-9CE1-4B26-B251-486E98A34789}
ShortcutWithArgument: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Default Apps.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsDefaults
ShortcutWithArgument: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Devices.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemDevices
ShortcutWithArgument: C:\Users\xxx\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\xxx\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\xxx\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\xxx\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\xxx\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\xxx\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\xxx\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\xxx\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\xxx\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft® Windows® Operating System) -> /0
ShortcutWithArgument: C:\Users\xxx\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\xxx y xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Default Apps.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsDefaults
ShortcutWithArgument: C:\Users\xxx y xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Devices.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemDevices
ShortcutWithArgument: C:\Users\xxx y xxx\AppData\Roaming\Microsoft\Windows\SendTo\Browser in the Box Upload.lnk -> C:\Program Files (x86)\Sirrix AG\BitBox\bin\BitBoxClient.exe (Sirrix AG) -> upload
ShortcutWithArgument: C:\Users\xxx y xxx\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\xxx y xxx\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\xxx y xxx\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\xxx y xxx\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\xxx y xxx\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\xxx y xxx\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\xxx y xxx\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\xxx y xxx\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\xxx y xxx\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft® Windows® Operating System) -> /0
ShortcutWithArgument: C:\Users\xxx y xxx\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2015\Hilfen\WISO Steuer-Sparbuch 2015 Online-Hilfe.url -> URL: hxxp://www.buhl.de/goto/?index=2937
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2014\Hilfen\WISO Steuer-Sparbuch 2014 Online-Hilfe.url -> URL: hxxp://www.buhl.de/goto/?index=1921
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO steuer Sparbuch 2017\Hilfen\WISO steuer Sparbuch 2017 Online-Hilfe.url -> URL: hxxp://www.buhl.de/go/2241
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO steuer Sparbuch 2016\Hilfen\WISO steuer Sparbuch 2016 Online-Hilfe.url -> URL: hxxp://www.buhl.de/go/325
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarMoney 9.0\StarMoney-Homepage.url -> URL: hxxp://www.starmoney.de
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarMoney 11\StarMoney-Homepage.url -> URL: hxxps://www.starmoney.de
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarMoney 10\StarMoney-Homepage.url -> URL: hxxp://www.starmoney.de
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recover Keys\Recover Keys Help.url -> URL: hxxps://recover-keys.com/kb/?utm_source=MJB+software&utm_campaign=MJB+2.0.9.5+auto+installer&utm_medium=software
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recover Keys\Recover Keys on the Web.url -> URL: hxxps://recover-keys.com/?utm_source=MJB+software&utm_campaign=MJB+2.0.9.5+auto+installer&utm_medium=software
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Besuchen Sie Java.com.url -> URL: hxxp://java.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Hilfe aufrufen.url -> URL: hxxp://java.com/help
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow\Webseite.url -> URL: hxxp://ffdshow-tryout.sourceforge.net/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner Homepage.url -> URL: hxxp://www.piriform.com/ccleaner
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management\Get Involved.url -> URL: hxxp://calibre-ebook.com/get-involved
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management\User Manual.url -> URL: hxxp://manual.calibre-ebook.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis\True Image\Acronis-Website.url -> URL: hxxp://www.acronis.de
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis\True Image\Benutzeranleitung.url -> URL: hxxp://download.acronis.com/pdf/ATIH2014P_userguide_de-DE.pdf
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis\True Image\User's guide.url -> URL: hxxp://download.acronis.com/pdf/ATI2016_userguide_en-US.pdf
InternetURL: C:\Users\xxx\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
InternetURL: C:\Users\xxx\Favorites\Windows Live\Windows Live Gallery.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=70742
InternetURL: C:\Users\xxx\Favorites\Windows Live\Windows Live Ideas.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72700
InternetURL: C:\Users\xxx\Favorites\Windows Live\Windows Live Mail.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72681
InternetURL: C:\Users\xxx\Favorites\Windows Live\Windows Live Spaces.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72682
InternetURL: C:\Users\xxx\Favorites\MSN-Websites\MSN Auto.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72680
InternetURL: C:\Users\xxx\Favorites\MSN-Websites\MSN Fernsehen.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72659
InternetURL: C:\Users\xxx\Favorites\MSN-Websites\MSN Money.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72640
InternetURL: C:\Users\xxx\Favorites\MSN-Websites\MSN Nachrichten.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72636
InternetURL: C:\Users\xxx\Favorites\MSN-Websites\MSN Sport.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72635
InternetURL: C:\Users\xxx\Favorites\MSN-Websites\MSN.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72630
InternetURL: C:\Users\xxx\Favorites\Microsoft-Websites\IE-Site auf Microsoft.com.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72186
InternetURL: C:\Users\xxx\Favorites\Microsoft-Websites\Microsoft Deutschland GmbH.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72520
InternetURL: C:\Users\xxx\Favorites\Microsoft-Websites\Microsoft Store.url -> URL: hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\xxx\Favorites\Microsoft-Websites\Microsoft Windows - Start.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72629
InternetURL: C:\Users\xxx\Favorites\Microsoft-Websites\Microsoft zu Hause.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72406
InternetURL: C:\Users\xxx\Favorites\Microsoft-Websites\Microsoft.com durchsuchen.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72893
InternetURL: C:\Users\xxx\Favorites\Microsoft-Websites\Site für IE Add-Ons.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\xxx\Favorites\Links\Vorgeschlagene Sites (2).url -> URL: hxxps://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\xxx\Favorites\Links\Vorgeschlagene Sites.url ->
InternetURL: C:\Users\xxx y xxx\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
InternetURL: C:\Users\xxx y xxx\Favorites\Windows Live\Windows Live Gallery.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=70742
InternetURL: C:\Users\xxx y xxx\Favorites\Windows Live\Windows Live Ideas.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72700
InternetURL: C:\Users\xxx y xxx\Favorites\Windows Live\Windows Live Mail.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72681
InternetURL: C:\Users\xxx y xxx\Favorites\Windows Live\Windows Live Spaces.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72682
InternetURL: C:\Users\xxx y xxx\Favorites\MSN-Websites\MSN Auto.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72680
InternetURL: C:\Users\xxx y xxx\Favorites\MSN-Websites\MSN Fernsehen.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72659
InternetURL: C:\Users\xxx y xxx\Favorites\MSN-Websites\MSN Money.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72640
InternetURL: C:\Users\xxx y xxx\Favorites\MSN-Websites\MSN Nachrichten.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72636
InternetURL: C:\Users\xxx y xxx\Favorites\MSN-Websites\MSN Sport.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72635
InternetURL: C:\Users\xxx y xxx\Favorites\MSN-Websites\MSN.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72630
InternetURL: C:\Users\xxx y xxx\Favorites\Microsoft-Websites\IE-Site auf Microsoft.com.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72186
InternetURL: C:\Users\xxx y xxx\Favorites\Microsoft-Websites\Microsoft Deutschland GmbH.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72520
InternetURL: C:\Users\xxx y xxx\Favorites\Microsoft-Websites\Microsoft Store.url -> URL: hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\xxx y xxx\Favorites\Microsoft-Websites\Microsoft Windows - Start.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72629
InternetURL: C:\Users\xxx y xxx\Favorites\Microsoft-Websites\Microsoft zu Hause.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72406
InternetURL: C:\Users\xxx y xxx\Favorites\Microsoft-Websites\Microsoft.com durchsuchen.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72893
InternetURL: C:\Users\xxx y xxx\Favorites\Microsoft-Websites\Site für IE Add-Ons.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\xxx y xxx\Favorites\Links\Vorgeschlagene Sites.url -> URL: hxxps://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\xxx y xxx\Favorites\Links\Web Slice-Katalog.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=121315
==================== Ende vom Shortcut.txt =============================
r. |
|
24.06.2017, 21:12
| #8 |
| /// TB-Ausbilder | Windows 10: Malwarebyte findet Trojan.Agent.BHO Servus, leider hast du die falsche Logdatei von AdwCleaner gepostet. Ich wollte die Logdatei des Löschvorgangs sehen (welche sich nach dem Neustart automatisch öffnet). Du hast mir lediglich die Logdatei des Suchvorgangs gepostet... ich weiß also nicht, ob du auch alles entfernt hast. Bitte die richtige Logdatei von AdwCleaner posten, lies dir dazu meine Anleitung zu AdwCleaner nochmal durch. |
|
25.06.2017, 05:43
| #9 |
| | Windows 10: Malwarebyte findet Trojan.Agent.BHO Hallo, es hatt sich leider nach dem Neustart keine Datei automatisch geöffnet. Ich poste nun die Daten die ich im angebenen Pfad finden kann: Code:
ATTFilter # AdwCleaner v6.047 - Bericht erstellt am 24/06/2017 um 14:22:40
# Aktualisiert am 19/05/2017 von Malwarebytes
# Datenbank : 2017-06-23.1 [Lokal]
# Betriebssystem : Windows 10 Home (X64)
# Benutzername : Benutzer
# Gestartet von : C:\Users\xxx\Desktop\adwcleaner_6.047.exe
# Modus: Löschen
# Unterstützung : https://www.malwarebytes.com/support
***** [ Dienste ] *****
***** [ Ordner ] *****
***** [ Dateien ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Verknüpfungen ] *****
***** [ Aufgabenplanung ] *****
***** [ Registrierungsdatenbank ] *****
[-] Schlüssel gelöscht: HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\Software\Headlight
[-] Schlüssel gelöscht: HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\Software\AppDataLow\Software\Headlight
[-] Schlüssel gelöscht: HKU\S-1-5-21-1972467013-2157606943-3240702937-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Conduit
[-] Schlüssel gelöscht: HKU\S-1-5-21-1972467013-2157606943-3240702937-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Headlight
[-] Schlüssel gelöscht: HKU\S-1-5-21-1972467013-2157606943-3240702937-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\Software\Headlight
[-] Daten wiederhergestellt: HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Daten wiederhergestellt: HKU\S-1-5-21-1972467013-2157606943-3240702937-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main [Search Page]
***** [ Browser ] *****
[-] Firefox Einstellungen bereinigt: "extensions.a518dcd9fae80409780aaa9dae0ad4d7b4dd9787b93a445e4b8286df475da9388com50611.50611.cookie.CrossriderNotifier_channels.expiration" - "Fri Feb 01 2030 00:00:00 GMT+0100"
[-] Firefox Einstellungen bereinigt: "extensions.a518dcd9fae80409780aaa9dae0ad4d7b4dd9787b93a445e4b8286df475da9388com50611.50611.cookie.CrossriderNotifier_channels.value" - "%7B%22app0%22%3A%22app0%22%2C%22app50611%22%3A%22app50611%22%2C%22DE%22%3A%22DE%22%7D"
[-] Firefox Einstellungen bereinigt: "extensions.a518dcd9fae80409780aaa9dae0ad4d7b4dd9787b93a445e4b8286df475da9388com50611.50611.cookie.CrossriderNotifier_geolocation.expiration" - "Fri Dec 18 2015 17:03:19 GMT+0100"
[-] Firefox Einstellungen bereinigt: "extensions.a518dcd9fae80409780aaa9dae0ad4d7b4dd9787b93a445e4b8286df475da9388com50611.50611.cookie.CrossriderNotifier_geolocation.value" - "%22DE%22"
[-] Firefox Einstellungen bereinigt: "extensions.a518dcd9fae80409780aaa9dae0ad4d7b4dd9787b93a445e4b8286df475da9388com50611.50611.cookie.CrossriderNotifier_metadata.expiration" - "Thu Dec 17 2015 18:49:09 GMT+0100"
[-] Firefox Einstellungen bereinigt: "extensions.a518dcd9fae80409780aaa9dae0ad4d7b4dd9787b93a445e4b8286df475da9388com50611.50611.cookie.CrossriderNotifier_metadata.value" - "%7B%22appId%22%3A50611%2C%22appName%22%3A%22CrowdFlower%22%2C%22lastMessageId%22%3A0%2C%22nextCheck%22%3A1440%7D"
[-] Firefox Einstellungen bereinigt: "extensions.a518dcd9fae80409780aaa9dae0ad4d7b4dd9787b93a445e4b8286df475da9388com50611.50611.internaldb.Resources_meta.value" - "%7B%22YT.png%22%3A%7B%22id%22%3A1334590%2C%22ver%22%3A59%2C%22status%22%3A1%2C%22name%22%3A%22YT.png%22%2C%22url%22%3A%22hxxp%3A//resources.crossrider.com/system/resources/apps/50611/1334590%22%7D%2C%22sha1-min.js%22%3A%7B%22id%22%3A1334591%2C%22ver%22%3A59%2C%22status%22%3A1%2C%22name%22%3A%22sha1-min.js%22%2C%22url%22%3A%22hxxp%3A//resources.crossrider.com/system/resources/apps/50611/1334591%22%7D%2C%22context.html%22%3A%7B%22id%22%3A1334592%2C%22ver%22%3A59%2C%22status%22%3A1%2C%22name%22%3A%22context.html%22%2C%22url%22%3A%22hxxp%3A//resources.crossrider.com/system/resources/apps/50611/1334592%22%7D%2C%22popup.css%22%3A%7B%22id%22%3A1334593%2C%22ver%22%3A59%2C%22status%22%3A1%2C%22name%22%3A%22popup.css%22%2C%22url%22%3A%22hxxp%3A//resources.crossrider.com/system/resources/apps/50611/1334593%22%7D%2C%22helpers.js%22%3A%7B%22id%22%3A1334594%2C%22ver%22%3A59%2C%22status%22%3A1%2C%22name%22%3A%22helpers.js%22%2C%22url%22%3A%22hxxp%3A//resources.crossrider.com/system/resources/apps/50611/1334594%22%7D%2C%22countdown.js%22%3A%7B%22id%22%3A1334595%2C%22ver%22%3A59%2C%22status%22%3A1%2C%22name%22%3A%22countdown.js%22%2C%22url%22%3A%22hxxp%3A//resources.crossrider.com/system/resources/apps/50611/1334595%22%7D%2C%22cf-logo.png%22%3A%7B%22id%22%3A1334596%2C%22ver%22%3A59%2C%22status%22%3A1%2C%22name%22%3A%22cf-logo.png%22%2C%22url%22%3A%22hxxp%3A//resources.crossrider.com/system/resources/apps/50611/1334596%22%7D%2C%22browser_button.png%22%3A%7B%22id%22%3A1334597%2C%22ver%22%3A59%2C%22status%22%3A1%2C%22name%22%3A%22browser_button.png%22%2C%22url%22%3A%22hxxp%3A//resources.crossrider.com/system/resources/apps/50611/1334597%22%7D%2C%22snippets.js%22%3A%7B%22id%22%3A1334598%2C%22ver%22%3A59%2C%22status%22%3A1%2C%22name%22%3A%22snippets.js%22%2C%22url%22%3A%22hxxp%3A//resources.crossrider.com/system/resources/apps/50611/1334598%22%7D%2C%22cheat.js%22%3A%7B%22id%22%3A1334599%2C%22ver%22%3A59%2C%22status%22%3A1%2C%22name%22%3A%22cheat.js%22%2C%22url%22%3A%22hxxp%3A//resources.crossrider.com/system/resources/apps/50611/1334599%22%7D%2C%22verifiers.js%22%3A%7B%22id%22%3A1334600%2C%22ver%22%3A59%2C%22status%22%3A1%2C%22name%22%3A%22verifiers.js%22%2C%22url%22%3A%22hxxp%3A//resources.crossrider.com/system/resources/apps/50611/1334600%22%7D%7D"
[-] Firefox Einstellungen bereinigt: "extensions.a518dcd9fae80409780aaa9dae0ad4d7b4dd9787b93a445e4b8286df475da9388com50611.50611.internaldb.Resources_resource_1334592.value" - "%22%3C%21DOCTYPE%20html%3E%5Cr%5Cn%3Chtml%3E%5Cr%5Cn%3Chead%3E%5Cr%5Cn%3C%21--%20This%20meta%20tag%20is%20relevant%20only%20for%20IE%20--%3E%5Cr%5Cn%3Cmeta%20hxxp-equiv%3D%5C%22X-UA-Compatible%5C%22%20content%3D%5C%22IE%3Dedge%5C%22%3E%5Cr%5Cn%5Cr%5Cn%3Cscript%20type%3D%5C%22text/javascript%5C%22%3E%5Cr%5Cn/************************************************************************************%5Cr%5Cn%20%20This%20is%20your%20Popup%20Code.%20The%20crossriderMain%28%29%20code%20block%20will%20be%20run%5Cr%5Cn%20%20every%20time%20the%20popup%20is%20opened.%5Cr%5Cn%20%20%5Cr%5Cn%20%20For%20more%20information%2C%20see%3A%5Cr%5Cn%20%20hxxp%3A//docs.crossrider.com/%23%21/api/appAPI.browserAction-method-setPopup%5Cr%5Cn*************************************************************************************/%5Cr%5Cn%5Cr%5Cnfunction%20crossriderMain%28%24%29%20%7B%5Cr%5Cn%5CtappAPI.resources.includeCSS%28%27popup.css%27%29%3B%5Cr%5Cn%5CtappAPI.resources.includeJS%28%27countdown.js%27%29%3B%5Cr%5Cn%5CtappAPI.resources.includeJS%28%27helpers.js%27%29%3B%5Cr%5Cn%5Ct%5Cr%5Cn%5Ct//%20Place%20your%20code%20here%20%28you%20can%20also%20define%20new%20functions%20above%20this%20scope%29%5Cr%5Cn%5Ct//%20The%20%24%20object%20is%20the%20jQuery%20object%5Cr%5Cn%5Ctfunction%20attach%28actions%29%20%7B%5Cr%5Cn%5Ct%5Ct%24%28arguments%29.each%28function%28i%2Caction%29%7B%5Cr%5Cn%5Ct%5Ct%5Ct%24%28%27%23%27+action%29.click%28function%28%29%20%7B%5Cr%5Cn%5Ct%5Ct%5Ct%5CtappAPI.message.toActiveTab%28%7B%5Cr%5Cn%20%20%20%20%20%20%20%20%5Ct%5Ct%5Ctaction%3Aaction%5Cr%5Cn%20%20%20%20%5Ct%5Ct%5Ct%7D%29%3B%5Cr%5Cn%5Ct%5Ct%5Ct%7D%29%3B%5Cr%5Cn%5Ct%5Ct%7D%29%5Cr%5Cn%5Ct%7D%5Cr%5Cn%5Ctattach%28%5C%22status%5C%22%2C%20%5C%22about%5C%22%2C%20%5C%22bug%5C%22%29%5Cr%5Cn%5Ct%5Cr%5Cn%5CtappAPI.message.addListener%28function%28msg%29%20%7B%5Cr%5Cn%5Ct%5Ctif%28msg.action%20%3D%3D%20%5C%22payload%5C%22%29%20%7B%5Cr%5Cn%5Ct%5Ct%5Ctif%28msg.expiration%29%20%7B%5Cr%5Cn%5Ct%5Ct%5Ct%5Ct%24%28%27.timer%20h2%27%29.text%28%5C%22Time%20Remaining%5C%22%29%5Cr%5Cn%5Ct%5Ct%5Ct%5Ct%24%28%27%23countdown%27%29.countdown%28msg.expiration%29.on%28%27update.countdown%27%2C%20function%28event%29%20%7B%5Cr%5Cn%5Ct%5Ct%5Ct%5Ct%5Ctvar%20format%20%3D%20%27%25H%3A%25M%3A%25S%27%3B%5Cr%5Cn%5Ct%5Ct%5Ct%5Ct%5Ct%24%28this%29.html%28event.strftime%28format%29%29%3B%5Cr%5Cn%5Ct%5Ct%5Ct%5Ct%7D%29%3B%5Cr%5Cn%5Ct%5Ct%5Ct%7D%5Cr%5Cn%5Ct%5Ct%7D%5Ct%5Cr%5Cn%5Ct%7D%29%3B%5Cr%5Cn%5CtappAPI.message.toActiveTab%28%7Baction%3A%20%27popup_payload%27%7D%29%3B%5Cr%5Cn%5Ct%5Cr%5Cn%7D%5Cr%5Cn%3C/script%3E%5Cr%5Cn%5Cr%5Cn%3C/head%3E%5Cr%5Cn%3Cbody%3E%5Cr%5Cn%5Cr%5Cn%3Cul%3E%5Cr%5Cn%5Ct%3Cli%3E%3Ca%20href%3D%5C%22%23%5C%22%20id%3D%5C%22status%5C%22%3ECheck%20current%20task%20status%3C/a%3E%3C/li%3E%5Cr%5Cn%5Ct%3Cli%3E%3Ca%20href%3D%5C%22%23%5C%22%20id%3D%5C%22bug%5C%22%3EReport%20a%20problem%3C/a%3E%3C/li%3E%5Cr%5Cn%5Ct%3Cli%3E%3Ca%20href%3D%5C%22%23%5C%22%20id%3D%5C%22about%5C%22%3EAbout%20CrowdFlower%20Extension%3C/a%3E%3C/li%3E%5Cr%5Cn%3C/ul%3E%5Cr%5Cn%3Cdiv%20class%3D%5C%22timer%5C%22%3E%5Cr%5Cn%5Ct%3Ch2%3EThis%20tab%20wasn%27t%20initiated%20from%20CrowdFlower%3C/h2%3E%5Cr%5Cn%5Ct%3Cdiv%20id%3D%5C%22countdown%5C%22%3E%3C/div%3E%5Cr%5Cn%3C/div%3E%5Cr%5Cn%5Cr%5Cn%3C/body%3E%5Cr%5Cn%3C/html%3E%22"
[-] Firefox Einstellungen bereinigt:
[-] Firefox Einstellungen bereinigt: "extensions.a518dcd9fae80409780aaa9dae0ad4d7b4dd9787b93a445e4b8286df475da9388com50611.50611.internaldb.Resources_resource_1334598.value" - "%22//%20The%20Impression%20plugin%20doesn%27t%20show%20the%20referrer%2C%20and%20offers%20no%20way%20to%20store%20extra%20info%2C%20so%20we%27re%20replacing%20it...%5Cn//%5Ct%5CtappAPI.pageImpression.searchByRange%28%7B%5Cn//%20%20%20%20%5Ct%5Ctstart%3A%20start%2C%5Cn//%20%20%20%20%5Ct%5Ctend%3A%20appAPI.time.now%28%29%2C%5Cn//%20%20%20%20%5Ct%5CtmaxResults%3A%20100%2C%5Cn//%20%20%20%20%5Ct%5Ctcallback%3A%20function%28history%29%20%7B%5Cn//%20%20%20%20%5Ct%5Ct%5Ctvar%20payload%20%3D%20_YT.updateEvents%28%24%28history%29.map%28function%28i%2Ce%29%7B%5Cn//%20%20%20%20%5Ct%5Ct%5Ct%5Ct_YT.print%28appAPI.JSON.stringify%28e%29%29%3B%5Cn//%20%20%20%20%5Ct%5Ct%5Ct%5Ctreturn%20%7Bvalue%3A%20e.url%2C%20type%3A%20%5C%22url%5C%22%2C%20time%3A%20e.timeVisited%7D%3B%5Cn//%20%20%20%20%5Ct%5Ct%5Ct%7D%29%2C%20this%2C%20true%29%3B%5Cn//%5Cn//%20%20%20%20%5Ct%5Ct%5Ctpayload.verified%20%3D%20false%3B%5Cn//%5Ct%5Ct%5Ct%5Ctpayload.errors%20%3D%20%5B%5D%3B%5Cn//%20%20%20%20%5Ct%5Ct%5Ctpayload%20%3D%20_YT.chooseVerifier%28payload%29%28payload%29%3B%5Cn//%20%20%20%20%5Ct%5Ct%5Ctpayload.verified%20%3D%20payload.errors.length%20%3D%3D%3D%200%3B%5Cn//%5Ct%5Ct%5Cn//%5Ct%5Ct%5Ct%5Ctpayload.browser_id%20%3D%20appAPI.appInfo.userId%3B%5Cn//%5Ct%5Ct%5Ct%5Ctcallback%28payload%2C%20_YT.signature%28payload%29%29%3B%5Cn//%20%20%20%20%5Ct%5Ct%7D.bind%28payload%29%5Cn//%5Ct%5Ct%7D%29%3B%5Cn%5Ct%5Ct%5Cn//%20The%20crossrider%20search%20plugin%20has%20a%20critical%20bug%2C%20and%20needs%20to%20be%20replaced%5Cn//%20%20%20%20var%20searchHook%20%3D%20appAPI.hooks.register%28%27searchEngine%27%29%3B%5Cn//%5CtsearchHook.addListener%28%27search%27%2C%20function%20%28search%29%20%7B%5Cn//%5Ct%5Ctvar%20searchData%20%3D%20%7B%5Ctvalue%3A%20search.term%5Cn//%5Ct%5Ct%5Ct%5Ct%5Ct%2C%20type%3A%27search%27%5Cn//%5Ct%5Ct%5Ct%5Ct%5Ct%2C%20meta%3A%20appAPI.utils.getHost%28appAPI.dom.location.href%29.replace%28/www%5C%5C./%2C%5C%22%5C%22%29%5Cn//%5Ct%5Ct%7D%3B%5Cn//%5Ct%5Ct_YT.updateEvents%28%5BsearchData%5D%29%3B%5Cn//%5Ct%7D%29%3B%22"
[-] Firefox Einstellungen bereinigt: "extensions.a518dcd9fae80409780aaa9dae0ad4d7b4dd9787b93a445e4b8286df475da9388com50611.50611.thankyou" - "hxxp://crossrider.com/thank_you/50611"
*************************
:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt
:: "Image File Execution Options" Schlüssel gelöscht
:: "Prefetch" Dateien gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Firewall Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [11720 Bytes] - [24/06/2017 14:22:40]
C:\AdwCleaner\AdwCleaner[R0].txt - [2392 Bytes] - [30/05/2014 13:27:40]
C:\AdwCleaner\AdwCleaner[R1].txt - [1160 Bytes] - [30/05/2014 13:33:26]
C:\AdwCleaner\AdwCleaner[R2].txt - [1281 Bytes] - [30/05/2014 19:31:46]
C:\AdwCleaner\AdwCleaner[S0].txt - [2351 Bytes] - [30/05/2014 13:28:43]
C:\AdwCleaner\AdwCleaner[S1].txt - [1222 Bytes] - [30/05/2014 13:34:30]
C:\AdwCleaner\AdwCleaner[S2].txt - [1342 Bytes] - [30/05/2014 19:32:37]
C:\AdwCleaner\AdwCleaner[S3].txt - [5902 Bytes] - [24/06/2017 14:18:58]
C:\AdwCleaner\AdwCleaner[S4].txt - [5233 Bytes] - [24/06/2017 14:22:13]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [12378 Bytes] ##########
r. |
|
25.06.2017, 12:18
| #10 |
| /// TB-Ausbilder | Windows 10: Malwarebyte findet Trojan.Agent.BHO Servus, wir entfernen noch ein bisschen was und kontrollieren nochmal alles. Hinweis: Der Suchlauf mit ESET kann länger dauern. Schritt 1
Schritt 2 Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
Schritt 3 ESET Online Scanner
Schritt 4
Gibt es jetzt noch Probleme mit dem PC oder mit deinen Internet Browsern? Wenn ja, welche?Bitte poste mit deiner nächsten Antwort
|
|
25.06.2017, 14:10
| #11 |
| | Windows 10: Malwarebyte findet Trojan.Agent.BHO Hallo, FRST: Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 24-06-2017 01
durchgeführt von Vivian y Uwe (25-06-2017 14:08:12) Run:1
Gestartet von C:\Users\xxx\Desktop\Trojaner
Geladene Profile: xxx & (Verfügbare Profile: xxx & DefaultAppPool)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
CloseProcesses:
Task: {21BD8E56-FF1C-4D43-B03C-999866E98523} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {22AE36B0-CAC9-4163-8AC1-7A539B7760B8} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {4232FBBB-6E8F-4D1D-8E6C-BA8C7214D8B9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {5D1EED4B-B134-445C-8275-D0577B4435BB} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {7338E112-1213-4FE9-8407-9DD7D1CDEB86} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {82323F0B-CDCF-4721-8B84-0140346D7F60} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {84BD501C-F7AB-4148-940A-BD2A14A6055F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {A6DC991D-BFFC-475E-9D7C-9853096CE5AE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {AACBC7B2-044C-4658-AC2B-7FB2EE867651} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {AD0A6245-467C-42BA-833F-597FF2C139FE} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {C07510B7-8FD2-437C-A31A-62D5FD02C503} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
*****************
Prozesse erfolgreich geschlossen.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21BD8E56-FF1C-4D43-B03C-999866E98523} => Schlüssel konnte nicht entfernt werden. Zugriff verweigert.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => Schlüssel konnte nicht entfernt werden. Zugriff verweigert.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{22AE36B0-CAC9-4163-8AC1-7A539B7760B8} => Schlüssel konnte nicht entfernt werden. Zugriff verweigert.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => Schlüssel konnte nicht entfernt werden. Zugriff verweigert.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4232FBBB-6E8F-4D1D-8E6C-BA8C7214D8B9} => Schlüssel konnte nicht entfernt werden. Zugriff verweigert.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Schlüssel konnte nicht entfernt werden. Zugriff verweigert.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D1EED4B-B134-445C-8275-D0577B4435BB} => Schlüssel konnte nicht entfernt werden. Zugriff verweigert.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => Schlüssel konnte nicht entfernt werden. Zugriff verweigert.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7338E112-1213-4FE9-8407-9DD7D1CDEB86} => Schlüssel konnte nicht entfernt werden. Zugriff verweigert.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => Schlüssel konnte nicht entfernt werden. Zugriff verweigert.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{82323F0B-CDCF-4721-8B84-0140346D7F60} => Schlüssel konnte nicht entfernt werden. Zugriff verweigert.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => Schlüssel konnte nicht entfernt werden. Zugriff verweigert.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84BD501C-F7AB-4148-940A-BD2A14A6055F} => Schlüssel konnte nicht entfernt werden. Zugriff verweigert.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => Schlüssel konnte nicht entfernt werden. Zugriff verweigert.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6DC991D-BFFC-475E-9D7C-9853096CE5AE} => Schlüssel konnte nicht entfernt werden. Zugriff verweigert.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Schlüssel konnte nicht entfernt werden. Zugriff verweigert.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AACBC7B2-044C-4658-AC2B-7FB2EE867651} => Schlüssel konnte nicht entfernt werden. Zugriff verweigert.
Ergebnis der geplanten Datei-Verschiebungen (Start-Modus: Normal) (Datum&Uhrzeit: 25-06-2017 14:35:55)
==> ACHTUNG: ACHTUNG: Das System wurde nicht neu gestartet.
Ergebnis der geplanten Schlüssel-Entfernung nach dem Neustart:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21BD8E56-FF1C-4D43-B03C-999866E98523} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{22AE36B0-CAC9-4163-8AC1-7A539B7760B8} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4232FBBB-6E8F-4D1D-8E6C-BA8C7214D8B9} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D1EED4B-B134-445C-8275-D0577B4435BB} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7338E112-1213-4FE9-8407-9DD7D1CDEB86} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{82323F0B-CDCF-4721-8B84-0140346D7F60} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84BD501C-F7AB-4148-940A-BD2A14A6055F} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6DC991D-BFFC-475E-9D7C-9853096CE5AE} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AACBC7B2-044C-4658-AC2B-7FB2EE867651} => Schlüssel erfolgreich entfernt
==== Ende vom Fixlog 14:35:56 ====
Code:
ATTFilter
|
|
25.06.2017, 19:39
| #12 |
| /// TB-Ausbilder | Windows 10: Malwarebyte findet Trojan.Agent.BHO Servus, gut gemacht. Fehlen noch die anderen Schritte. |
|
25.06.2017, 19:53
| #13 |
| | Windows 10: Malwarebyte findet Trojan.Agent.BHO Hallo Danke für den Ansprorn, Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=6a362446632b14449fb476c7c4d84288
# end=init
# utc_time=2017-06-25 01:11:23
# local_time=2017-06-25 03:11:23 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 33839
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=6a362446632b14449fb476c7c4d84288
# end=updated
# utc_time=2017-06-25 01:14:21
# local_time=2017-06-25 03:14:21 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=6a362446632b14449fb476c7c4d84288
# engine=33839
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2017-06-25 04:55:50
# local_time=2017-06-25 06:55:50 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='Avira Antivirus'
# compatibility_mode=1815 16777213 100 97 91201 50469376 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 3964648 29740364 0 0
# scanned=336018
# found=6
# cleaned=0
# scan_time=13287
sh=D2F2CDEAF546FE9D13A7FBA1D3BD4B6D1B481B90 ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.Youmi.F eventuell unerwünschte Anwendung" ac=I fn="C:\Users\Vivian y Uwe\AppData\Roaming\MyPhoneExplorer\unknown SP-80 [355685020348628]\Cache\phone\mnt\asec\com.aob.android.mnm-1\pkg.apk"
sh=5724FB5E5CAC759EAAC562BDBE1C6D2779FAA2D9 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit eventuell unerwünschte Anwendung" ac=I fn="D:\$RECYCLE.BIN\S-1-5-21-3895887447-627513547-1979770823-1004\$RE866OR\Backup Set 2012-03-24 173746\Backup Files 2012-03-24 173746\Backup files 1.zip"
sh=138BA8E7F1B06B46F194DA15802F1254A2DCB15D ft=0 fh=0000000000000000 vn="Win32/Spy.Banker.XOS Trojaner" ac=I fn="D:\$RECYCLE.BIN\S-1-5-21-3895887447-627513547-1979770823-1004\$RE866OR\Backup Set 2012-03-24 173746\Backup Files 2012-03-24 173746\Backup files 26.zip"
sh=D86DEFD2E249A56F645C5A83CAAAFDD7938CA19E ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.Youmi.F eventuell unerwünschte Anwendung" ac=I fn="D:\$RECYCLE.BIN\S-1-5-21-3895887447-627513547-1979770823-1004\$RE866OR\Backup Set 2012-03-24 173746\Backup Files 2012-03-24 173746\Backup files 27.zip"
sh=BE40B6CD09125224866DD1BC6ADBADAD581BC7D7 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit eventuell unerwünschte Anwendung" ac=I fn="D:\$RECYCLE.BIN\S-1-5-21-3895887447-627513547-1979770823-1004\$RE866OR\Backup Set 2012-03-24 173746\Backup Files 2012-03-24 173746\Backup files 3.zip"
sh=E515A14262F3214F896C4DC54DC58E8479CB1FA6 ft=1 fh=9d9167aa10eeba62 vn="Win32/Toolbar.AskSBar eventuell unerwünschte Anwendung" ac=I fn="D:\Programme\Nero-6.6.1.15a.exe"
|
|
25.06.2017, 20:00
| #14 |
| /// TB-Ausbilder | Windows 10: Malwarebyte findet Trojan.Agent.BHO Fehlt nur noch FRST und die Beantwortung der gestellten Fragen. |
|
25.06.2017, 20:35
| #15 |
| | Windows 10: Malwarebyte findet Trojan.Agent.BHO Hallo, FRST Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 25-06-2017 01
durchgeführt von Terra_Nova (Administrator) auf TERRA_NOVA-PC (25-06-2017 21:25:28)
Gestartet von C:\Users\xxx y xxx\Desktop\Trojaner
Geladene Profile: Terra_Nova & xxx y xxx (Verfügbare Profile: Terra_Nova & xxx y xxx & DefaultAppPool)
Platform: Windows 10 Home Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 11\ouservice\StarMoneyOnlineUpdate.exe
(STRATO) C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
() C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe
(Sirrix AG) C:\Program Files (x86)\Sirrix AG\BitBox\bin\BitBoxService.exe
() C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12445288 2012-01-16] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1794888 2015-06-29] (NVIDIA Corporation)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [567088 2016-10-14] ()
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [NWEReboot] => [X]
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [918008 2017-06-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [97512 2017-05-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [421768 2016-04-25] (Acronis International GmbH)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7382232 2016-10-14] ()
HKU\S-1-5-21-1972467013-2157606943-3240702937-1000\...\Run: [VoipGain] => C:\Program Files (x86)\VoipGain.com\VoipGain\voipgain.exe [23054936 2014-12-13] (VoipGain)
HKU\S-1-5-21-1972467013-2157606943-3240702937-1000\...\Run: [VoipConnect] => C:\Program Files (x86)\VoipConnect.com\VoipConnect\voipconnect.exe [36547168 2016-04-10] (VoipConnect)
HKU\S-1-5-21-1972467013-2157606943-3240702937-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9773272 2017-05-19] (Piriform Ltd)
HKU\S-1-5-21-1972467013-2157606943-3240702937-1000\...\RunOnce: [Uninstall C:\Users\Terra_Nova\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Terra_Nova\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1000\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[C0].txt [12458 2017-06-24] ()
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\...\Run: [OV2_Monitor] => C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 2\OV2Monitor.exe [231784 2013-01-10] (OLYMPUS IMAGING CORP.)
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\...\RunOnce: [Uninstall C:\Users\xxx y xxx\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\xxx y xxx\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\...\RunOnce: [Uninstall C:\Users\xxx y xxx\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\xxx y xxx\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\...\MountPoints2: {1d46483e-4cf7-11e7-8dfb-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\...\MountPoints2: {2574d6c8-2350-11e7-8dea-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\...\MountPoints2: {2574d762-2350-11e7-8dea-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\...\MountPoints2: {2574d79c-2350-11e7-8dea-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\...\MountPoints2: {4ee8ad62-31ce-11e7-8def-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\...\MountPoints2: {5fb1e021-71b2-11e6-8dbe-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\...\MountPoints2: {a1772a20-e3e2-11e6-8dde-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\...\MountPoints2: {b095eec6-7028-11e6-8dbd-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\...\MountPoints2: {b095ef46-7028-11e6-8dbd-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\...\MountPoints2: {b095ef58-7028-11e6-8dbd-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\...\MountPoints2: {dedb0a57-e5f6-11e6-8ddf-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\...\MountPoints2: {e04e85cf-0ae9-11e7-8de8-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\...\MountPoints2: {e84323e1-3bf2-11e7-8df7-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\...\MountPoints2: {e8432568-3bf2-11e7-8df7-8c89a51b1638} - "F:\HiSuiteDownLoader.exe"
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2016-03-18] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2016-03-18] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2016-03-18] (Acronis)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{e7690fc1-1796-4cb4-b365-595a25d2511c}: [DhcpNameServer] 192.168.178.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-27] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-27] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
FireFox:
========
FF ProfilePath: C:\Users\Terra_Nova\AppData\Roaming\Mozilla\Firefox\Profiles\ypuqh6j4.default-1484483457845 [2017-06-05]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru => nicht gefunden
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-17] ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\system32\npDeployJava1.dll [2013-03-24] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [Keine Datei]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-17] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2013-07-03] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2013-07-03] (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-27] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-27] (Adobe Systems Inc.)
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1244408 2016-10-14] ()
R2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [4463592 2016-11-20] ()
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [1128432 2017-06-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [490968 2017-06-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [490968 2017-06-16] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1524216 2017-06-16] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [374352 2017-05-22] (Avira Operations GmbH & Co. KG)
R2 BitBoxService; C:\Program Files (x86)\Sirrix AG\BitBox\bin\BitBoxService.exe [738304 2016-06-20] (Sirrix AG) [Datei ist nicht signiert]
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2017-04-11] () [Datei ist nicht signiert]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4884064 2015-08-11] (Acronis)
R2 StarMoney 10 OnlineUpdate; C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe [701760 2016-11-25] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 StarMoney 11 OnlineUpdate; C:\Program Files (x86)\StarMoney 11\ouservice\StarMoneyOnlineUpdate.exe [701040 2017-02-21] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 STRATO HiDrive Service; C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe [32768 2011-11-15] (STRATO) [Datei ist nicht signiert]
R2 syncagentsrv; C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [9698296 2016-04-16] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-28] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-28] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [31992 2015-06-03] (Advanced Micro Devices, Inc.)
R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [60920 2017-06-16] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [167504 2017-06-16] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [164824 2017-06-16] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2017-03-02] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2017-03-02] (Avira Operations GmbH & Co. KG)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77376 2017-05-25] ()
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2017-04-11] (Huawei Technologies Co., Ltd.)
R0 file_tracker; C:\WINDOWS\System32\DRIVERS\file_tracker.sys [366432 2016-11-20] (Acronis International GmbH)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2017-04-11] (Huawei Technologies Co., Ltd.)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [188312 2017-06-24] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [113592 2017-06-25] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [44960 2017-06-25] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [252832 2017-06-25] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93600 2017-06-25] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
R0 tib; C:\WINDOWS\System32\DRIVERS\tib.sys [1267552 2016-11-20] (Acronis International GmbH)
R2 tib_mounter; C:\WINDOWS\system32\DRIVERS\tib_mounter.sys [193376 2016-11-20] (Acronis International GmbH)
S3 tnd; C:\WINDOWS\system32\DRIVERS\tnd.sys [601432 2016-11-20] (Acronis International GmbH)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [182480 2016-04-29] (Oracle Corporation)
R2 virtual_file; C:\WINDOWS\System32\DRIVERS\virtual_file.sys [279392 2016-09-22] (Acronis International GmbH)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U3 idsvc; kein ImagePath
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-06-25 17:44 - 2017-06-25 17:45 - 11584088 _____ (SurfRight B.V.) C:\Users\xxx y xxx\Downloads\HitmanPro_x64.exe
2017-06-25 15:07 - 2017-06-25 15:07 - 02870984 _____ (ESET) C:\Users\xxx y xxx\Desktop\esetsmartinstaller_deu.exe
2017-06-25 14:49 - 2017-06-25 15:06 - 00000000 ____D C:\ProgramData\HitmanPro
2017-06-25 14:49 - 2017-06-25 14:49 - 11584088 _____ (SurfRight B.V.) C:\Users\xxx y xxx\Desktop\HitmanPro_x64.exe
2017-06-25 12:03 - 2017-06-25 12:03 - 00830387 _____ C:\Users\xxx y xxx\Downloads\ueberweisungstraeger.pdf
2017-06-24 15:39 - 2017-06-25 21:09 - 00000000 ____D C:\Users\xxx y xxx\Desktop\Trojaner
2017-06-24 14:46 - 2017-06-25 21:02 - 00252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-06-24 14:46 - 2017-06-25 21:02 - 00113592 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-06-24 14:46 - 2017-06-25 21:02 - 00093600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-06-24 14:46 - 2017-06-25 21:02 - 00044960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-06-24 14:46 - 2017-06-24 14:46 - 00188312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-06-24 14:46 - 2017-06-24 14:46 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-06-24 14:46 - 2017-06-24 14:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-06-24 14:46 - 2017-06-24 14:46 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-24 14:46 - 2017-06-24 14:46 - 00000000 ____D C:\Program Files\Malwarebytes
2017-06-24 14:46 - 2017-05-25 11:58 - 00077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-06-24 13:17 - 2017-06-24 13:50 - 00078142 _____ C:\TDSSKiller.3.1.0.15_24.06.2017_13.17.54_log.txt
2017-06-24 13:07 - 2017-06-24 13:17 - 00078288 _____ C:\TDSSKiller.3.1.0.15_24.06.2017_13.07.55_log.txt
2017-06-24 13:06 - 2017-06-24 13:06 - 04922400 _____ (AO Kaspersky Lab) C:\Users\xxx y xxx\Downloads\tdsskiller.exe
2017-06-24 13:00 - 2017-06-25 21:25 - 00000000 ____D C:\FRST
2017-06-23 13:15 - 2017-06-23 13:15 - 01008793 _____ C:\Users\xxx y xxx\Downloads\
2017-06-17 09:54 - 2017-06-17 09:54 - 01886221 _____ C:\Users\xxx y xxx\Downloads\
2017-06-17 09:52 - 2017-06-17 09:52 - 01886221 _____ C:\Users\xxx y xxx\Downloads\
2017-06-17 09:14 - 2017-06-17 09:14 - 00130539 _____ C:\Users\xxx y xxx\Downloads\
2017-06-17 09:11 - 2017-06-17 09:11 - 00308118 _____ C:\Users\xxx y xxx\Downloads\
2017-06-16 07:04 - 2017-06-16 07:03 - 00060920 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avdevprot.sys
2017-06-15 15:03 - 2017-06-15 15:03 - 00517064 _____ C:\Users\xxx y xxx\Downloads\anschriftenaenderung.pdf
2017-06-15 13:53 - 2017-06-15 13:53 - 00047023 _____ C:\Users\xxx y xxx\Downloads\medipreis-produktsteckbrief-selergo-1-creme-20-g-almirall-hermal-gmbh-06714060.pdf
2017-06-15 01:10 - 2017-06-15 01:10 - 00000000 ____D C:\WINDOWS\Panther
2017-06-14 20:47 - 2017-06-14 20:47 - 00000000 ___SD C:\WINDOWS\UpdateAssistantV2
2017-06-14 20:31 - 2017-06-14 20:32 - 1281774100 _____ C:\Users\xxx y xxx\Downloads\Tatort_17.06.11_20-15_ard_90_TVOON_DE.mpg.HD.avi
2017-06-14 19:26 - 2017-06-03 11:22 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcorehc.dll
2017-06-14 19:25 - 2017-06-03 12:11 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-06-14 19:25 - 2017-06-03 11:58 - 00340832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-06-14 19:25 - 2017-06-03 11:55 - 00780640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-06-14 19:25 - 2017-06-03 11:52 - 00607072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2017-06-14 19:25 - 2017-06-03 11:52 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2017-06-14 19:25 - 2017-06-03 11:49 - 20967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-14 19:25 - 2017-06-03 11:39 - 05686272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-14 19:25 - 2017-06-03 11:33 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-14 19:25 - 2017-06-03 11:31 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2017-06-14 19:25 - 2017-06-03 11:28 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-06-14 19:25 - 2017-06-03 11:26 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBrokerUI.dll
2017-06-14 19:25 - 2017-06-03 11:23 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-14 19:25 - 2017-06-03 11:22 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2017-06-14 19:25 - 2017-06-03 11:22 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpipcfg.dll
2017-06-14 19:25 - 2017-06-03 11:20 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-06-14 19:25 - 2017-06-03 11:19 - 01164288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-06-14 19:25 - 2017-06-03 11:16 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2017-06-14 19:25 - 2017-06-03 11:15 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-14 19:25 - 2017-06-03 11:12 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdProxy.dll
2017-06-14 19:25 - 2017-06-03 11:08 - 12187648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-14 19:25 - 2017-06-03 11:08 - 02643968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-14 19:25 - 2017-06-03 11:08 - 01221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2017-06-14 19:25 - 2017-06-03 11:06 - 03664384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-14 19:25 - 2017-06-03 11:05 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-06-14 19:25 - 2017-06-03 11:04 - 06042624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-14 19:25 - 2017-06-03 11:04 - 00773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-14 19:25 - 2017-06-03 11:03 - 01988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-14 19:25 - 2017-06-03 11:02 - 02997760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-14 19:25 - 2017-03-04 08:22 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-06-14 19:25 - 2017-03-04 08:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2017-06-14 19:25 - 2017-03-04 08:16 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2017-06-14 19:25 - 2016-09-07 06:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2017-06-14 19:24 - 2017-06-03 12:50 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-14 19:24 - 2017-06-03 12:50 - 00192856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-06-14 19:24 - 2017-06-03 12:06 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-14 19:24 - 2017-06-03 11:52 - 01021784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-06-14 19:24 - 2017-06-03 11:44 - 01412640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-14 19:24 - 2017-06-03 11:44 - 00545944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-14 19:24 - 2017-06-03 11:32 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-06-14 19:24 - 2017-06-03 11:31 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-14 19:24 - 2017-06-03 11:28 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2017-06-14 19:24 - 2017-06-03 11:26 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-06-14 19:24 - 2017-06-03 11:15 - 19414016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-14 19:24 - 2017-06-03 11:15 - 18364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-14 19:24 - 2017-06-03 11:05 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hnetcfg.dll
2017-06-14 19:24 - 2017-06-03 11:04 - 02006528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-14 19:24 - 2017-06-03 10:40 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-14 19:15 - 2017-06-03 11:14 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-06-14 19:15 - 2017-06-03 10:52 - 03403264 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-14 19:15 - 2017-06-03 10:50 - 02538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-14 19:15 - 2017-06-03 10:49 - 00903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-14 19:14 - 2017-06-03 12:11 - 00128864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-14 19:14 - 2017-06-03 11:59 - 00118112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-14 19:14 - 2017-06-03 11:53 - 00404824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-06-14 19:14 - 2017-06-03 11:50 - 00857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-06-14 19:14 - 2017-06-03 11:49 - 00509280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-06-14 19:14 - 2017-06-03 11:45 - 22220864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-14 19:14 - 2017-06-03 11:44 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-06-14 19:14 - 2017-06-03 11:39 - 02532192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-14 19:14 - 2017-06-03 11:16 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-14 19:14 - 2017-06-03 11:15 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-14 19:14 - 2017-06-03 11:14 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-14 19:14 - 2017-06-03 11:14 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-14 19:14 - 2017-06-03 11:11 - 00353792 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-06-14 19:14 - 2017-06-03 11:10 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-06-14 19:14 - 2017-06-03 11:10 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBrokerUI.dll
2017-06-14 19:14 - 2017-06-03 11:08 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-06-14 19:14 - 2017-06-03 11:07 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-14 19:14 - 2017-06-03 11:03 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-06-14 19:14 - 2017-06-03 10:53 - 08125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-14 19:14 - 2017-06-03 10:52 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-06-14 19:14 - 2017-06-03 10:50 - 04744704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-14 19:14 - 2017-06-03 10:49 - 03615744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-14 19:14 - 2017-06-03 10:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-14 19:14 - 2017-06-03 10:49 - 02318848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-06-14 19:14 - 2017-06-03 10:49 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-14 19:14 - 2017-06-03 10:48 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-06-14 19:14 - 2017-06-03 10:46 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-14 19:13 - 2017-06-03 12:14 - 00136024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-06-14 19:13 - 2017-06-03 12:09 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-06-14 19:13 - 2017-06-03 12:08 - 07783256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-14 19:13 - 2017-06-03 11:59 - 01181024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-06-14 19:13 - 2017-06-03 11:51 - 02187104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-14 19:13 - 2017-06-03 11:51 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-06-14 19:13 - 2017-06-03 11:49 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-06-14 19:13 - 2017-06-03 11:48 - 00857952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2017-06-14 19:13 - 2017-06-03 11:48 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2017-06-14 19:13 - 2017-06-03 11:18 - 22569984 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-14 19:13 - 2017-06-03 11:16 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-06-14 19:13 - 2017-06-03 11:09 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2017-06-14 19:13 - 2017-06-03 11:09 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcorehc.dll
2017-06-14 19:13 - 2017-06-03 11:09 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2017-06-14 19:13 - 2017-06-03 11:08 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-14 19:13 - 2017-06-03 11:07 - 00456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-06-14 19:13 - 2017-06-03 11:00 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-14 19:13 - 2017-06-03 10:56 - 13091840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-14 19:13 - 2017-06-03 10:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2017-06-14 19:13 - 2017-06-03 10:51 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2017-06-14 19:13 - 2017-06-03 10:48 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-06-14 19:13 - 2017-06-03 10:48 - 01131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-14 19:13 - 2017-06-03 10:48 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-14 19:13 - 2017-05-25 07:56 - 00038752 _____ (Microsoft Corporation) C:\WINDOWS\system32\OOBEUpdater.exe
2017-06-14 19:13 - 2017-03-04 08:16 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2017-06-14 19:12 - 2017-06-03 12:14 - 01564512 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-06-14 19:12 - 2017-06-03 12:14 - 00629088 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-06-14 19:12 - 2017-06-03 12:14 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-14 19:12 - 2017-06-03 12:14 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-06-14 19:12 - 2017-06-03 12:14 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-06-14 19:12 - 2017-06-03 12:14 - 00096608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-06-14 19:12 - 2017-06-03 12:14 - 00034648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-06-14 19:12 - 2017-06-03 12:01 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-14 19:12 - 2017-06-03 11:48 - 01112416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2017-06-14 19:12 - 2017-06-03 11:40 - 01566552 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-14 19:12 - 2017-06-03 11:40 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-14 19:12 - 2017-06-03 11:22 - 07217152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-14 19:12 - 2017-06-03 11:14 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-14 19:12 - 2017-06-03 11:10 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-06-14 19:12 - 2017-06-03 11:07 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\HNetCfgClient.dll
2017-06-14 19:12 - 2017-06-03 11:06 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2017-06-14 19:12 - 2017-06-03 11:01 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-06-14 19:12 - 2017-06-03 10:52 - 00975872 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-14 19:12 - 2017-06-03 10:52 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2017-06-14 19:12 - 2017-06-03 10:51 - 01418240 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-06-14 19:12 - 2017-06-03 10:49 - 02475520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-14 19:12 - 2017-06-03 10:49 - 01845248 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-14 19:12 - 2017-06-03 10:49 - 00351744 _____ (Microsoft Corporation) C:\WINDOWS\system32\hnetcfg.dll
2017-06-14 19:12 - 2017-06-03 08:08 - 00080078 _____ C:\WINDOWS\system32\normidna.nls
2017-06-14 19:11 - 2017-06-03 12:16 - 00279904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-06-14 19:11 - 2017-06-03 12:14 - 01214816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-06-14 19:11 - 2017-06-03 12:14 - 00544096 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-06-14 19:11 - 2017-06-03 12:14 - 00334176 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-06-14 19:11 - 2017-06-03 12:14 - 00233824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-06-14 19:11 - 2017-06-03 11:59 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-14 19:11 - 2017-06-03 11:54 - 00187232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-06-14 19:11 - 2017-06-03 11:50 - 00381792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-06-14 19:11 - 2017-06-03 11:48 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-06-14 19:11 - 2017-06-03 11:48 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-06-14 19:11 - 2017-06-03 11:39 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-06-14 19:11 - 2017-06-03 11:15 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-14 19:11 - 2017-06-03 11:08 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-06-14 19:11 - 2017-06-03 10:58 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2017-06-14 19:05 - 2017-06-14 19:06 - 1167375480 _____ C:\Users\xxx y xxx\Downloads\
2017-06-11 16:07 - 2017-06-11 16:08 - 00095582 _____ C:\Users\xxx y xxx\Downloads\Briefmarken.2Stk.11.06.2017_1607.pdf
2017-06-11 13:49 - 2017-06-11 13:49 - 00165740 _____ C:\Users\xxx y xxx\Downloads\FILELOAD
2017-06-10 12:49 - 2017-06-10 12:49 - 00001064 _____ C:\Users\Public\Desktop\HiSuite.lnk
2017-06-10 12:49 - 2017-06-10 12:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiSuite
2017-06-10 12:48 - 2017-06-10 12:49 - 00000000 ____D C:\Program Files (x86)\HiSuite
2017-06-10 12:48 - 2017-04-11 04:17 - 00287232 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\hw_quusbnet.sys
2017-06-10 12:48 - 2017-04-11 04:17 - 00226560 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\hw_quusbmdm.sys
2017-06-10 12:48 - 2017-04-11 04:17 - 00127360 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\hw_cdcacm.sys
2017-06-10 12:48 - 2017-04-11 04:17 - 00116864 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\hw_usbdev.sys
2017-06-09 17:25 - 2017-06-09 17:26 - 00766472 _____ C:\Users\xxx y xxx\Downloads\
2017-05-31 18:01 - 2017-05-31 18:01 - 00000000 ____D C:\Users\xxx y xxx\Desktop\IMG_20170521_194740
2017-05-31 18:00 - 2017-05-31 18:00 - 00000000 ____D C:\Users\xxx y xxx\AppData\Roaming\WinRAR
2017-05-31 18:00 - 2017-05-31 18:00 - 00000000 ____D C:\Users\Terra_Nova\AppData\Roaming\WinRAR
2017-05-31 17:59 - 2017-05-31 18:17 - 00000000 ____D C:\Program Files\WinRAR
2017-05-27 15:24 - 2017-05-27 15:24 - 01509200 _____ C:\Users\xxx y xxx\Downloads\
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-06-25 21:13 - 2016-08-06 14:05 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-06-25 21:02 - 2016-11-18 20:01 - 00000000 ____D C:\Users\xxx y xxx\AppData\LocalLow\Mozilla
2017-06-25 21:00 - 2016-08-31 18:35 - 00000000 ____D C:\ProgramData\NVIDIA
2017-06-25 21:00 - 2016-08-06 14:41 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-25 20:59 - 2016-07-16 08:04 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-06-24 14:30 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-06-24 14:22 - 2014-05-30 13:27 - 00000000 ____D C:\AdwCleaner
2017-06-24 10:03 - 2015-09-27 18:33 - 00000000 ____D C:\Users\Terra_Nova\AppData\Local\Packages
2017-06-24 10:02 - 2016-08-06 14:08 - 00000000 ____D C:\ProgramData\Package Cache
2017-06-24 10:02 - 2016-02-13 19:30 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-24 09:33 - 2016-07-16 13:47 - 00000000 ___RD C:\WINDOWS\PrintDialog
2017-06-24 09:30 - 2012-11-18 10:16 - 00000000 ____D C:\Program Files (x86)\GetRight
2017-06-24 07:06 - 2017-01-27 21:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-06-24 07:06 - 2012-11-24 09:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-06-23 13:13 - 2016-07-16 13:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-23 01:19 - 2017-03-18 14:09 - 00000000 ____D C:\Program Files (x86)\StarMoney 11
2017-06-22 17:54 - 2015-05-12 17:44 - 00000000 ____D C:\Program Files (x86)\StarMoney 10
2017-06-18 18:54 - 2016-08-06 14:15 - 02400870 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-18 18:54 - 2016-07-17 00:51 - 00954776 _____ C:\WINDOWS\system32\perfh007.dat
2017-06-18 18:54 - 2016-07-17 00:51 - 00230828 _____ C:\WINDOWS\system32\perfc007.dat
2017-06-18 13:35 - 2016-08-06 14:53 - 00000000 ____D C:\WINDOWS\system32\msmq
2017-06-18 13:33 - 2016-07-16 13:45 - 00000000 ____D C:\WINDOWS\INF
2017-06-17 10:39 - 2014-07-04 22:51 - 00000000 ____D C:\Users\xxx y xxx\AppData\Roaming\vlc
2017-06-16 07:06 - 2012-10-16 14:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-06-16 07:03 - 2016-10-10 18:33 - 00038048 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avusbflt.sys
2017-06-16 07:03 - 2013-03-28 20:12 - 00167504 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2017-06-16 07:03 - 2013-03-28 20:12 - 00164824 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2017-06-15 15:24 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\rescache
2017-06-15 01:11 - 2016-08-06 14:16 - 00000000 ____D C:\Users\xxx y xxx
2017-06-15 01:09 - 2016-08-06 14:05 - 00260872 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-15 01:09 - 2012-05-10 17:52 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-06-15 01:09 - 2012-05-10 17:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-06-14 20:47 - 2016-07-16 13:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-06-14 20:47 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-14 20:47 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-06-14 20:04 - 2013-10-11 16:52 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-14 19:56 - 2012-05-10 17:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-06-14 19:56 - 2012-04-03 18:28 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-14 19:55 - 2016-07-16 13:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-10 20:25 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-06-10 12:49 - 2016-09-03 10:06 - 00000000 ____D C:\Users\Terra_Nova\AppData\Local\Hisuite
2017-06-05 11:51 - 2017-01-15 14:30 - 00000000 ____D C:\Users\Terra_Nova\AppData\LocalLow\Mozilla
2017-06-05 11:51 - 2016-08-06 14:16 - 00000000 ____D C:\Users\DefaultAppPool
2017-06-05 11:51 - 2012-04-06 13:50 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-06-05 11:39 - 2015-11-14 13:54 - 00000000 ____D C:\Users\xxx y xxx\Downloads\Bücher
2017-06-05 11:31 - 2016-10-09 13:44 - 00000000 ___RD C:\Users\xxx y xxx\Downloads\Kurzfilme
2017-06-04 13:37 - 2017-01-01 14:19 - 00000000 ____D C:\Users\xxx y xxx\Documents\korAccount
2017-06-04 13:37 - 2016-04-29 16:53 - 00000000 ____D C:\Users\Terra_Nova\AppData\Local\ElevatedDiagnostics
2017-06-04 13:37 - 2012-04-01 14:57 - 00000000 ____D C:\Users\xxx y xxx\AppData\Roaming\korAccount
2017-06-03 08:36 - 2016-07-16 13:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-03 08:36 - 2016-07-16 13:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-02 21:42 - 2014-08-01 22:52 - 00001143 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-06-02 21:40 - 2016-08-06 14:16 - 00000000 ____D C:\Users\Terra_Nova
2017-05-31 18:08 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\registration
Einige Dateien in TEMP:
====================
2017-06-25 08:17 - 2013-08-16 14:56 - 0026688 _____ (Foxit Corporation) C:\Users\xxx y xxx\AppData\Local\Temp\Checkupdate.exe
2017-06-25 08:17 - 2013-10-22 15:42 - 9577536 _____ (Foxit Corporation) C:\Users\xxx y xxx\AppData\Local\Temp\Foxit Reader Updater.exe
2017-06-25 08:17 - 2013-08-16 14:56 - 0216064 _____ () C:\Users\xxx y xxx\AppData\Local\Temp\gcapi_dll.dll
2017-06-25 08:17 - 2013-08-16 14:56 - 0073408 _____ () C:\Users\xxx y xxx\AppData\Local\Temp\gtapi_signed.dll
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-06-16 16:38
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 25-06-2017 01
durchgeführt von (25-06-2017 21:26:13)
Gestartet von C:\Users\xxx y xx\Desktop\Trojaner
Windows 10 Home Version 1607 (X64) (2016-08-06 13:34:27)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-1972467013-2157606943-3240702937-500 - Administrator - Disabled)
BitBox (S-1-5-21-1972467013-2157606943-3240702937-1004 - Limited - Enabled)
DefaultAccount (S-1-5-21-1972467013-2157606943-3240702937-503 - Limited - Disabled)
Gast (S-1-5-21-1972467013-2157606943-3240702937-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1972467013-2157606943-3240702937-1002 - Limited - Enabled)
xxx (S-1-5-21-1972467013-2157606943-3240702937-1000 - Administrator - Enabled) => C:\Users\xxx
xxx y xx (S-1-5-21-1972467013-2157606943-3240702937-1003 - Limited - Enabled) => C:\Users\xxx y xx
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acronis True Image (HKLM-x32\...\{E5F28743-0DB5-42C1-8B70-5986D88C0BE0}Visible) (Version: 19.0.6581 - Acronis)
Acronis True Image (x32 Version: 19.0.6581 - Acronis) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2540 - Adobe Systems Incorporated)
Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0.3 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Reader X (10.1.15) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.15 - Adobe Systems Incorporated)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.10.1.0 - Asmedia Technology)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.27.34 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{b9b31169-be62-4b82-9e65-d47c99299ba1}) (Version: 1.2.88.24864 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.88.24864 - Avira Operations GmbH & Co. KG) Hidden
Biet-O-Matic v2.14.8 (HKLM-x32\...\Biet-O-Matic v2.14.8) (Version: 2.14.8 - BOM Development Team)
Bitcoin (HKU\S-1-5-21-1972467013-2157606943-3240702937-1000\...\Bitcoin) (Version: 0.8.6 - Bitcoin project)
Browser in the Box (HKLM-x32\...\BitBox) (Version: 4.3.2-r211 - Sirrix AG)
calibre 64bit (HKLM\...\{CDAEDA67-2C58-43F6-832A-D9C4D84347BA}) (Version: 2.53.0 - Kovid Goyal)
Canon iP7200 series Benutzerregistrierung (HKLM-x32\...\Canon iP7200 series Benutzerregistrierung) (Version: - Canon Inc.)
Canon iP7200 series On-screen Manual (HKLM-x32\...\Canon iP7200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon iP7200 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP7200_series) (Version: - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.30 - Piriform)
CloudReading (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.0.27.1025 - Foxit Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Data Lifeguard Diagnostic for Windows (HKLM-x32\...\{E40CE517-0D42-4198-96B4-C8232B257EB5}) (Version: 1.13 - Western Digital Corporation)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
ffdshow [rev 3154] [2009-12-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.1.1031 - Foxit Corporation)
GetRight 5.2d (HKLM-x32\...\GetRight_is1) (Version: - Headlight Software, Inc.)
HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
korAccount (HKLM-x32\...\{ABBF9252-A2F0-4770-8557-FFC357EA0F37}) (Version: 4.0.6.0 - Kornelius)
LibreOffice 5.0.5.2 (HKLM-x32\...\{43D862C3-739D-4FF6-91C0-25612368CC81}) (Version: 5.0.5.2 - The Document Foundation)
Malwarebytes Version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Mozilla Firefox 54.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 54.0 (x86 de)) (Version: 54.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.0.6368 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
NVIDIA 3D Vision Treiber 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 342.01 - NVIDIA Corporation)
NVIDIA Grafiktreiber 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
OLYMPUS Digital Camera Updater (HKLM-x32\...\{2A9E8F56-C31B-4DBB-BFE2-0F4EC8192355}) (Version: 1.0.3 - OLYMPUS IMAGING CORP.)
OLYMPUS Viewer 2 (HKLM-x32\...\{AEE39224-92BE-4389-9493-E57FF73BB96A}) (Version: 1.3.1 - OLYMPUS IMAGING CORP.)
Oracle VM VirtualBox 5.0.20_Sirrix (HKLM\...\{D5D3DA57-5784-4703-845B-7AC08D13C4DE}) (Version: 5.0.20 - Sirrix AG)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6554 - Realtek Semiconductor Corp.)
Recover Keys (HKLM-x32\...\Recover Keys_is1) (Version: 9.0.3.168 - Recover Keys)
Spotify (HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\...\Spotify) (Version: 1.0.45.186.g3b5036d6 - Spotify AB)
StarMoney (x32 Version: 3.0.3.19 - StarFinanz) Hidden
StarMoney (x32 Version: 4.0.2.34 - StarFinanz) Hidden
StarMoney (x32 Version: 5.0.0.226 - StarFinanz) Hidden
StarMoney (x32 Version: 6.0.0.313 - StarFinanz) Hidden
StarMoney 10 (HKLM-x32\...\{4A1988CE-0DEA-412B-8624-31A260263254}) (Version: 10 - Star Finanz GmbH)
StarMoney 11 (HKLM-x32\...\{A0F298D4-9F6A-444D-A434-7C9F6DFF34FF}) (Version: 11 - Star Finanz GmbH)
StarMoney 9.0 (HKLM-x32\...\{E3F4EED3-A8DB-4751-9BAC-2C54B2EC12C0}) (Version: 9.0 - Star Finanz GmbH)
STRATO HiDrive (remove only) (HKLM-x32\...\STRATO HiDrive) (Version: - STRATO AG)
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
VoipConnect (HKLM-x32\...\VoipConnect_is1) (Version: 4.13 build 732 - Finarea S.A. Switzerland)
VoipGain (HKLM-x32\...\VoipGain_is1) (Version: 4.09 build 660 - Finarea S.A. Switzerland)
Windows 10-Upgrade-Assistent (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17349 - Microsoft Corporation)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows-Treiberpaket - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/11/2009 2.0.0010.00002) (HKLM\...\2F30E6DAC57CFBE9B670FFE89D9E2009ACA4666C) (Version: 08/11/2009 2.0.0010.00002 - Google, Inc.)
Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)
WISO steuer:Sparbuch 2016 (HKLM-x32\...\{9CD347AD-C3CB-40AA-B693-0D090B309F7C}) (Version: 23.00.1146 - Buhl Data Service GmbH)
WISO steuer:Sparbuch 2017 (HKLM-x32\...\{6B95FF21-CEC5-41B6-A36F-D40B0CE3F561}) (Version: 24.00.1375 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{66D1331F-5388-486F-BF77-847F6CBD0043}) (Version: 21.00.8480 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2015 (HKLM-x32\...\{1D311707-0AAB-43F6-A9B3-468555554C19}) (Version: 22.00.8811 - Buhl Data Service GmbH)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {0101F20B-D273-42D7-BC11-0C2E82F4A4C7} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {047A26EA-E65C-4BEC-90DE-CA3BBE92BBB4} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0E9DA4C4-D39A-4D98-B803-942DBDB9359D} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {169EABC2-63A7-46F4-B474-FC1BEF7CAF7A} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {17B53C2E-5E20-4023-A946-F5122CE7B583} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {20A80F12-7846-4E07-9AC7-7E9825AFC1E4} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {282DA29B-55E0-437B-824F-DC4D02686C48} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {2BD99794-C7B1-4DA7-9DA8-08DE8CC227DE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-05-19] (Piriform Ltd)
Task: {2DBBF6DA-005C-4915-A19A-A329D7297044} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {34B53ED6-3023-4BF4-A0D9-EE26138231A9} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {47B78AAA-9A95-4BAC-8AFA-16CE1DBE4870} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {50DBC6DA-88B7-41C1-8AF7-21E6145AE8DA} - System32\Tasks\{78A448D7-22A9-4CC7-B099-543040F26CC6} => pcalua.exe -a C:\Users\xxx\Downloads\WISOSteuersoftware2012.exe -d C:\Windows\system32
Task: {513D3F3D-8E2B-427B-A539-2EF0932E9490} - System32\Tasks\{FFAF333C-D13E-4797-9E90-81987D85DD73} => C:\Users\xxx y xx\Desktop\bitcoin-0.8.1-win32-setup.exe
Task: {6FD0F5EA-67C0-4869-9CEC-BF7195B08B7C} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {753C47AE-EC5E-44B3-95A9-2C8E553F0E39} - System32\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary => C:\Program Files\Windows Media Player\wmpnscfg.exe
Task: {798F5EF4-937E-4DE3-8A71-78989BA5D897} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8132E3D3-927A-4004-AD9F-F626F91335CA} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8A8E1E0A-E7BC-4CA1-B828-47C746E8CC90} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {A5DD998E-F23F-4A7D-87B5-8B77D4CB81CC} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A97824E0-1CEA-4F24-858F-8030A30D60DA} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AD0A6245-467C-42BA-833F-597FF2C139FE} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {AF866AD2-7F9B-47AE-82B3-D62A6947D4BA} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {B6D591D1-38E7-4439-8D1C-AC587FF1C8A5} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C07510B7-8FD2-437C-A31A-62D5FD02C503} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {C2D1A508-31E4-441A-A131-448375E2748C} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C47DB370-B977-413B-AF68-22B24271957A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C6A19B7F-B746-4532-B74B-CF7B3A14914C} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D0DE78F0-48B4-45D4-A868-6C24698D254D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-17] (Adobe Systems Incorporated)
Task: {DCCA43DD-29F7-401D-AE68-8012D4C0BADD} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {E3F62F4C-1F20-4C11-9083-3216E0A6A0E8} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F766E8FF-8CC1-40BD-BAB4-3726D5020251} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Verknüpfungen & WMI ========================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2016-07-16 13:42 - 2016-07-16 13:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-06-14 19:12 - 2017-06-03 12:01 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-08-31 18:33 - 2016-11-14 13:15 - 00135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-11-20 14:14 - 2016-11-20 14:14 - 04463592 _____ () C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
2017-04-11 04:17 - 2017-04-11 04:17 - 00192200 _____ () C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
2016-10-14 15:31 - 2016-10-14 15:31 - 01244408 _____ () C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
2017-06-24 14:46 - 2017-05-25 14:11 - 02270664 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-08-06 15:48 - 2016-08-06 15:48 - 00959168 _____ () C:\Users\xxx y xx\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\ClientTelemetry.dll
2016-09-15 17:14 - 2016-09-07 06:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-15 21:20 - 2017-03-04 08:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-15 21:21 - 2017-03-04 08:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-15 21:21 - 2017-03-04 08:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-15 21:21 - 2017-03-04 08:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-06-14 19:12 - 2017-06-03 10:47 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-06-14 19:12 - 2017-06-03 10:47 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-06-14 19:12 - 2017-06-03 10:51 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-04-16 12:56 - 2016-04-16 12:56 - 09698296 _____ () C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
2017-06-21 10:11 - 2017-06-21 10:11 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-06-21 10:11 - 2017-06-21 10:11 - 00203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-06-21 10:11 - 2017-06-21 10:12 - 43454464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-06-21 10:11 - 2017-06-21 10:11 - 02437120 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\skypert.dll
2014-08-01 19:14 - 2011-01-13 12:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney 9.0\ouservice\PATCHW32.dll
2017-03-18 14:12 - 2016-01-28 16:33 - 01060160 _____ () C:\Program Files (x86)\StarMoney 11\ouservice\libxml2.dll
2017-03-18 14:12 - 2017-01-23 18:49 - 00232800 _____ () C:\Program Files (x86)\StarMoney 11\ouservice\PATCHW32.dll
2015-08-11 15:36 - 2015-08-11 15:36 - 00024896 _____ () C:\Program Files (x86)\Common Files\Acronis\Infrastructure\core_workers_shared_context.dll
2016-10-14 15:25 - 2016-10-14 15:25 - 00037808 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
2016-10-14 15:48 - 2016-10-14 15:48 - 04355264 _____ () C:\Program Files (x86)\Common Files\Acronis\Infrastructure\atih_mms_addon.dll
2015-08-23 15:59 - 2015-08-23 15:59 - 00606672 _____ () C:\Program Files (x86)\Common Files\Acronis\Infrastructure\sqlite3.dll
2016-10-14 15:47 - 2016-10-14 15:47 - 20605872 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers.dll
2015-11-16 18:05 - 2015-11-16 18:05 - 00126928 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\afcdpapi.dll
2016-04-16 12:45 - 2016-04-16 12:45 - 00248240 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\sync_agent_api.dll
2016-12-13 19:27 - 2016-01-28 16:33 - 01058624 _____ () C:\Program Files (x86)\StarMoney 10\ouservice\libxml2.dll
2016-12-13 19:27 - 2011-01-13 11:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney 10\ouservice\PATCHW32.dll
2010-12-23 12:06 - 2010-12-23 12:06 - 00028672 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\cx_Logging.pyd
2012-10-27 16:21 - 2012-10-27 16:21 - 00098816 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32api.pyd
2012-10-27 16:20 - 2012-10-27 16:20 - 00110080 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\pywintypes27.dll
2012-10-27 16:20 - 2012-10-27 16:20 - 00018432 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32event.pyd
2012-10-27 16:20 - 2012-10-27 16:20 - 00119808 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32file.pyd
2012-10-27 16:21 - 2012-10-27 16:21 - 00167936 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32gui.pyd
2012-10-27 16:20 - 2012-10-27 16:20 - 00024064 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32pipe.pyd
2012-10-27 16:20 - 2012-10-27 16:20 - 00035840 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32process.pyd
2012-10-27 16:20 - 2012-10-27 16:20 - 00017408 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32profile.pyd
2012-10-27 16:20 - 2012-10-27 16:20 - 00108544 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32security.pyd
2012-10-27 16:21 - 2012-10-27 16:21 - 00022528 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32ts.pyd
2012-10-27 16:22 - 2012-10-27 16:22 - 00364544 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\pythoncom27.dll
2012-10-27 16:23 - 2012-10-27 16:23 - 00320512 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32com.shell.shell.pyd
2014-06-30 17:04 - 2014-06-30 17:04 - 00087552 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\_ctypes.pyd
2014-06-30 17:04 - 2014-06-30 17:04 - 00715264 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\_hashlib.pyd
2014-06-30 17:03 - 2014-06-30 17:03 - 00046080 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\_socket.pyd
2014-06-30 17:04 - 2014-06-30 17:04 - 01160704 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\_ssl.pyd
2012-10-27 16:20 - 2012-10-27 16:20 - 00025600 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32cred.pyd
2014-04-14 16:06 - 2014-04-14 16:06 - 00055510 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\pacparser._pacparser.pyd
2014-04-14 16:06 - 2014-04-14 16:06 - 00976827 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\pacparser.dll
2012-10-27 16:20 - 2012-10-27 16:20 - 00011264 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32crypt.pyd
2012-10-27 16:20 - 2012-10-27 16:20 - 00064512 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32net.pyd
2016-10-14 15:25 - 2016-10-14 15:25 - 00445872 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2016-10-14 15:23 - 2016-10-14 15:23 - 00115632 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\EXPAT.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1972467013-2157606943-3240702937-1000\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\Control Panel\Desktop\\Wallpaper -> D:\Fotos\Gran Canaria 2017\IMG_20170401_115843.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk => C:\Windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.CommonStartup
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: AcronisTimounterMonitor => C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: FileHippo.com => "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background
MSCONFIG\startupreg: OV2_Monitor => "C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 2\FirstStart.exe" /OS
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TrueImageMonitor.exe => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
MSCONFIG\startupreg: VoipConnect => "C:\Program Files (x86)\VoipConnect.com\VoipConnect\voipconnect.exe" -nosplash -minimized
MSCONFIG\startupreg: VoipGain => "C:\Program Files (x86)\VoipGain.com\VoipGain\VoipGain.exe" -nosplash -minimized
HKLM\...\StartupApproved\StartupFolder: => "WISO Mein Steuer-Sparbuch heute.lnk"
HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor"
HKLM\...\StartupApproved\Run32: => "TrueImageMonitor.exe"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1000\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1000\...\StartupApproved\Run: => "VoipConnect"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1000\...\StartupApproved\Run: => "VoipGain"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1972467013-2157606943-3240702937-1003\...\StartupApproved\Run: => "OV2_Monitor"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Wiederherstellungspunkte =========================
19-06-2017 18:54:08 Geplanter Prüfpunkt
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: TAP-Win32 Adapter V9
Description: TAP-Win32 Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Realtek RTL8191SU Wireless LAN 802.11n USB 2.0 Network Adapter
Description: Realtek RTL8191SU Wireless LAN 802.11n USB 2.0-Netzwerkadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTL8192su
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (06/25/2017 08:51:56 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest.
Error: (06/25/2017 08:50:56 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest.
Error: (06/25/2017 08:49:32 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "c:\program files (x86)\eset\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest.
Error: (06/25/2017 03:13:49 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest.
Error: (06/25/2017 03:11:59 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest.
Error: (06/25/2017 03:11:17 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\xxx y xx\Desktop\esetsmartinstaller_deu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest.
Error: (06/25/2017 03:11:10 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\xxx y xx\Desktop\esetsmartinstaller_deu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest.
Error: (06/25/2017 03:10:48 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\xxx y xx\Desktop\esetsmartinstaller_deu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest.
Error: (06/25/2017 03:10:46 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\xxx y xx\Desktop\esetsmartinstaller_deu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest.
Error: (06/25/2017 03:07:21 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\xxx y xx\Desktop\esetsmartinstaller_deu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest.
Systemfehler:
=============
Error: (06/25/2017 09:02:54 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
und der APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (06/25/2017 09:00:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "NetTcpActivator" ist vom Dienst "NetTcpPortSharing" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
Error: (06/25/2017 08:59:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Gruppenrichtlinienclient" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.
Error: (06/25/2017 08:59:08 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst gpsvc erreicht.
Error: (06/25/2017 08:58:55 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Acronis Nonstop Backup Service konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Error: (06/25/2017 08:58:38 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Appinfo erreicht.
Error: (06/25/2017 03:14:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Treiber konnte nicht geladen werden.
Error: (06/25/2017 03:14:11 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\TERRA_~1\AppData\Local\Temp\ehdrv.sys
Error: (06/25/2017 03:14:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Treiber konnte nicht geladen werden.
Error: (06/25/2017 03:14:11 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\TERRA_~1\AppData\Local\Temp\ehdrv.sys
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz
Prozentuale Nutzung des RAM: 54%
Installierter physikalischer RAM: 4077.64 MB
Verfügbarer physikalischer RAM: 1875.09 MB
Summe virtueller Speicher: 8173.64 MB
Verfügbarer virtueller Speicher: 5279.95 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:536.02 GB) (Free:403.88 GB) NTFS
Drive d: (Volume) (Fixed) (Total:709.88 GB) (Free:485.89 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 210D2946)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=536 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=861.1 GB) - (Type=05)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)
==================== Ende von Addition.txt ============================
r. |
|
| Themen zu Windows 10: Malwarebyte findet Trojan.Agent.BHO |
| board, browser, bösartige, code, computer, entferne, entfernen, erkannt, explorer, files, folge, folgende, gestartet, helper, kostenlose, laufen, log, malwarebytes, microsoft, neu, software, trojaner, trojaner board, websites, windows |
und 
und speichere die Logdatei auf Deinem Desktop.
Linear-Darstellung
